last executing test programs:

10.945141773s ago: executing program 3 (id=1173):
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x9b0000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x9b0905, 0xfffffff7, '\x00', @p_u8=&(0x7f00000000c0)}})
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040))

10.712465976s ago: executing program 0 (id=1175):
bpf$PROG_LOAD(0x5, &(0x7f0000001580)={0x0, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001280)=ANY=[@ANYBLOB="b702000001040000bfa30000000000000703000000feffff7a0af0fff8bffffd79a4f0ff00000000b7060000ffffffff2d640500000000006502040001001f000404000001007d60b7030000000000006a0a00fefdff00008500000026000000b7000000000000009500000000000000c743a0c8e3ebbadc20e5a7efcc9ac1467fb2ea80dbcf8df265e1b40e4c8afd5c0c000000008da68076774bbcdb2c769937000090af27db5b56024db96bcbbbd2cb2000ce03000000000000007e357754508535766c80114604a86fe569b05614eab9297eb290a248a120c9c6e39f403ff065fd3052aae80675eeba68562eaeaea5fecf298ca20f274233106eab63ecf772de7b265040b6c50b7420b48a93fe94c756108afcd0b2eb78040000005f02a5a6474ae549070004000000001294fba0ed5020e6474ac921fee1f6d8ad6a80d0947cd6d4a561ced21a0b4a902be6af7ec2d1ba002e57f301000000000000000000000000100000aaf25343063e6581f9e6de14ad72e5ad84309f47f96a576cd20cef7ed951a73ea73d7c7f14e306f1f1d1377e57bbb19700f0077e9d0000b93eb0f2c6f8141e350dc68147e5958128d22d58625cf9dba211bfff9c3709c9b134625d3d2369f516a49eeeb1a662c8dfb875bdf5c6ba73cccdfacb202994c40d322717faff03323dce8a34ee0ca2cf61efb4b30000642735d6d482ba98d252f36c54333a8b1aa736369392b9067665339820f5f1557b0bf7cc06a5a13c714e0b1a1f000000ff3283076cda3d0b1a2905cfc3d04f1db264b530abcbe44bc405f600807970727fb819afa1907228fa9e83433eedb4ac88d0285594ffb0d14c09d5c77f33702822b02488ea570204c8441ced81cacf945dcb2486d65ceec8bcaffbe800a041a378b40dc9e3600e916ae6307bd8325a442095bc9a8b0c95905979f34adddbb26f0d24425c8ab9d937d84b521914f92eed3d3e9de82942a952e86b567aff5bc2e3c1fcc00f618363df5d0d181ee8f4b8fd356c9eb365adc037e443820c05c5db16ff07a9cf471e2ebf91ab00a05f88c1cd55f8c81f5eb1f8d615ca27efb2193bb61665a1ce37f30c2efc9c3b5a4a5d95479fac471ba60fbd0e50225563cd37343d09da72472efc2b2877fbab12a891513e5f0763ae06c0610a2869747c143d7500760600f3ffb2310e19ac58bf29d7f178d09a9f634a3ae492f54649589e3692768a0f3a08ff275df45508ad85950d8e08465fa1067ea8f383b3e7a7ddf5977d46f4bc38f914b4a496426d8468f9ba618b6b2218b50c8fc9efbce3ba799cf70de7e13be871aa7eb402e2b11f440361e18d4e334bfc6ae54e62e67a03b4c756c544189e4519a029674e2a2bbbc7f6600000000000800000e5e30b70b1eb176d3a62660600000030a0af132e680510811d3ab71af5d98e2d3d928a749e8b9402d14655612bd58fb40b4625cb69bf6cea97b447f2d970d99100000000086000001b881afb2cc500003a73562af4878f75b4c98274eeb666aa1f5fcf91990cf0dcfef9540057b8a3fff2bc02c5941626d2015f414546e87835ba18e9101734a9e9c6955fc6b9a25fe2a3dd8bab7f21beccba5493a164c663eceed401737c12c65804712236a9a29a43b1e27e9b6816f2328ea8423121f12b7b35aa721fef26934ccafde573bee5c33ef15309f43cbd5d61aa679a9c402d337ebf57a5eacb569401c1df7b9c45b09743c61d1db37f0000000000020000000061d7d6818db785d8ba13dc577fe61a68eb365de5661f43d4c789bb117a3d208ae44a381b718b3157e218959156ff8e92b7e92bc275d2c9114547351a0d0f2a70d13be0194b6cb68b03000000000000004f153bbc7f52861e4e5df0d19e4e40ac44cfda6f87807e5b5ed7072c04da88afd3d4b79f060e004a0e2f00b9e726ac75d2ac0691314c627e9a8a07bdd607919fd48f01ad6d2f7621d9a75b134f1bc25ed7c33d411a5baa4daa3add16afc502b2b7629541d722e91d631e5ffb9d4beb5aa5a2c4e490a5bd5cf4538ba310b8cbc221af38ea842d4cb908bcd574f794459fd54b58c6a791e6df620047bade4ba41ee0141843958479544619f749ff70088b0fd115077f7eff7c5a3315ca604d110df1c54407f191a78d8362e4dc6e1138391c2af2b96779bb76c9f1daea4f085f38810edef6dd047937c231cba791a4e7713c5b3b0a0b6ba37db5016e02d114d714459d065a79609fea4efebad04edac11aac0e53dd094827453144fa419ee81823d00a90a9058ba740d2f41253a8d01a8c1a7265a084e30ad10d412aee8170a7111d62473e7bd8f3d64fb7ebdd32aada331900000000000000000000000084ef49dd02000000bf48ea48e0e1f463d9dcb285038ec38d5f4969ed0e98a71ac7bf8159a234833a5241722b2d24aa2fa4965d4eb7966fb27d118b6ef3308627e67d42f1041d5e92da28e0a7724ce715854775cbe06c5166f1dac0745f1373156a536cb6394c2c4473e2050cacf693fdf8e305080000001a901ecd90a5f53b8327a485557bc2a147b036477915e600000000034258ebbb6099b597d17ee2fc97ca850b8580b1337016a40566814594c13052b9d2b0741326825f19a24460e545c71e1940c998f39ac04a0c29691a7c8f7a78c1a7590a293c561f304533c638ae635f5ce026f7fa034d8cfe0e11831d4829692beab26891ef583cfcb713a4d3a2d8b958c0875d7e4bdcf98802db086ebcbb9d82fa569a18f06facc2ffe1ea9ae4231e1e503faa2de7f898c97788c4b9c61c70ff92abdf7476cc351156d11c0ada7614f315f4c6cca119d16827d4e864f5a7a9b690272a510c451dc07f391309d02e31e53b2bf0b5f86e776b1bcfe6c85ccd7ddf8a9559d596b5603895f265685fdd11263c946f8ef3ccec1b0d45a47a89b8237cbbdab14e4ca6dc76b2c41e071b93a065c0f5aa718e1cfab29beea78a6bd9a3114f0fb92be9a5862627b4bd99db2c08e4636e43f05f33535d5d1f9bb40e1fd8e5125a3d29b31dd94a6744bbc21722222b976089f073a4d3fcafc6d06518cf0c4fc6c3e3da0000000000000000000000007d3b60775243f2143d9f54804b11102cf0e4c641db1ba8bf75e46ab3a8fdece6562e7ebb3e407f3c7504dfa3da3aecbd49af3d1edeea11cc970416fadeedc8423bfdc85041ac4d8243a1130e6f4cb5bbfed9d095e18c98c7d690e4c491a7ddcd5635bc61dbed719ca28e8ca3f1fbbe588913ed057f1d6e34a79f4dc10df54d1993a5bc5f9ef6dbd339ee4b0b5764169f305e284ef82cc23e9366d4bc7eb45c7230b13433e5240657cb8eba33260147be8620b6d98cc48b000000000000000000000000c1ce872b18984f080100000000000000bd3fded92547d41809b398f36749083a147eb09ff1ed601bd36b873d3947fb223da647052528e0466cb917db7800f7c7000b593fca1903991cca1343882e3a1f60044f11c081dae4fc5bcf20efacdd2c577f4bcda2eea6f75a31dc90eebb6135b6fb824052181b0ad8a49ebf03ccf61d7e39bf6b0762d24d19796016301d1415b5110ba9df7f204aedb2a2e4e621c0553d312b309db67192f98ef7800000d629c04e216afc8fc66616bbf304e452373aa927c2ad6f5417f1b9bc322b802c1a1c42112a92a331cdc113b9ace3ff52ede7a853f9a89002ba070bac2f635a03db3375e5564f1a798bf9c0f8c72725d2eca9b0ec7e453d78ea20eca61530fe574299b393ca144adcb06108dfbb934065a87972739150a8752ac111c4d9062ccb95c54034fbdee131d94dfbaab1854d55665746fb7b47d25e54070b0d14c0a29c57bc4930075e1761913b036d43852c6df9f10e15105b2a1866b598a3577943514db0dce953dcec62139ff3f16066efec5d8cbc0600000000007289be5883aab951ea67cf2ff691d05c1ea91dd569ed9897fe8d88a0a6977dc8955be17e8026aff11c61fa5cc76196c1423cd597345253ba5d5ab46938e8fb23fa7047bc59c4345e912585a8adb5fe2ff51b64a326321b594e3f2d339f4090bdae6b30b62064bacbc155d3c930576f506b093ca7c60957bdfdd6536baaa871cf6a603c736b78761e6463b8ac503e219cc3d98f649602ad24d5667368290ee926fba76ee482a201a03efece3b236f4ee2ffcd5d90d92a2f0c5cea48c87f27c2f1e92988a6508c12f6b7755cc48eb10edafca92cb0260c72295a27a24846d3a2334bd60e94c0fd07e5db0a4964a7fc4e89e11a300510776934e87bb3c21394f46954a012b2a3b0760f5bad1dbd6b466ed7153bd18ee2c0b2353c38df9e0782eb000000000000000000000000001b58cadcc5aaf65e05663985a177aa1d1ea2ad1b8151c7d58f5b92827f550269b3585d98e1394e816a477e52ce2f6de2bd7192f46cf965e774968d151d2bda084b10ec4c8d2c6ab582b1e5e3ed874235ff128c661298ed75879d8a4025ad1c3d9ef6355dc7284c6e648a61da026a777fcc7ae2c60ce64a2f2b0000000000000000000000000000003022110d1230e998429a6fd8f35939a8ae5acc89125539d84b98df6f8ee2ad0b238759bf400ac14c591aefe9660076a494f73b0ea8f3cb4a9c2e4f745a2afb593fabb9481600b2f44e6415153c1f8cf974a226d2700608bb2838ef07d75aed8b082716be3c37f60f48b9995f6325fdaa1c164b1e2bcbde000000000000000000d4fd710a526223440f9df8d22bf9224e4b71b0757dbc8311a2ffbf680a2c09a893ffd79f0a645df3e2dce61e24c28750f50ccb9244fdb344773f79483ec0b6936fd853fda9ee154914a00831cf4bf6f9e6fe6cdfab5ab31de15450e6e703316d9597100d83d0444d511ec95edfc460461eef194209655b2a966078be83da84fe699fa66295c9995c869c18501c3d3bf6b17e5b2211c4903580dcdc7ea2bf9e3b202d7b01ea0b800868eb22cbb86e927b364c9c5642ea6188f53c36dffecbdeda61ceb3b1c1f4a7bc77e39a9ff7e547cef240c3cf78f61d3e000000000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfe37, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x18000000000002a0, 0xe, 0xa002a0, &(0x7f0000000040)="b907ef19edfff007049e0ff0888e", 0x0, 0x4000, 0x18000000, 0x0, 0x0, 0x0, 0x0}, 0x48)

10.523187076s ago: executing program 0 (id=1177):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'hsr0\x00', &(0x7f0000000280)=@ethtool_gfeatures})
write$binfmt_script(r0, &(0x7f0000000000), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'veth0_vlan\x00', 0x0})

10.522637541s ago: executing program 2 (id=1178):
syz_mount_image$f2fs(&(0x7f00000004c0), &(0x7f0000000080)='./file0\x00', 0x450, &(0x7f0000005f80)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5e0b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2147931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c84268030000000000000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06ad97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c426489b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc565180a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f65b6f83cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096747a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a7332978da70e9050417087c5ae034a735e8b448dd9701404", @ANYRES32], 0x2, 0x5558, &(0x7f0000000a00)="$eJzs3EtvG9UXAPBju2n/ff4jxIJdR6qQEqm26vQh2BVoxUO0qngsWIFju5Zb2xPFrhOyQoIlYsE3QSCxQmLDZ2DBmh1iAWKHBPLMmBLCo5XdOGl/P2l85t65PnPvyEp0ZiwH8MRaTn75qRRn4nhEVCLiVCmy/VKxZa7m4ZmIOBsR5T9tpaL/j46jEXEiIs5Mkkd8PczHTA59en587vKPr/381bfHjpz87MvvFrdqYNGejYj+Rr6/1c9j2snjnaK/Me5msX9pXMT8QP9u0U7zuNVezzJsNabjGlm82MnHpxv3hpN4u9doTmKnezvr3xjkJxyOO9M82RvuNDazdqu9nsXuMM1iZyef1/ZO/vdyZzjK87SKfO9n6WM0msa8v73dztezcTeLzcGo6M/zpq329iSOi1icLpppr5XNY32WK32wvd4d3NtOxu3NYTcdJJdr9edq9SvV+mbaao/al6qNfuvKpWSl05sMq47ajf7VTpp2eu1aM+2vJiudZrNarycr19rr3cYgqddrF2sXqpdXi73zycs33056rWRlEl/sDu4d7faGye10M8nfsZqs1S4+v5qcqydv3riV3Hrj+vUbt95699o7N1+48epLxaA900pW1i6srVXrF6pr9dUDsP7J/90HXP9olvV/VEz6IdZfmu3ywL/zAQN4aHvq/5hv/V8J9T+w12Gv/2Oe9f+kpFL//3f9W569/p+p/j2o9f8hXj/MRP0PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDE+n7p81eyneW8fbLoP110PVW0SxFRjojf/kYlju7KWSnyLP3D+KW/zOGbUmQZJuc4VmwnIuJqsf36/0d9FQAAAODx9cUHZz/Jq/X8ZXnRE2I/5Tdtyqfem1O+UkQsLf8wp2zlycvTc0qWfb6PxPacsmU3sP43p2T5Lbcj88r2QCrT8OHp+53Zgkp5KO/rdAAAgH1R2RX2twoBAABgP3286AmwGKWYPsqcPgvOvnl//9Hm8V3HAAAAgEOotOgJAAAAAI9cVv/7/T8AAAB4vOW//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzv3kpg1EcQB+NhjoPxVV3fcq3cExeoQuuywcoJfgCPQKuQBnILvss4kgwh4hOQIpCuNYoO+TbDM2+s0MsHljYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSfbWe///749+lObv9ZfLMBgAAADhlW63n9Ytp0/6Uzn9Jp76ldhERZUScqt0HMWplDlJOdeb91Ysx3EXUCYc+xmn7GBE/0/b0tetPAQAAAG7XZrmaNdV6s5v2PSDeU7NoU37+lSmviIhq+pAprTzsvmcKq3/fw/iTKa1ewJpkCmuW3Ianr41yddI2aB3STCaL+kusW2U3/QIAAH1qVwJnqhAAAABuwO++B0A/iuPueJ9x3BzSDcEPrRYAAABwhYq+BwAAAAB0rq7/r+H5f4/+lgAAAABv1jz/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/V8s1zNzl1fvDJnt79MvhkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8sz/3KBACYQxAs4u/ncz9DysRLa1t3oOBkDDFBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8OZ3v/yfcDVHkqltw9x6JFk6NaydGrbODXs/jK+vAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABO9uclBUIgCKJgzvjfSd//sJKgZxAhAhoeVdSiAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+6He//J+YGmeSudPG0vFIsnbV2Lpq7D1oHD0Yb/8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudu6fN24yDAD4c77z9Q8gQkAZAqhIDLDQ5FpaOsIAihj4CEhReimBK4U2A60iUBaYUOYuCEaEkEBh63fo3EhdytYhQ5CYQfbZV7e90qM09tH8ftJ773O2877P67OiPLETAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKO2+Ey8lRdzOXmaGcbntxt7GStbv3NNnrm3dnM9aFrceNtE3bz/+5Kfby9U3x+Yqb76qPxkAAAAOhnZZ30fErXR7KeuTmbz+T8tjspr/+2eGcVnP31v37+xtHC52zZf1/2+/3n5hNNHMcJ5s0NW1QX/x/lQ6+7TEqffsQ4/o5Gc+/91LO/9Akvc3n99N8/PZ+vb69Xe7eXiojmwBgEdxvOyLoPx5KOt7TSYGwIHRqRTeZf3fnmk2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA67G7GU2Xcioj5zp04s7O3sTKuv7Z1c75sp69e3aqOmQ2RRsTq2qCf1riWaXfp8pVPlgeD/sWxQcQDd/334FhE7M/IDwhizK4PJ/jyiH8+prg8o55V/LugNR1pNBokxedTbOnWe9Xtb1Bee49/5Ia+IQEA8MRKi5bV9bfS7aVsW2s24q8f7q7/X6vEMWH9f/uj0zeqc1Xr/15tK5x+C+vnP1u4dPnKG2vnl8/1z/U/ffNE763eyTOnTp1ZyM7V4sJqJP3FptMEAADgf6xbtGr9n8zef///aCWOCev/z7/rfVmdq63+H+vOTb+mMwEAADiIuqPouVf+/KM15ohWtxtfLK+vX+wNX0fvTwxfa033ER0qWrX+b882nRUAAABQh93N1l33/89W4pjw/v/TP774c3XMdkQcibgQEf3jKxcGZ+tbzlSr4w+V84m6Ta8UAACAphwpWvX+f5o//5+MHnlIIuL1V4dx+b+uJqn/2+99/VN1rurz/yfrW+JUSuaG5yPv5yI6c01nBAAAwJPscNGyYv/3dHvp41+OftD1/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3f4OAAD//1AjNPw=")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
ftruncate(r1, 0x12081ff)
fallocate(r0, 0x8, 0x4000, 0x1000)
creat(&(0x7f0000000100)='./bus\x00', 0x0)

10.411655059s ago: executing program 0 (id=1180):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)

9.255142684s ago: executing program 4 (id=1184):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd)
io_setup(0x5, &(0x7f0000000200)=<r2=>0x0)
io_submit(r2, 0x3, &(0x7f0000000780)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}])

9.254562747s ago: executing program 3 (id=1185):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9506, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

8.927571018s ago: executing program 3 (id=1187):
renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x270, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="0203"], 0x10}}, 0x0)
io_submit(0x0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}])
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x58)
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0}})

8.747121055s ago: executing program 3 (id=1188):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ab9fd540501d6f60d49fbc0000010902120001000040000904"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000180)={0x0, 0x0, 0x28, "5ee1807c7c7a3313283e8e08159bf8b62ce6af3b9e6d915da994573c00db680b023fea61eaafe6e7"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00('], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

8.746579237s ago: executing program 4 (id=1189):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x304}, "41328ac34a4ad2ba", "e8582491a0c4050000000000f6542a9b680000000000000000a45b4e00", "0000ff00", "dfa27021fe106750"}, 0x38)
setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000040), 0x4)

8.499141327s ago: executing program 4 (id=1191):
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1008002, &(0x7f0000000100)={[{@grpquota}, {@delalloc}, {@resuid}, {@debug}, {@dioread_nolock}, {@jqfmt_vfsold}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5de, &(0x7f00000014c0)="$eJzs3c9vVNUeAPDvnf6gpfBayMt7wkKaGAOJ0tIChhgXsDWkwR9x48ZKCyIFGlqjRRNKghsT48YYE1cuxP9CiWxZ6cqFG1eGhKhhaeKYO723dNo7LR3a3sr9fJKh554zl3Nup9+eM6fn3AmgsgbTf2oR+yJiOonoT+YXyzojKxxceN6DPz86mz6SqNdf+z2JJMvLn59kX/uyk3si4scfktjbsbLemblrF8enpiavZsfDs5emh2fmrh2+cGn8/OT5ycujL4yeOH7s+ImRI21d1/WCvNM3332//5OxN7/56q9k5NtfxpI4GS9nT1x6HRtlMAYb35NkZVHfif27N7q6UnRkPydLX+Kks8QGsS7569cVEf+P/uiIhy9ef3z8SqmNAzZVPYmoAxWViH+oqHwckL+3X/4+uFbKqATYCvdPLUwArIz/zoW5wehpzA3sfJDE0mmdJCLam5lrtisi7t4Zu3nuztjN2KR5OKDY/I2IeKoo/pNG/A9ETww04r/WFP/puOBM9jXNf7XN+pdPFYt/2DoL8d+zavxHi/h/a0n8v91m/YMPk+/0NsV/b7uXBAAAAAAAAJV1+1REPF/09//a4vqfKFj/0xcRJzeg/sFlxyv//l+7twHVAAXun4p4qXD9by1f/TvQkaV2N9YDdCXnLkxNHomI/0TEoejakR6PrFLH4U/3ftmqbDBb/5c/0vrvZmsBs3bc69zRfM7E+Oz44143EHH/RsT+wvW/yWL/nxT0/+nvg+lHrGPvs7fOtCpbO/6BzVL/OuJgYf//8K4Vyer35xhujAeG81HBSk9/+Nl3repvN/7dYgIeX9r/71w9/geSpffrmVl/HUfnOuutytod/3cnrzduOdOd5X0wPjt7dSSiOzndkeY25Y+uv83wJMrjIY+XNP4PPbP6/F/R+L83IuaX/d/JH817inP/+7vv11btMf6H8qTxP7Gu/n/9idFbA9+3qv/R+v9jjb7+UJZj/g8WfJGHaXdzfkE4dhYVbXV7AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBJUIuIXZHUhhbTtdrQUERfRPw3dtamrszMPnfuynuXJ9Kyxuf/1/JP+u1fOE7yz/8fWHI8uuz4aETsiYjPO3obx0Nnr0xNlH3xAAAAAAAAAAAAAAAAAAAAsE30tdj/n/qto+zWAZuus+wGAKUpiP+fymgHsPX0/1Bd4h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/gHAAAAAIAnyp4Dt39OImL+xd7GI9WdlXWV2jJgs9XKbgBQGrf4geqy9Aeqy3t8IFmjvKflSWuduZrps49xMgAAAAAAAAAAAABUzsF99v9DVdn/D9Vl/z9UV77//0DJ7QC2nvf4QKyxk79w//+aZwEAAAAAAAAAAAAAG2lm7trF8ampyasSb2yPZmxlol6vX09/CrZLe/7liXwp/HZpz7JEvtfv0c4q73cSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ7J8AAAD//1LPJOw=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_ext_remove_space\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)

8.273367182s ago: executing program 2 (id=1193):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

7.87517382s ago: executing program 0 (id=1195):
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0xfd, 0x0, &(0x7f0000000000))
r0 = creat(&(0x7f0000000240)='./bus\x00', 0xc)
close(r0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x3800048, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

7.157846697s ago: executing program 1 (id=1198):
socket$packet(0x11, 0x2, 0x300)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000500)={@void, @void, @eth={@broadcast, @random="83d40100000e", @val, {@ipv6={0x86dd, @udp={0x0, 0x6, 'MF(', 0x10, 0x11, 0x0, @dev, @rand_addr=' \x01\x00', {[], {0x0, 0x4e22, 0x10, 0x0, @gue={{0x2}}}}}}}}}, 0x4e)

7.157395981s ago: executing program 4 (id=1199):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r1=>0x0})
bind$can_raw(r0, &(0x7f00000005c0), 0x10)
recvmmsg(r0, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)=""/17, 0x11}, {0x0}], 0x2}, 0x4}], 0x1, 0x40010001, 0x0)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4)
sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r1}, 0x10, &(0x7f0000000200)={&(0x7f0000000140)=@can={{}, 0x0, 0x0, 0x0, 0x0, "5b7ba3698f28aaf0"}, 0x10}}, 0x0)

7.13691699s ago: executing program 2 (id=1200):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000080)=@x86={0x7, 0xd, 0x40, 0x0, 0x0, 0x0, 0x6, 0xd, 0xe, 0x5, 0xa1, 0x80, 0x0, 0x1, 0x8, 0x1, 0x17, 0x7f, 0xf7, '\x00', 0x8, 0x7f})
ioctl$KVM_RUN(r2, 0x8004ae98, 0x20e10000)

6.951660113s ago: executing program 0 (id=1201):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0x0, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000040)={@val, @void, @eth={@broadcast, @dev, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "8a2d55", 0x8, 0x0, 0x0, @dev, @dev, {[@srh={0x2f}]}}}}}}, 0x42)

6.895209635s ago: executing program 1 (id=1202):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r0, r1, 0x12}, 0x10)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/tcp_recovery\x00', 0x1, 0x0)
sendfile(r3, r2, 0x0, 0x23b)

6.863525602s ago: executing program 1 (id=1203):
connect$unix(0xffffffffffffffff, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a30000000001400000011"], 0x50}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={{0x14, 0x10, 0x9000, 0x6}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x605, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x64}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)={0x2c, 0xd, 0xa, 0xe01, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}]}, 0x2c}}, 0x0)

6.819932367s ago: executing program 4 (id=1204):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000002d00000085000000500000009500000000000000ac4ed1f05edbf68833674a316d7f4569822b4045cdc5fe3a20f5c8f661d31ddf7d987f3e4f6866d24c7319eb106cecbe6a94a214e1f3905ad9b19b583d0d2bb1454c0c96e79eed4e088632754f52c26e81780a75528dc33fa9b0417b856aa96c4b91ebd0e6510da0a7dea282989e2a84655598cee1d26de40690280c623e412ee3f6841d88d5685d7b4ee2d7f876545e36b5ec25a90461e7ec7a6b300d0a70cc24118baea3d1faa4764db5e0c8a340bfe32282d861ed318ee6a9c14061024493abaee51a81d5d722688ec05777b49d01e6467b8eaf738978e767686c06ba1d04efadf622149950e571a080f812b08b867df1dca55ac242f4e0c03373ce117e2c9a9b41342b3feaefbdc2fe1202dac22ebf30461a5ee7753dd0f2876a75b89eb07b065bd017dadb8e63a60416f5687b05f15fd4b0c26aca16da993ff79ac7107fd1dd81cdd1ba8dcd99de2b7e385c1d02cdb00bf5e2812b9d90ba838c4a7fb9e54d44454e3060850cf9737c3f3e8ba9bc3768a2498b937ff31277593bc9e1456a5b3d258db6011e1e274c7b7a30552b0e914a50a16068afd08064cc16ac036159ae3c871ea5962b36205da33d29b8a83fa0049ec421a4c9d0c650a60687009bed7a8c0ee5b17bdeaf93c71e9d7ecdfffb42d4ba2012206f28cc7871a660e5efd7df407898805673fede7519f5f2a4c36a07ec87d9bface2114be4b0d5dc7e1c8fa94725c05d34eb05d64c70778e7a756878f92e656e72b83ccf2acdd649a8e86fe00ef1bfa037328afd546896fae17a"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x42)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='ext4_sync_file_enter\x00', r1}, 0x10)
write$binfmt_script(r0, &(0x7f0000002dc0), 0x4)

6.731383563s ago: executing program 1 (id=1205):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x7, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x7, 0x0, &(0x7f0000000100)="b9ff0331684426", 0x0, 0x24, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000240), 0x20000000}, 0x20)
bpf$MAP_DELETE_ELEM(0x4, &(0x7f00000000c0)={r0, &(0x7f0000000100), 0x20000000}, 0x20)

6.731087618s ago: executing program 2 (id=1206):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
io_submit(0x0, 0x1, &(0x7f0000002340)=[0x0])
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x10012, r0, 0x0)

6.638077919s ago: executing program 2 (id=1207):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x81, @loopback}, 0x1c)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

6.630033751s ago: executing program 1 (id=1208):
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0200000000000000ffffff"])
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080))

6.567082932s ago: executing program 0 (id=1209):
syz_usb_connect(0x0, 0x24, &(0x7f0000004200)={{0x12, 0x1, 0x0, 0xe2, 0x79, 0x3b, 0x10, 0x5d1, 0x2001, 0x900, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x4d, 0x2f, 0x9c}}]}}]}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f40)=@newlink={0xec, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_AF_SPEC={0xcc, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0x2, 0x0, 0x1, [@IFLA_INET6_TOKEN={0xa, 0x7, @local}]}, @AF_INET={0x30, 0x2, 0x0, 0x1, {0x4, 0x1, 0x0, 0x1, [{0x3}, {0x8}, {0x4}, {0x8}, {0x8}]}}, @AF_INET={0x18, 0x2, 0x0, 0x1, {0x56, 0x1, 0x0, 0x1, [{0x11}, {0x8}]}}, @AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @mcast2}, @IFLA_INET6_ADDR_GEN_MODE]}, @AF_INET={0x28, 0x2, 0x0, 0x1, {0x24, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}]}}, @AF_MPLS={0x4}, @AF_INET6={0x0, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}, @IFLA_INET6_TOKEN={0x0, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_TOKEN={0x0, 0x7, @private1}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE]}, @AF_MPLS={0x4}]}]}, 0xec}}, 0x0)

6.485849861s ago: executing program 2 (id=1210):
syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f0000005600)='./file0\x00', 0x0, &(0x7f0000000500), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
chdir(&(0x7f0000000300)='./file0\x00')
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f4)
r1 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x62242, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x4020940d, &(0x7f000001f9c0)={0x4})

6.39885624s ago: executing program 3 (id=1211):
r0 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x10, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000000)={0x3009, 0x0, 0x3}, 0x18, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r0, 0x0)
r2 = getpgrp(0x0)
tkill(r2, 0x3)

6.268732729s ago: executing program 3 (id=1212):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)

6.268228137s ago: executing program 4 (id=1213):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x4, 0x8, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c250000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000740)={[{@max_batch_time={'max_batch_time', 0x3d, 0x100000}}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@stripe={'stripe', 0x3d, 0x7}}, {@data_ordered}, {@orlov}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@test_dummy_encryption}, {@data_err_abort}, {@minixdf}]}, 0xd, 0x5e8, &(0x7f0000001200)="$eJzs3c1vVFUbAPDnTj9oKe/bQt68igtpYgwkSksLGGJcwNaQBj/ixo2VFkQKNLRGiyaUBDcmxo0xJq5ciP+FEtmy0pULN64MCVHD0sQxd3pv6bR3Wjr9uJX7+yVDzz1nbs+5TJ+eM6fn3AmgsgbTf2oR+yNiOonoT+YXyzojKxxceN6DPz86mz6SqNdf+z2JJMvLn59kX/uyk3si4scfktjXsbLemblrF8enpiavZsfDs5emh2fmrh2+cGn8/OT5ycujL4yeOH7s+ImRI21d1/WCvNM3332//5OxN7/56q9k5NtfxpI4GS9nT1x6HZtlMAYb/yfJyqK+E5tdWUk6sp+TpS9x0llig1iX/PXriognoj864uGL1x8fv1Jq44AtVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsP9UwsTACvjv3NhbjB6GnMDux8ksXRaJ4mI9mbmmu2JiLt3xm6euzN2M7ZoHg4oNn8jIp4siv+kEf8D0RMDjfivNcV/Oi44k31N819ts/7lU8XiH7bPQvz3tI7/np7GUVH8v7Uk/t9us/7Bh8l3epviv7fdSwIAAAAAAIDKun0qIp4v+vt/bXH9TxSs/+mLiJObUP/gsuOVf/+v3duEaoAC909FvFS4/reWr/4d6MhS/2msB+pKzl2YmjwSEf+NiEPRtSs9HlmljsOf7vuyVdlgtv4vf6T1383WAmbtuNe5q/mcifHZ8Y1eNxBx/0bEU4Xrf5PF/j8p6P/T3wfTj1jHvmdvnWlVtnb8A1ul/nXEwcL+/+FdK5LV788x3BgPDOejgpWe/vCz71rV3278u8UEbFza/+9ePf4HkqX365lZfx1H5zrrrcraHf93J683bjnTneV9MD47e3Ukojs53ZHmNuWPrr/N8DjK4yGPlzT+Dz2z+vxf0fi/NyLml33v5I/mPcW5///d92ur9hj/Q3nS+J9YV/+//sTorYHvW9X/aP3/sUZffyjLMf8HC77Iw7S7Ob8gHDuLira7vQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwOKhFxJ5IakOL6VptaCiiLyL+F7trU1dmZp87d+W9yxNpWePz/2v5J/32Lxwn+ef/Dyw5Hl12fDQi9kbE5x29jeOhs1emJsq+eAAAAAAAAAAAAAAAAAAAANgh+lrs/0/91lF264At11l2A4DSFMT/T2W0A9h++n+oLvEP1SX+obrEP1SX+IfqEv9QXeIfqkv8AwAAAADAY2Xvgds/JxEx/2Jv45Hqzsq6Sm0ZsNVqZTcAKI1b/EB1WfoD1eU9PpCsUd7T8qS1zlzN9NkNnAwAAAAAAAAAAAAAlXNwv/3/UFX2/0N12f8P1ZXv/z9QcjuA7ec9PhBr7OQv3P+/5lkAAAAAAAAAAAAAwGaambt2cXxqavJq+4n8dgEb/T5lJ97YGc3YzkS9Xr+evnQ7pT3/8kS+FH6ntGdZIt/r92hnlfP7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWOmfAAAA///JXiFd")

0s ago: executing program 1 (id=1214):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
mount$fuse(0x20000000, &(0x7f0000000580)='./file0\x00', 0x0, 0x223216, 0x0)
sendfile(r1, r0, 0x0, 0x100800001)

kernel console output (not intermixed with test programs):

nned by syz.3.655 (7574)
[  175.275465][ T7574] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  175.291889][ T7574] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  175.295946][ T5286] usb 3-1: Using ep0 maxpacket: 8
[  175.302611][ T7574] BTRFS info (device loop3): using free-space-tree
[  175.385866][ T5286] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  175.394930][ T5286] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.426569][ T5286] usb 3-1: config 0 descriptor??
[  175.505082][ T7606] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.516193][ T7606] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.524948][ T7606] bridge0: entered allmulticast mode
[  175.542824][ T7606] bridge0: port 2(bridge_slave_1) entered forwarding state
[  175.669907][ T7574] BTRFS info (device loop3 state M): max_inline set to 0
[  175.683169][ T7614] loop1: detected capacity change from 0 to 2048
[  175.708653][ T7614] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  175.711585][ T7594] loop4: detected capacity change from 0 to 40427
[  175.727746][ T7594] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  175.735538][ T7594] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  175.745156][ T6566] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  175.749537][   T29] audit: type=1800 audit(1729068244.644:33): pid=7614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.664" name="bus" dev="loop1" ino=1367 res=0 errno=0
[  175.791630][ T7594] F2FS-fs (loop4): Found nat_bits in checkpoint
[  175.936212][ T7594] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  175.943553][ T7594] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  176.029313][ T7594] syz.4.663: attempt to access beyond end of device
[  176.029313][ T7594] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  176.083367][ T7594] syz.4.663: attempt to access beyond end of device
[  176.083367][ T7594] loop4: rw=0, sector=45096, nr_sectors = 8 limit=40427
[  176.325742][  T120] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  176.494907][  T120] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  176.521588][  T120] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  176.553819][  T120] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  176.583624][  T120] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.612772][ T7621] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  176.634933][  T120] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  176.673844][ T5286] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  176.698154][ T5286] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  176.724924][ T5286] asix 3-1:0.0: probe with driver asix failed with error -71
[  176.763952][ T5286] usb 3-1: USB disconnect, device number 6
[  176.764874][ T7640] loop4: detected capacity change from 0 to 64
[  176.901527][  T120] usb 2-1: USB disconnect, device number 5
[  176.943906][ T6995] hfs: request for non-existent node 131072 in B*Tree
[  177.006424][ T7652] warning: `syz.4.679' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  177.378573][ T7655] loop0: detected capacity change from 0 to 32768
[  177.389945][ T7663] loop5: detected capacity change from 0 to 16384
[  177.433001][ T7655] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  177.458753][   T98] I/O error, dev loop5, sector 16 op 0x1:(WRITE) flags 0x8800 phys_seg 1 prio class 0
[  177.519499][   T29] audit: type=1804 audit(1729068246.384:34): pid=7655 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.681" name="/newroot/109/file1/bus" dev="loop0" ino=17058 res=1 errno=0
[  177.657136][ T7655] syz.0.681 (7655) used greatest stack depth: 17232 bytes left
[  177.770358][ T5917] ocfs2: Unmounting device (7,0) on (node local)
[  177.819275][ T7685] loop4: detected capacity change from 0 to 16
[  177.866508][ T7685] erofs: (device loop4): mounted with root inode @ nid 36.
[  178.376691][ T7715] netlink: 4 bytes leftover after parsing attributes in process `syz.4.691'.
[  178.520942][ T7722] 9pnet: p9_errstr2errno: server reported unknown error �����sł�m���6�'�t�T	�#>��r�[�5�ۭ
[  178.638362][ T7673] netlink: 28 bytes leftover after parsing attributes in process `syz.2.686'.
[  178.673500][ T7689] loop0: detected capacity change from 0 to 32768
[  178.691517][ T7689] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.688 (7689)
[  178.753212][ T7689] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  178.791790][ T7689] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  178.811219][ T7689] BTRFS info (device loop0): using free-space-tree
[  178.840253][ T7729] loop4: detected capacity change from 0 to 2048
[  178.890257][ T7729] udf: Bad value for 'lastblock'
[  179.022509][ T7749] loop2: detected capacity change from 0 to 64
[  179.106524][ T5917] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  179.415771][  T120] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  179.587295][  T120] usb 4-1: Using ep0 maxpacket: 16
[  179.597345][  T120] usb 4-1: config 0 has an invalid interface number: 26 but max is 0
[  179.615846][  T120] usb 4-1: config 0 has no interface number 0
[  179.625000][  T120] usb 4-1: New USB device found, idVendor=0130, idProduct=0130, bcdDevice=a7.1c
[  179.644575][  T120] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.652914][  T120] usb 4-1: Product: syz
[  179.684730][  T120] usb 4-1: Manufacturer: syz
[  179.705084][  T120] usb 4-1: SerialNumber: syz
[  179.708294][ T7725] loop1: detected capacity change from 0 to 40427
[  179.734299][  T120] usb 4-1: config 0 descriptor??
[  179.741160][ T7725] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x1fffff
[  179.748296][  T120] gspca_main: spca508-2.14.0 probing 0130:0130
[  179.774395][ T7725] F2FS-fs (loop1): invalid crc value
[  179.784986][ T7725] F2FS-fs (loop1): Found nat_bits in checkpoint
[  179.931482][ T7725] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  179.955962][  T120] gspca_spca508: reg_read err -32
[  179.978372][  T120] gspca_spca508: reg_read err -32
[  179.980271][ T7751] loop4: detected capacity change from 0 to 32768
[  180.000241][ T7751] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.700 (7751)
[  180.028536][  T120] gspca_spca508: reg_read err -32
[  180.043994][ T7751] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  180.051898][  T120] gspca_spca508: reg_read err -32
[  180.070927][ T7725] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_page of f2fs_get_read_data_page+0xe1/0x8f0
[  180.086077][ T7751] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  180.094780][ T7751] BTRFS info (device loop4): using free-space-tree
[  180.134004][ T6830] syz-executor: attempt to access beyond end of device
[  180.134004][ T6830] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  180.159420][ T6830] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  180.174200][ T6830] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  180.307948][  T120] gspca_spca508: reg write: error -71
[  180.313452][  T120] spca508 4-1:0.26: probe with driver spca508 failed with error -71
[  180.329430][  T120] usb 4-1: USB disconnect, device number 10
[  180.344900][ T5238] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  180.367196][ T5238] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  180.377423][ T5238] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  180.396935][ T5238] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  180.410303][ T5238] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  180.419691][ T5238] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  180.476430][ T6995] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  180.965339][ T7769] loop0: detected capacity change from 0 to 32768
[  180.970636][ T7782] chnl_net:caif_netlink_parms(): no params data found
[  180.985775][   T25] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  181.151073][ T7769] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  181.225807][   T25] usb 2-1: Using ep0 maxpacket: 8
[  181.237470][   T25] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  181.246574][   T25] usb 2-1: config 179 has no interface number 0
[  181.252885][   T25] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  181.273577][   T25] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  181.300223][   T25] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  181.301458][ T7782] bridge0: port 1(bridge_slave_0) entered blocking state
[  181.322311][   T25] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  181.364436][   T25] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  181.381812][ T7769] XFS (loop0): Ending clean mount
[  181.385759][ T7782] bridge0: port 1(bridge_slave_0) entered disabled state
[  181.394032][   T25] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  181.414063][ T7782] bridge_slave_0: entered allmulticast mode
[  181.420681][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.445861][ T7782] bridge_slave_0: entered promiscuous mode
[  181.469666][ T7788] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  181.498267][ T7782] bridge0: port 2(bridge_slave_1) entered blocking state
[  181.522627][ T7782] bridge0: port 2(bridge_slave_1) entered disabled state
[  181.530749][ T5917] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  181.541924][ T7782] bridge_slave_1: entered allmulticast mode
[  181.555722][ T7782] bridge_slave_1: entered promiscuous mode
[  181.655444][ T7782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  181.673858][ T7782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  181.732309][   T25] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input11
[  181.847669][ T7804] loop3: detected capacity change from 0 to 40427
[  181.861643][ T7804] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  181.887048][ T7804] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  181.923428][ T7782] team0: Port device team_slave_0 added
[  182.000414][ T7782] team0: Port device team_slave_1 added
[  182.103970][ T7782] batman_adv: batadv0: Adding interface: batadv_slave_0
[  182.111126][ T7782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  182.137910][ T7782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  182.151089][ T7782] batman_adv: batadv0: Adding interface: batadv_slave_1
[  182.158340][ T7782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  182.184375][ T7782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  182.186084][ T7804] F2FS-fs (loop3): Found nat_bits in checkpoint
[  182.301993][    C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  182.302000][ T5286] usb 2-1: USB disconnect, device number 6
[  182.364439][ T7782] hsr_slave_0: entered promiscuous mode
[  182.373169][ T7782] hsr_slave_1: entered promiscuous mode
[  182.380915][ T7782] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  182.388886][ T7782] Cannot create hsr debugfs directory
[  182.416619][ T7804] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  182.423790][ T7804] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  182.467272][ T7804] syz.3.714: attempt to access beyond end of device
[  182.467272][ T7804] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  182.493542][ T7804] syz.3.714: attempt to access beyond end of device
[  182.493542][ T7804] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  182.530010][ T5238] Bluetooth: hci4: command tx timeout
[  182.656018][    T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  182.691152][ T7782] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.810856][ T7782] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.821840][    T9] usb 1-1: Using ep0 maxpacket: 8
[  182.839111][    T9] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  182.855995][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.873641][    T9] usb 1-1: Product: syz
[  182.895248][    T9] usb 1-1: Manufacturer: syz
[  182.900359][    T9] usb 1-1: SerialNumber: syz
[  182.917011][    T9] usb 1-1: config 0 descriptor??
[  182.981535][ T7782] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.145849][    T9] usb 1-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  183.185109][ T7836] loop3: detected capacity change from 0 to 512
[  183.202316][ T7836] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  183.219793][ T7782] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.280398][ T7836] EXT4-fs (loop3): 1 truncate cleaned up
[  183.301646][ T7836] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  183.404225][ T6566] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.562286][ T7841] mac80211_hwsim hwsim23 wlan1: entered allmulticast mode
[  183.623031][ T7508] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  183.639889][ T7508] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  183.676371][ T7782] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  183.688172][ T7782] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  183.727961][ T7782] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  183.740861][ T7782] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  183.889490][ T7782] 8021q: adding VLAN 0 to HW filter on device bond0
[  183.930381][ T7782] 8021q: adding VLAN 0 to HW filter on device team0
[  183.943821][  T380] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.951024][  T380] bridge0: port 1(bridge_slave_0) entered forwarding state
[  184.007983][ T7495] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.015175][ T7495] bridge0: port 2(bridge_slave_1) entered forwarding state
[  184.377463][    T9] usb write operation failed. (-71)
[  184.392045][    T9] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  184.413931][    T9] dvbdev: DVB: registering new adapter (Terratec H7)
[  184.430629][ T7782] 8021q: adding VLAN 0 to HW filter on device batadv0
[  184.437682][    T9] usb 1-1: media controller created
[  184.446710][    T9] usb read operation failed. (-71)
[  184.462749][    T9] usb write operation failed. (-71)
[  184.489770][    T9] dvb_usb_az6007 1-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  184.521275][ T7782] veth0_vlan: entered promiscuous mode
[  184.532443][    T9] usb 1-1: USB disconnect, device number 7
[  184.552246][ T7782] veth1_vlan: entered promiscuous mode
[  184.602604][ T7782] veth0_macvtap: entered promiscuous mode
[  184.618404][ T5238] Bluetooth: hci4: command tx timeout
[  184.640225][ T7782] veth1_macvtap: entered promiscuous mode
[  184.665576][ T7782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.677525][ T7782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.689332][ T7782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.701041][ T7782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.732780][ T7782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.754608][ T7782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.807667][ T7782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.840910][ T7782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.872635][ T7782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.907165][ T7782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.923419][ T7782] batman_adv: batadv0: Interface activated: batadv_slave_0
[  184.934947][ T7782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.947540][ T7782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.957911][ T7782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.990481][ T7782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  185.011819][ T7782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  185.035765][ T7782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  185.065682][ T7782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  185.086059][ T7782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  185.110279][ T7782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  185.137298][ T7782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  185.161899][ T7782] batman_adv: batadv0: Interface activated: batadv_slave_1
[  185.185898][ T7782] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  185.194645][ T7782] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  185.221543][ T7886] loop0: detected capacity change from 0 to 512
[  185.227983][ T7782] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  185.249294][ T7782] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  185.314147][ T7886] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  185.360077][ T7886] ext4 filesystem being mounted at /120/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  185.483307][ T7499] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.492239][ T7499] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.496545][ T7496] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.512777][ T7496] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.599524][ T5917] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  185.772201][ T7904] loop0: detected capacity change from 0 to 1024
[  185.802020][ T7904] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  186.394902][   T29] audit: type=1326 audit(1729068255.284:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7914 comm="syz.2.748" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b65d7dff9 code=0x0
[  186.591077][ T7910] loop1: detected capacity change from 0 to 32768
[  186.608656][ T7910] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.746 (7910)
[  186.639642][ T7910] BTRFS info (device loop1): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  186.650278][ T7910] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  186.665767][ T7910] BTRFS info (device loop1): using free-space-tree
[  186.685880][ T5238] Bluetooth: hci4: command tx timeout
[  186.775078][ T7499] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  186.814393][ T7499] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[  186.865928][ T7499] EXT4-fs (loop0): This should not happen!! Data will be lost
[  186.865928][ T7499] 
[  186.879436][ T7499] EXT4-fs (loop0): Total free blocks count 0
[  186.885467][ T7499] EXT4-fs (loop0): Free/Dirty block details
[  186.892092][ T7499] EXT4-fs (loop0): free_blocks=68451041280
[  186.898054][ T7499] EXT4-fs (loop0): dirty_blocks=7440
[  186.903364][ T7499] EXT4-fs (loop0): Block reservation details
[  186.909629][ T7499] EXT4-fs (loop0): i_reserved_data_blocks=465
[  186.977052][ T7499] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 2048 with error 28
[  187.123143][ T6830] BTRFS info (device loop1): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  187.458977][ T7922] loop3: detected capacity change from 0 to 32768
[  187.468481][ T7938] loop0: detected capacity change from 0 to 16
[  187.490786][ T7922] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.749 (7922)
[  187.505051][ T7938] erofs: (device loop0): mounted with root inode @ nid 36.
[  187.536553][ T7922] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  187.568820][ T7922] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  187.596185][ T7922] BTRFS info (device loop3): using free-space-tree
[  187.640121][ T7944] loop0: detected capacity change from 0 to 1024
[  187.713956][   T25] IPVS: starting estimator thread 0...
[  187.783957][ T7953] syz.1.751 (7953): drop_caches: 2
[  187.790059][ T7953] syz.1.751 (7953): drop_caches: 2
[  187.818447][ T7960] IPVS: using max 18 ests per chain, 43200 per kthread
[  187.847864][  T380] hfsplus: b-tree write err: -5, ino 4
[  187.860642][ T7965] loop2: detected capacity change from 0 to 1024
[  187.921841][ T7922] BTRFS info (device loop3): setting incompat feature flag for SIMPLE_QUOTA (0x10000)
[  188.127402][ T7972] loop0: detected capacity change from 0 to 24
[  188.155840][   T25] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  188.345867][   T25] usb 3-1: Using ep0 maxpacket: 16
[  188.367867][   T25] usb 3-1: config 0 has no interfaces?
[  188.373433][   T25] usb 3-1: New USB device found, idVendor=056a, idProduct=0022, bcdDevice= 0.00
[  188.384736][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.405829][   T25] usb 3-1: config 0 descriptor??
[  188.645272][ T7965] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  188.664359][ T6566] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  188.677630][ T5316] usb 3-1: USB disconnect, device number 7
[  188.780173][ T5238] Bluetooth: hci4: command tx timeout
[  188.941138][   T29] audit: type=1326 audit(1729068257.834:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7983 comm="syz.0.764" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2284f7dff9 code=0x0
[  189.578962][ T5316] IPVS: starting estimator thread 0...
[  189.673167][ T7997] IPVS: using max 17 ests per chain, 40800 per kthread
[  189.682174][ T7986] loop3: detected capacity change from 0 to 32768
[  190.212286][ T8003] loop0: detected capacity change from 0 to 32768
[  190.351748][ T8003] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  190.690848][ T8018] loop3: detected capacity change from 0 to 1024
[  190.813634][ T5917] ocfs2: Unmounting device (7,0) on (node local)
[  190.821047][ T8018] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  190.880125][ T8010] loop1: detected capacity change from 0 to 40427
[  190.895734][ T8010] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  190.903517][ T8010] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  190.943183][ T8010] F2FS-fs (loop1): invalid crc value
[  190.972377][ T8010] F2FS-fs (loop1): Found nat_bits in checkpoint
[  191.075839][ T8010] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  191.095775][ T8010] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  191.502756][ T8020] loop2: detected capacity change from 0 to 32768
[  191.515924][ T7504] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  191.549109][ T8020] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.778 (8020)
[  191.561919][ T7495] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  191.562139][ T7495] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[  191.562189][ T7495] EXT4-fs (loop3): This should not happen!! Data will be lost
[  191.562189][ T7495] 
[  191.562206][ T7495] EXT4-fs (loop3): Total free blocks count 0
[  191.562221][ T7495] EXT4-fs (loop3): Free/Dirty block details
[  191.562234][ T7495] EXT4-fs (loop3): free_blocks=68451041280
[  191.562251][ T7495] EXT4-fs (loop3): dirty_blocks=6624
[  191.562265][ T7495] EXT4-fs (loop3): Block reservation details
[  191.562279][ T7495] EXT4-fs (loop3): i_reserved_data_blocks=414
[  191.658524][ T7504] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  191.709928][ T7504] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 2048 with error 28
[  191.719353][ T8020] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  191.784589][ T8020] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  191.836517][ T8020] BTRFS info (device loop2): using free-space-tree
[  192.001019][ T8041] loop3: detected capacity change from 0 to 512
[  192.008397][ T5243] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  192.032898][ T5243] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  192.035991][ T8041] EXT4-fs (loop3): blocks per group (64) and clusters per group (20800) inconsistent
[  192.050470][ T5243] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  192.060164][ T5243] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  192.068747][ T5243] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  192.079048][ T5243] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  192.266860][   T29] audit: type=1804 audit(1729068261.164:37): pid=8020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.778" name="/newroot/11/bus/bus" dev="loop2" ino=263 res=1 errno=0
[  192.350425][   T29] audit: type=1804 audit(1729068261.184:38): pid=8020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.778" name="/newroot/11/bus/bus" dev="loop2" ino=263 res=1 errno=0
[  192.506758][ T8037] chnl_net:caif_netlink_parms(): no params data found
[  192.726579][ T8037] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.750289][ T7782] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  192.751555][ T8037] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.798438][ T8037] bridge_slave_0: entered allmulticast mode
[  192.805442][ T8037] bridge_slave_0: entered promiscuous mode
[  192.872247][ T8037] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.889049][ T8037] bridge0: port 2(bridge_slave_1) entered disabled state
[  192.906109][ T8037] bridge_slave_1: entered allmulticast mode
[  192.921216][ T8037] bridge_slave_1: entered promiscuous mode
[  192.956873][ T8067] sctp: [Deprecated]: syz.0.794 (pid 8067) Use of struct sctp_assoc_value in delayed_ack socket option.
[  192.956873][ T8067] Use struct sctp_sack_info instead
[  193.405790][  T120] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  193.450556][ T8037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  193.499271][ T8037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  193.565846][  T120] usb 1-1: Using ep0 maxpacket: 32
[  193.578022][  T120] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  193.595811][  T120] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  193.612171][ T8037] team0: Port device team_slave_0 added
[  193.645674][  T120] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  193.653301][ T8079] loop2: detected capacity change from 0 to 1024
[  193.662146][ T8037] team0: Port device team_slave_1 added
[  193.697614][  T120] usb 1-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  193.729162][  T120] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.745423][  T120] usb 1-1: config 0 descriptor??
[  193.832725][ T8037] batman_adv: batadv0: Adding interface: batadv_slave_0
[  193.833623][ T8079] hfsplus: xattr searching failed
[  193.854719][ T8037] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  193.944263][ T8037] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  193.957279][ T8079] hfsplus: request for non-existent node 62977 in B*Tree
[  193.964652][ T8079] hfsplus: request for non-existent node 62977 in B*Tree
[  194.026282][ T8079] hfsplus: request for non-existent node 62977 in B*Tree
[  194.029572][ T8037] batman_adv: batadv0: Adding interface: batadv_slave_1
[  194.034282][ T8079] hfsplus: request for non-existent node 62977 in B*Tree
[  194.086222][ T8037] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  194.140191][ T5243] Bluetooth: hci5: command tx timeout
[  194.200476][ T8037] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  194.253400][ T7499] hfsplus: b-tree write err: -5, ino 3
[  194.264465][ T8091] loop1: detected capacity change from 0 to 256
[  194.305367][  T120] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5011.0008/input/input12
[  194.404855][  T120] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5011.0008/input/input13
[  194.404997][ T8037] hsr_slave_0: entered promiscuous mode
[  194.419985][ T8093] loop2: detected capacity change from 0 to 512
[  194.445104][ T8091] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  194.458813][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  194.458886][ T1271] ieee802154 phy1 wpan1: encryption failed: -22
[  194.476297][  T120] kye 0003:0458:5011.0008: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.0-1/input0
[  194.510797][ T8037] hsr_slave_1: entered promiscuous mode
[  194.517606][ T8037] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  194.532305][ T8093] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  194.553415][ T8093] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  194.560989][ T8037] Cannot create hsr debugfs directory
[  194.749907][ T8100] use of bytesused == 0 is deprecated and will be removed in the future,
[  194.782479][  T120] usb 1-1: USB disconnect, device number 8
[  194.789480][ T8100] use the actual size instead.
[  194.857172][ T7782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.496845][  T120] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  195.555267][ T8037] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.661357][  T120] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  195.685855][  T120] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  195.712859][  T120] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  195.772178][  T120] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  195.805670][  T120] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.830938][ T8037] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.859686][  T120] usb 3-1: config 0 descriptor??
[  195.914111][ T8102] loop1: detected capacity change from 0 to 32768
[  195.977613][ T8102] JBD2: Ignoring recovery information on journal
[  196.079720][ T8037] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.091750][ T8102] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  196.158394][   T29] audit: type=1800 audit(1729068265.044:39): pid=8102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.798" name="file1" dev="loop1" ino=16946 res=0 errno=0
[  196.207611][ T5243] Bluetooth: hci5: command tx timeout
[  196.255899][ T8104] loop3: detected capacity change from 0 to 40427
[  196.293518][ T8104] F2FS-fs (loop3): invalid crc value
[  196.329225][ T6830] ocfs2: Unmounting device (7,1) on (node local)
[  196.340405][  T120] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  196.349638][  T120] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving
[  196.368697][  T120] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  196.376815][ T8037] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.392576][ T8104] F2FS-fs (loop3): Found nat_bits in checkpoint
[  196.490043][ T8104] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  196.530071][ T8104] syz.3.799: attempt to access beyond end of device
[  196.530071][ T8104] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  196.664946][ T6566] syz-executor: attempt to access beyond end of device
[  196.664946][ T6566] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  196.681910][ T8037] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  196.719584][ T8037] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  196.724569][ T6566] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  196.792864][ T8037] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  196.828229][ T8037] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  197.103119][ T8037] 8021q: adding VLAN 0 to HW filter on device bond0
[  197.173998][ T8037] 8021q: adding VLAN 0 to HW filter on device team0
[  197.213405][ T8083] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.220592][ T8083] bridge0: port 1(bridge_slave_0) entered forwarding state
[  197.276088][ T7504] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.283256][ T7504] bridge0: port 2(bridge_slave_1) entered forwarding state
[  197.793508][ T8037] 8021q: adding VLAN 0 to HW filter on device batadv0
[  197.875881][ T8129] loop1: detected capacity change from 0 to 32768
[  197.913747][ T8129] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.807 (8129)
[  197.986093][ T8129] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  198.017345][ T8129] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  198.033161][ T8128] loop0: detected capacity change from 0 to 40427
[  198.061414][ T8128] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  198.064503][ T8129] BTRFS info (device loop1): using free-space-tree
[  198.082206][ T8128] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  198.129823][ T8128] F2FS-fs (loop0): invalid crc value
[  198.221643][ T8128] F2FS-fs (loop0): Found nat_bits in checkpoint
[  198.276646][ T8132] loop3: detected capacity change from 0 to 32768
[  198.287259][ T5243] Bluetooth: hci5: command tx timeout
[  198.356145][  T838] usb 3-1: USB disconnect, device number 8
[  198.369685][ T8157] kvm: vcpu 2046: requested lapic timer restore with starting count register 0x390=2927474123 (5854948246 ns) > initial count (1287066782 ns). Using initial count to start timer.
[  198.422052][ T8132] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  198.444510][ T8037] veth0_vlan: entered promiscuous mode
[  198.467087][ T8128] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  198.474666][ T8128] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  198.485147][   T29] audit: type=1804 audit(1729068267.384:40): pid=8132 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.806" name="/newroot/103/file1/bus" dev="loop3" ino=17058 res=1 errno=0
[  198.525928][ T8037] veth1_vlan: entered promiscuous mode
[  198.554679][ T8128] syz.0.815: attempt to access beyond end of device
[  198.554679][ T8128] loop0: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[  198.612975][ T8037] veth0_macvtap: entered promiscuous mode
[  198.621863][ T6830] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  198.623913][ T8037] veth1_macvtap: entered promiscuous mode
[  198.646967][ T8037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.657486][ T8037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.667372][ T8037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.677841][ T8037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.687816][ T8037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.698321][ T8037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.708249][ T8037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.719321][ T8037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.729679][ T8037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.740256][ T8037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.750147][ T8037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.760609][ T8037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.771922][ T8037] batman_adv: batadv0: Interface activated: batadv_slave_0
[  198.859088][ T8037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  198.868200][ T8085] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  198.870452][ T8037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.888572][ T8037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  198.899235][ T8037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.909306][ T8037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  198.919943][ T8037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.932119][ T8037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  198.942832][ T8085] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  198.953123][ T8037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.963161][ T8037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  198.973857][ T8037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.983766][ T8037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  198.991650][ T6566] ocfs2: Unmounting device (7,3) on (node local)
[  198.994357][ T8037] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.020805][ T8037] batman_adv: batadv0: Interface activated: batadv_slave_1
[  199.032424][ T8037] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  199.041195][ T8037] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  199.049933][ T8037] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  199.058812][ T8037] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  199.281586][ T8085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  199.289876][ T8085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  199.468607][ T7504] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  199.476653][ T7504] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  199.913489][ T8182] vcan0: tx drop: invalid sa for name 0x0000000000000002
[  200.183322][ T8189] bridge0: port 3(vlan2) entered blocking state
[  200.193511][ T8189] bridge0: port 3(vlan2) entered disabled state
[  200.205436][ T8189] vlan2: entered allmulticast mode
[  200.229228][ T8189] vlan2: left allmulticast mode
[  200.233769][ T8192] loop2: detected capacity change from 0 to 2048
[  200.243556][ T8191] loop4: detected capacity change from 0 to 512
[  200.266537][ T8191] EXT4-fs: Ignoring removed mblk_io_submit option
[  200.275378][ T8192] EXT4-fs: Ignoring removed orlov option
[  200.290109][ T8191] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  200.361847][ T8192] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  200.376085][ T5243] Bluetooth: hci5: command tx timeout
[  200.411584][ T8191] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002]
[  200.444277][ T8200] loop0: detected capacity change from 0 to 128
[  200.453971][ T8197] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  200.493176][ T8191] System zones: 1-12
[  200.494692][ T8200] loop0: detected capacity change from 0 to 1024
[  200.504233][ T8200] EXT4-fs: Ignoring removed i_version option
[  200.517590][ T8200] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  200.528296][ T8191] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.817: corrupted in-inode xattr: e_value size too large
[  200.571614][ T8200] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  200.612036][ T7782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.658540][ T8191] EXT4-fs error (device loop4): ext4_orphan_get:1393: comm syz.4.817: couldn't read orphan inode 15 (err -117)
[  200.736463][ T8191] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  200.892861][ T8181] loop3: detected capacity change from 0 to 40427
[  200.931102][ T5917] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.942177][ T8181] F2FS-fs (loop3): Found nat_bits in checkpoint
[  200.988699][ T8181] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  201.134855][ T8037] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.468567][ T8219] loop4: detected capacity change from 0 to 128
[  201.524065][ T8219] EXT4-fs: Ignoring removed orlov option
[  201.580638][ T8219] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  201.601412][ T8205] loop2: detected capacity change from 0 to 32768
[  201.666677][ T8219] ext4 filesystem being mounted at /2/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  201.763864][ T8205] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  201.886612][   T29] audit: type=1804 audit(1729068270.774:41): pid=8205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.821" name="/newroot/23/file1/bus" dev="loop2" ino=17058 res=1 errno=0
[  202.031222][ T7782] ocfs2: Unmounting device (7,2) on (node local)
[  202.103017][ T8037] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  202.375562][ T8217] loop0: detected capacity change from 0 to 32768
[  202.394064][ T8217] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  202.503942][ T8217] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  202.569270][ T8217] XFS (loop0): Starting recovery (logdev: internal)
[  202.585766][ T5316] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  202.615848][ T8217] XFS (loop0): Ending recovery (logdev: internal)
[  202.858563][ T5917] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  202.890210][ T5316] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4
[  202.905749][ T5316] usb 3-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0
[  202.944707][ T5316] usb 3-1: Manufacturer: syz
[  202.970125][ T5316] usb 3-1: config 0 descriptor??
[  203.238051][ T8249] loop3: detected capacity change from 0 to 32768
[  203.246774][ T8249] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.834 (8249)
[  203.306928][ T8253] loop0: detected capacity change from 0 to 2048
[  203.318291][ T8249] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  203.342386][ T8249] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  203.352581][ T8249] BTRFS info (device loop3): using free-space-tree
[  203.376402][ T8253] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  203.425393][ T5316] gs_usb 3-1:0.0: Configuring for 1 interfaces
[  203.487352][ T8255] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  203.530419][ T8267] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  203.616101][ T8267] EXT4-fs (loop0): Remounting filesystem read-only
[  203.789967][ T6566] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  203.855297][ T8228] loop1: detected capacity change from 0 to 65536
[  203.901945][ T5917] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.952579][ T8228] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  204.048512][  T120] usb 3-1: USB disconnect, device number 9
[  204.239568][ T8289] loop3: detected capacity change from 0 to 512
[  204.248136][ T8228] XFS (loop1): Ending clean mount
[  204.275442][ T8289] EXT4-fs: Ignoring removed i_version option
[  204.318213][ T8228] XFS (loop1): Quotacheck needed: Please wait.
[  204.336881][ T8289] EXT4-fs (loop3): orphan cleanup on readonly fs
[  204.344708][ T8289] EXT4-fs error (device loop3): ext4_orphan_get:1414: comm syz.3.838: bad orphan inode 1
[  204.369124][ T8289] EXT4-fs (loop3): Remounting filesystem read-only
[  204.376961][ T8289] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  204.417279][ T8228] XFS (loop1): Quotacheck: Done.
[  204.708207][ T6851] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.799578][ T8298] loop2: detected capacity change from 0 to 256
[  204.826544][ T8298] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d)
[  204.897611][   T29] audit: type=1326 audit(1729068273.794:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8299 comm="syz.4.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa607f7dff9 code=0x7ffc0000
[  204.945685][   T29] audit: type=1326 audit(1729068273.794:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8299 comm="syz.4.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa607f7dff9 code=0x7ffc0000
[  205.065782][   T29] audit: type=1326 audit(1729068273.794:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8299 comm="syz.4.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fa607f7c897 code=0x7ffc0000
[  205.100730][ T6830] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  205.146091][   T29] audit: type=1326 audit(1729068273.794:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8299 comm="syz.4.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa607f7dff9 code=0x7ffc0000
[  205.240635][   T29] audit: type=1326 audit(1729068273.794:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8299 comm="syz.4.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa607f7dff9 code=0x7ffc0000
[  205.260882][ T8303] netlink: 'syz.2.848': attribute type 16 has an invalid length.
[  205.270821][ T8303] netlink: 'syz.2.848': attribute type 17 has an invalid length.
[  205.328820][   T29] audit: type=1326 audit(1729068273.804:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8299 comm="syz.4.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fa607f7dff9 code=0x7ffc0000
[  205.350902][    C0] vkms_vblank_simulate: vblank timer overrun
[  205.492054][   T29] audit: type=1326 audit(1729068273.834:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8299 comm="syz.4.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa607f7dff9 code=0x7ffc0000
[  205.562279][ T8305] loop1: detected capacity change from 0 to 2048
[  205.577958][ T5238] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  205.583230][ T8305] udf: Bad value for 'lastblock'
[  205.596462][ T5238] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  205.605527][   T29] audit: type=1326 audit(1729068273.834:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8299 comm="syz.4.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=166 compat=0 ip=0x7fa607f7dff9 code=0x7ffc0000
[  205.605572][ T5238] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  205.645892][   T29] audit: type=1326 audit(1729068274.104:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8299 comm="syz.4.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa607f7dff9 code=0x7ffc0000
[  205.669463][   T29] audit: type=1326 audit(1729068274.104:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8299 comm="syz.4.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa607f7dff9 code=0x7ffc0000
[  205.706162][ T5238] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  205.734845][ T5238] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  205.743304][ T5238] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  205.814206][ T8296] loop0: detected capacity change from 0 to 32768
[  206.005831][  T120] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  206.150168][ T8309] chnl_net:caif_netlink_parms(): no params data found
[  206.187364][  T120] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  206.199653][  T120] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  206.210571][  T120] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  206.219719][  T120] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.232702][ T8313] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  206.245346][  T120] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  206.361496][ T8309] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.369056][ T8309] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.376477][ T8309] bridge_slave_0: entered allmulticast mode
[  206.383566][ T8309] bridge_slave_0: entered promiscuous mode
[  206.397791][ T8309] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.405970][ T8309] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.413147][ T8309] bridge_slave_1: entered allmulticast mode
[  206.420065][ T8309] bridge_slave_1: entered promiscuous mode
[  206.486625][ T8309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  206.507634][ T8309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  206.524495][  T838] usb 3-1: USB disconnect, device number 10
[  206.577675][ T8309] team0: Port device team_slave_0 added
[  206.588768][ T8309] team0: Port device team_slave_1 added
[  206.626894][ T8309] batman_adv: batadv0: Adding interface: batadv_slave_0
[  206.633889][ T8309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.685714][ T8309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  206.698392][ T8309] batman_adv: batadv0: Adding interface: batadv_slave_1
[  206.715994][ T8309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.742018][ T8309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  206.788726][ T8309] hsr_slave_0: entered promiscuous mode
[  206.801184][ T8309] hsr_slave_1: entered promiscuous mode
[  206.807553][ T8309] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  206.816511][ T8309] Cannot create hsr debugfs directory
[  206.983706][ T8309] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.075482][ T8309] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.375399][ T8309] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.575946][ T8309] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.667271][ T8335] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  207.752075][ T8345] bond0: entered promiscuous mode
[  207.769355][ T8345] bond_slave_1: entered promiscuous mode
[  207.787953][ T8345] bond0: left promiscuous mode
[  207.808475][ T5243] Bluetooth: hci3: command tx timeout
[  207.810892][ T8345] bond_slave_1: left promiscuous mode
[  208.025831][ T8309] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  208.054558][ T8349] loop0: detected capacity change from 0 to 2048
[  208.061751][ T8349] udf: Bad value for 'lastblock'
[  208.091706][ T8309] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  208.121680][ T8309] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  208.216646][ T8309] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  208.452860][ T8309] 8021q: adding VLAN 0 to HW filter on device bond0
[  208.509733][ T8309] 8021q: adding VLAN 0 to HW filter on device team0
[  208.594358][  T380] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.601560][  T380] bridge0: port 1(bridge_slave_0) entered forwarding state
[  208.639981][ T2566] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.647170][ T2566] bridge0: port 2(bridge_slave_1) entered forwarding state
[  208.755380][ T8309] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  208.795765][ T8309] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  208.911657][ T8347] loop4: detected capacity change from 0 to 32768
[  208.971324][ T8343] loop1: detected capacity change from 0 to 40427
[  209.009614][ T8347] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.862 (8347)
[  209.034914][ T8363] loop0: detected capacity change from 0 to 32768
[  209.047342][ T8343] F2FS-fs (loop1): invalid crc value
[  209.077122][ T8343] F2FS-fs (loop1): Found nat_bits in checkpoint
[  209.111036][ T8363] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.870 (8363)
[  209.124009][ T8347] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  209.137089][ T8347] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  209.148161][ T8363] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  209.159039][ T8363] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  209.169884][ T8347] BTRFS info (device loop4): using free-space-tree
[  209.196202][ T8363] BTRFS info (device loop0): using free-space-tree
[  209.278189][ T8309] 8021q: adding VLAN 0 to HW filter on device batadv0
[  209.285595][ T8343] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  209.371258][ T6830] syz-executor: attempt to access beyond end of device
[  209.371258][ T6830] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  209.430910][ T6830] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  209.461851][ T8309] veth0_vlan: entered promiscuous mode
[  209.531397][ T8309] veth1_vlan: entered promiscuous mode
[  209.632328][ T8309] veth0_macvtap: entered promiscuous mode
[  209.664799][ T8309] veth1_macvtap: entered promiscuous mode
[  209.719246][ T5917] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  209.740873][ T8309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.790649][ T8309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.827096][ T8309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.885819][ T5238] Bluetooth: hci3: command tx timeout
[  209.887051][ T8309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  209.943256][ T8367] loop2: detected capacity change from 0 to 32768
[  209.955703][ T8309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  209.981548][ T8367] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.871 (8367)
[  209.995840][ T8309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.025864][ T8309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.027816][ T8367] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  210.065786][ T8309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.065847][ T8367] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  210.095862][ T8309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.105782][ T8367] BTRFS info (device loop2): using free-space-tree
[  210.123838][ T8309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.141233][ T8309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.174206][ T8309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.184349][ T8309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.207464][ T8309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.220269][ T8309] batman_adv: batadv0: Interface activated: batadv_slave_0
[  210.230980][ T8309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.241846][ T8309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.253051][ T8309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.265235][ T8309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.275451][ T8309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.286445][ T8309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.297782][ T8309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.308962][ T8309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.319166][ T8309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.330097][ T8309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.340286][ T8309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.351186][ T8309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.372856][ T8309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.383905][ T8309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.438721][ T8309] batman_adv: batadv0: Interface activated: batadv_slave_1
[  210.514715][ T7782] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  210.522571][ T8309] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  210.553906][ T8037] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  210.555674][ T8309] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  210.596352][ T8309] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  210.621733][ T8309] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  211.889019][ T5238] Bluetooth: hci2: command 0x0406 tx timeout
[  212.025747][ T5238] Bluetooth: hci3: command tx timeout
[  213.748350][  T380] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  213.759605][  T380] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  213.794906][ T8085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  213.815933][ T8085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  213.901377][ T8431] loop4: detected capacity change from 0 to 164
[  213.947448][ T8439] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  213.986923][ T8439] overlayfs: failed to set xattr on upper
[  213.994113][ T8439] overlayfs: ...falling back to redirect_dir=nofollow.
[  214.003376][ T8439] overlayfs: ...falling back to uuid=null.
[  214.020822][ T8439] overlayfs: maximum fs stacking depth exceeded
[  214.046115][ T5243] Bluetooth: hci3: command tx timeout
[  214.290169][ T8444] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  214.423260][ T8450] loop4: detected capacity change from 0 to 2048
[  214.459076][ T8450] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  214.622546][ T8460] loop0: detected capacity change from 0 to 2048
[  214.633019][ T8460] EXT4-fs: Ignoring removed mblk_io_submit option
[  214.640396][ T8460] EXT4-fs: Ignoring removed nobh option
[  214.671252][ T8458] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  214.676861][ T8460] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  214.749700][ T8458] EXT4-fs (loop4): Remounting filesystem read-only
[  214.844014][ T8460] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.883: bg 0: block 234: padding at end of block bitmap is not set
[  214.869968][ T8460] EXT4-fs (loop0): Remounting filesystem read-only
[  214.925576][ T8471] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  214.954328][ T5917] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.076011][  T120] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  215.113311][ T8037] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.244765][  T120] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  215.263115][  T120] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  215.300026][  T120] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  215.336511][ T8480] netdevsim netdevsim0: Direct firmware load for .cpu/syz1 failed with error -2
[  215.355697][  T120] usb 4-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  215.364806][  T120] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  215.381454][ T8480] netdevsim netdevsim0: Falling back to sysfs fallback for: .cpu/syz1
[  215.409259][  T120] usb 4-1: config 0 descriptor??
[  215.845891][  T120] acrux 0003:1A34:0802.000A: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.3-1/input0
[  215.867262][  T120] acrux 0003:1A34:0802.000A: no inputs found
[  215.873304][  T120] acrux 0003:1A34:0802.000A: Failed to enable force feedback support, error: -19
[  216.032937][ T8492] loop4: detected capacity change from 0 to 8192
[  216.068716][ T8486] loop1: detected capacity change from 0 to 32768
[  216.076936][ T8486] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.907 (8486)
[  216.086251][ T8492] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  216.106424][ T8486] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  216.146050][ T8486] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  216.154742][ T8486] BTRFS info (device loop1): using free-space-tree
[  216.353943][   T29] kauditd_printk_skb: 63 callbacks suppressed
[  216.353961][   T29] audit: type=1800 audit(1729068285.244:115): pid=8486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.907" name="bus" dev="loop1" ino=263 res=0 errno=0
[  216.357716][ T8518] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  216.543372][ T6830] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  216.600879][  T120] usb 4-1: USB disconnect, device number 11
[  217.395897][ T8525] loop2: detected capacity change from 0 to 32768
[  217.408056][ T8525] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.906 (8525)
[  217.420527][ T8548] batman_adv: batadv0: Adding interface: macsec1
[  217.437569][ T8548] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  217.451551][ T8525] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  217.462884][    C1] vkms_vblank_simulate: vblank timer overrun
[  217.503509][ T8525] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  217.523549][ T8525] BTRFS info (device loop2): using free-space-tree
[  217.530332][ T8548] batman_adv: batadv0: Not using interface macsec1 (retrying later): interface not active
[  217.680126][ T8564] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  217.687073][   T29] audit: type=1800 audit(1729068286.574:116): pid=8525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.906" name="file1" dev="loop2" ino=260 res=0 errno=0
[  217.711068][    C1] vkms_vblank_simulate: vblank timer overrun
[  217.939381][ T8542] loop3: detected capacity change from 0 to 32768
[  217.951093][ T8571] loop0: detected capacity change from 0 to 256
[  218.026219][ T7782] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  218.035081][ T8573] loop1: detected capacity change from 0 to 1024
[  218.046061][ T8542] XFS (loop3): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  218.159165][ T8542] XFS (loop3): Ending clean mount
[  218.278276][ T5286] XFS (loop3): Metadata CRC error detected at xfs_allocbt_read_verify+0x41/0xd0, xfs_bnobt block 0x4 
[  218.304449][ T5286] XFS (loop3): Unmount and run xfs_repair
[  218.324446][   T29] audit: type=1326 audit(1729068287.214:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8586 comm="syz.0.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2284f7dff9 code=0x7ffc0000
[  218.325746][ T5286] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  218.346629][    C1] vkms_vblank_simulate: vblank timer overrun
[  218.362762][   T29] audit: type=1326 audit(1729068287.244:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8586 comm="syz.0.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2284f7dff9 code=0x7ffc0000
[  218.427658][ T5286] 00000000: 41 42 33 42 00 00 00 03 ff ff ff ff ff ff ff ff  AB3B............
[  218.462889][   T29] audit: type=1326 audit(1729068287.244:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8586 comm="syz.0.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f2284f7dff9 code=0x7ffc0000
[  218.485884][ T5286] 00000010: 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 10  ................
[  218.485907][ T5286] 00000020: ed 37 bf 6e 74 ea 4e 01 f8 ba 5f ee 27 4b 0f 3a  .7.nt.N..._.'K.:
[  218.485922][ T5286] 00000030: 00 00 00 00 f6 3b 25 b5 00 00 00 07 00 00 00 01  .....;%.........
[  218.485937][ T5286] 00000040: 00 00 0b fe 00 00 00 02 00 00 0c 20 00 00 13 e0  ........... ....
[  218.485951][ T5286] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  218.485965][ T5286] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  218.485980][ T5286] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  218.486375][ T8542] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x36f/0x5b0" at daddr 0x4 len 4 error 74
[  218.542056][   T29] audit: type=1326 audit(1729068287.244:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8586 comm="syz.0.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2284f7dff9 code=0x7ffc0000
[  218.646545][ T8542] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  218.657106][   T29] audit: type=1326 audit(1729068287.244:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8586 comm="syz.0.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2284f7dff9 code=0x7ffc0000
[  218.666338][ T8592] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  218.737698][   T29] audit: type=1326 audit(1729068287.244:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8586 comm="syz.0.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f2284f7dff9 code=0x7ffc0000
[  218.744517][ T8542] XFS (loop3): Please unmount the filesystem and rectify the problem(s)
[  218.759879][    C1] vkms_vblank_simulate: vblank timer overrun
[  218.824550][   T29] audit: type=1326 audit(1729068287.244:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8586 comm="syz.0.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2284f7dff9 code=0x7ffc0000
[  218.846804][    C1] vkms_vblank_simulate: vblank timer overrun
[  218.954115][   T29] audit: type=1326 audit(1729068287.244:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8586 comm="syz.0.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2284f7dff9 code=0x7ffc0000
[  219.008426][ T8309] XFS (loop3): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  219.603834][ T8621] loop3: detected capacity change from 0 to 512
[  219.779709][ T8631] loop0: detected capacity change from 0 to 256
[  219.787498][ T8621] EXT4-fs error (device loop3): ext4_expand_extra_isize_ea:2813: inode #11: comm syz.3.934: corrupted xattr block 95: invalid header
[  219.849536][ T8621] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.934: bg 0: block 7: invalid block bitmap
[  219.904054][ T8621] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  219.917593][ T8631] syz.0.939: attempt to access beyond end of device
[  219.917593][ T8631] loop0: rw=2049, sector=256, nr_sectors = 4 limit=256
[  219.942048][ T8621] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2977: inode #11: comm syz.3.934: corrupted xattr block 95: invalid header
[  219.979646][ T8636] syz.0.939: attempt to access beyond end of device
[  219.979646][ T8636] loop0: rw=2049, sector=256, nr_sectors = 8 limit=256
[  220.002170][ T8621] EXT4-fs warning (device loop3): ext4_evict_inode:276: xattr delete (err -117)
[  220.026038][ T8621] EXT4-fs (loop3): 1 orphan inode deleted
[  220.032665][ T8621] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  220.175534][ T8309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.266333][ T8642] netlink: 'syz.1.944': attribute type 1 has an invalid length.
[  220.274496][ T8642] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.944'.
[  220.325043][ T8602] loop2: detected capacity change from 0 to 40427
[  220.363757][ T8642] netlink: 3068 bytes leftover after parsing attributes in process `syz.1.944'.
[  220.532931][ T8602] F2FS-fs (loop2): Found nat_bits in checkpoint
[  220.795957][ T8602] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  223.745770][   T29] kauditd_printk_skb: 63 callbacks suppressed
[  223.745788][   T29] audit: type=1800 audit(1729068292.634:188): pid=8602 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.928" name="bus" dev="loop2" ino=14 res=0 errno=0
[  223.800409][ T8657] loop3: detected capacity change from 0 to 512
[  223.820737][ T8659] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[  223.840349][ T8602] syz.2.928: attempt to access beyond end of device
[  223.840349][ T8602] loop2: rw=2049, sector=77824, nr_sectors = 104 limit=40427
[  223.924286][ T8657] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  223.936959][ T8657] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  223.990277][ T8664] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  224.033791][ T7782] syz-executor: attempt to access beyond end of device
[  224.033791][ T7782] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  224.061096][ T8309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.116054][ T7782] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  224.163160][ T7782] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  224.248630][ T8672] loop0: detected capacity change from 0 to 4096
[  224.440811][ T8672] loop0: detected capacity change from 4096 to 0
[  224.442307][ T8678] syz.0.954: attempt to access beyond end of device
[  224.442307][ T8678] loop0: rw=0, sector=566, nr_sectors = 2 limit=0
[  224.465802][ T8678] ntfs3(loop0): failed to read volume at offset 0x46c00
[  224.528667][ T5917] syz-executor: attempt to access beyond end of device
[  224.528667][ T5917] loop0: rw=0, sector=552, nr_sectors = 2 limit=0
[  224.556105][ T5286] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  224.576363][ T5917] ntfs3(loop0): failed to read volume at offset 0x45000
[  224.736241][ T5286] usb 4-1: Using ep0 maxpacket: 16
[  224.750364][ T5286] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  224.776350][ T5286] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  224.815151][ T8689] loop2: detected capacity change from 0 to 256
[  224.815267][ T5286] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  224.836584][ T8085] kworker/u8:27: attempt to access beyond end of device
[  224.836584][ T8085] loop0: rw=0, sector=552, nr_sectors = 2 limit=0
[  224.890368][ T8085] ntfs3(loop0): failed to read volume at offset 0x45000
[  224.900244][ T5286] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  224.926187][ T8212] syz.0.822: attempt to access beyond end of device
[  224.926187][ T8212] loop0: rw=2049, sector=38, nr_sectors = 2 limit=0
[  224.934195][ T5286] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  224.945679][ T8212] Buffer I/O error on dev loop0, logical block 19, lost sync page write
[  224.981813][ T8692] loop1: detected capacity change from 0 to 128
[  224.987685][ T8212] ntfs3(loop0): ino=3, ntfs_set_state failed, -5.
[  224.995076][ T8212] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  224.998587][ T5286] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  225.025716][ T8212] syz.0.822: attempt to access beyond end of device
[  225.025716][ T8212] loop0: rw=2049, sector=38, nr_sectors = 2 limit=0
[  225.040363][ T5286] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  225.052986][ T5286] usb 4-1: Manufacturer: syz
[  225.065844][   T29] audit: type=1800 audit(1729068293.934:189): pid=8692 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.961" name="file1" dev="loop1" ino=1048690 res=0 errno=0
[  225.071622][ T5286] usb 4-1: config 0 descriptor??
[  225.105785][ T8212] Buffer I/O error on dev loop0, logical block 19, lost sync page write
[  225.122589][ T8212] ntfs3(loop0): ino=3, ntfs_set_state failed, -5.
[  225.136062][ T8212] syz.0.822: attempt to access beyond end of device
[  225.136062][ T8212] loop0: rw=0, sector=38, nr_sectors = 2 limit=0
[  225.175098][   T35] kworker/u8:2: attempt to access beyond end of device
[  225.175098][   T35] loop0: rw=2049, sector=38, nr_sectors = 2 limit=0
[  225.189612][   T35] Buffer I/O error on dev loop0, logical block 19, lost sync page write
[  225.198355][   T35] ntfs3(loop0): ino=3, ntfs3_write_inode failed, -5.
[  225.205495][ T8212] syz.0.822: attempt to access beyond end of device
[  225.205495][ T8212] loop0: rw=2049, sector=2046, nr_sectors = 2 limit=0
[  225.230616][  T380] kworker/u8:5: attempt to access beyond end of device
[  225.230616][  T380] loop1: rw=1, sector=145, nr_sectors = 36 limit=128
[  225.249455][ T8212] Buffer I/O error on dev loop0, logical block 1023, lost sync page write
[  225.266648][ T8212] syz.0.822: attempt to access beyond end of device
[  225.266648][ T8212] loop0: rw=0, sector=38, nr_sectors = 2 limit=0
[  225.393874][   T29] audit: type=1326 audit(1729068294.284:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8699 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd113f7dff9 code=0x7ffc0000
[  225.456570][ T5286] rc_core: IR keymap rc-hauppauge not found
[  225.461435][   T29] audit: type=1326 audit(1729068294.284:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8699 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd113f7dff9 code=0x7ffc0000
[  225.464588][ T5286] Registered IR keymap rc-empty
[  225.507484][ T8698] loop4: detected capacity change from 0 to 4096
[  225.526573][ T5286] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  225.542181][   T29] audit: type=1326 audit(1729068294.284:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8699 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7fd113f7dff9 code=0x7ffc0000
[  225.565987][ T5286] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  225.591553][   T29] audit: type=1326 audit(1729068294.284:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8699 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd113f7dff9 code=0x7ffc0000
[  225.591690][ T5286] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  225.641456][   T29] audit: type=1326 audit(1729068294.284:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8699 comm="syz.1.965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd113f7dff9 code=0x7ffc0000
[  225.644743][ T5286] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input14
[  225.683349][ T8698] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.705982][ T5286] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  225.736001][ T5286] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  225.755826][ T5286] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  225.775808][ T5286] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  225.796642][ T5286] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  225.825825][ T5286] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  225.856410][ T5286] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  225.875822][ T5286] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  225.895808][ T5286] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  225.915868][ T5286] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  225.924540][ T8037] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.936818][ T5286] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[  225.944832][ T5286] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  225.982240][ T5286] usb 4-1: USB disconnect, device number 12
[  226.301239][ T5238] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  226.312892][ T5238] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  226.322735][ T5238] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  226.331596][ T5238] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  226.340997][ T5238] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  226.352591][ T5238] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  226.632363][ T8717] chnl_net:caif_netlink_parms(): no params data found
[  226.858498][ T8717] bridge0: port 1(bridge_slave_0) entered blocking state
[  226.865743][ T8717] bridge0: port 1(bridge_slave_0) entered disabled state
[  226.872944][ T8717] bridge_slave_0: entered allmulticast mode
[  226.882587][ T8717] bridge_slave_0: entered promiscuous mode
[  226.898031][ T8717] bridge0: port 2(bridge_slave_1) entered blocking state
[  226.905234][ T8717] bridge0: port 2(bridge_slave_1) entered disabled state
[  226.912667][ T8717] bridge_slave_1: entered allmulticast mode
[  226.920932][ T8717] bridge_slave_1: entered promiscuous mode
[  226.959594][ T8717] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  226.964671][ T8739] loop3: detected capacity change from 0 to 8
[  226.977621][ T8717] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  227.008299][ T8739] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  227.053692][ T8717] team0: Port device team_slave_0 added
[  227.076116][ T5286] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  227.098889][ T8717] team0: Port device team_slave_1 added
[  227.234817][ T8717] batman_adv: batadv0: Adding interface: batadv_slave_0
[  227.245775][ T5286] usb 5-1: Using ep0 maxpacket: 32
[  227.272436][ T8717] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  227.368118][ T8717] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  227.382892][   T29] audit: type=1326 audit(1729068296.274:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8743 comm="syz.2.982" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3b65d7dff9 code=0x0
[  227.450345][ T8717] batman_adv: batadv0: Adding interface: batadv_slave_1
[  227.483867][ T8717] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  227.601718][ T8717] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  227.612539][ T5286] usb 5-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9
[  227.623603][ T5286] usb 5-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[  227.635873][ T5286] usb 5-1: config 0 interface 0 has no altsetting 0
[  227.642555][ T5286] usb 5-1: New USB device found, idVendor=056a, idProduct=00c4, bcdDevice= 0.00
[  227.683931][ T5286] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.701748][ T5286] usb 5-1: config 0 descriptor??
[  227.770380][ T8717] hsr_slave_0: entered promiscuous mode
[  227.791097][ T8717] hsr_slave_1: entered promiscuous mode
[  227.820724][ T8717] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  227.848370][ T8717] Cannot create hsr debugfs directory
[  228.148508][ T5286] wacom 0003:056A:00C4.000B: unknown main item tag 0x0
[  228.168826][ T8717] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.184534][ T5286] wacom 0003:056A:00C4.000B: hidraw0: USB HID v0.00 Device [HID 056a:00c4] on usb-dummy_hcd.4-1/input0
[  228.396733][ T8717] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.420448][ T8759] loop1: detected capacity change from 0 to 256
[  228.462937][ T5243] Bluetooth: hci2: command tx timeout
[  228.516131][ T8717] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.560784][ T8759] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  228.589292][ T8763] loop2: detected capacity change from 0 to 256
[  228.706800][ T8763] syz.2.987: attempt to access beyond end of device
[  228.706800][ T8763] loop2: rw=2049, sector=256, nr_sectors = 4 limit=256
[  228.738138][ T8763] syz.2.987: attempt to access beyond end of device
[  228.738138][ T8763] loop2: rw=2049, sector=256, nr_sectors = 4 limit=256
[  228.754974][ T8766] loop1: detected capacity change from 0 to 8
[  228.767406][ T8717] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.800710][ T8763] Buffer I/O error on dev loop2, logical block 64, lost async page write
[  228.886678][ T8765] syz.2.987: attempt to access beyond end of device
[  228.886678][ T8765] loop2: rw=2049, sector=256, nr_sectors = 8 limit=256
[  229.170751][ T8717] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  229.213981][ T8717] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  229.262942][ T8717] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  229.323853][ T8717] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  229.361346][ T8778] netlink: 24 bytes leftover after parsing attributes in process `syz.3.994'.
[  229.433470][ T8777] loop1: detected capacity change from 0 to 2048
[  229.466332][ T8777] udf: Unknown parameter '18446744073709551615ȷW%��`��n"���D��c4�m�(�̱�_�н(ܛ��T�"jȮ�(�ش�.m)b2��
�'
[  229.557467][ T8717] 8021q: adding VLAN 0 to HW filter on device bond0
[  229.614012][ T8717] 8021q: adding VLAN 0 to HW filter on device team0
[  229.653417][ T2566] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.660710][ T2566] bridge0: port 1(bridge_slave_0) entered forwarding state
[  229.715373][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.722572][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  229.776235][ T8790] loop2: detected capacity change from 0 to 64
[  229.805866][   T25] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  229.859197][ T8792] loop1: detected capacity change from 0 to 256
[  229.953554][ T8792] syz.1.1001: attempt to access beyond end of device
[  229.953554][ T8792] loop1: rw=2049, sector=256, nr_sectors = 4 limit=256
[  229.981151][   T25] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  230.003056][   T25] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  230.012574][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.014945][ T8797] syz.1.1001: attempt to access beyond end of device
[  230.014945][ T8797] loop1: rw=2049, sector=256, nr_sectors = 8 limit=256
[  230.037241][   T25] usb 4-1: config 0 descriptor??
[  230.047934][   T25] pwc: Askey VC010 type 2 USB webcam detected.
[  230.274704][ T8717] 8021q: adding VLAN 0 to HW filter on device batadv0
[  230.307530][   T51] usb 5-1: USB disconnect, device number 9
[  230.423478][ T8717] veth0_vlan: entered promiscuous mode
[  230.470126][   T25] pwc: recv_control_msg error -32 req 02 val 2b00
[  230.480543][   T25] pwc: recv_control_msg error -32 req 02 val 2700
[  230.494926][ T8717] veth1_vlan: entered promiscuous mode
[  230.526211][ T5243] Bluetooth: hci2: command tx timeout
[  230.570855][ T8806] loop1: detected capacity change from 0 to 2048
[  230.595029][ T8717] veth0_macvtap: entered promiscuous mode
[  230.612758][ T8806] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  230.639946][ T8717] veth1_macvtap: entered promiscuous mode
[  230.656233][ T8806] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  230.664041][ T8806] UDF-fs: Scanning with blocksize 512 failed
[  230.685425][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  230.697765][   T25] pwc: recv_control_msg error -71 req 04 val 1000
[  230.716279][   T25] pwc: recv_control_msg error -71 req 04 val 1300
[  230.723356][   T25] pwc: recv_control_msg error -71 req 04 val 1400
[  230.731861][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.735812][ T8806] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  230.741975][   T25] pwc: recv_control_msg error -71 req 02 val 2000
[  230.766487][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  230.786848][   T25] pwc: recv_control_msg error -71 req 02 val 2100
[  230.803553][   T25] pwc: recv_control_msg error -71 req 04 val 1500
[  230.810080][ T8806] capability: warning: `syz.1.1006' uses 32-bit capabilities (legacy support in use)
[  230.820974][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.841207][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  230.855885][   T25] pwc: recv_control_msg error -71 req 02 val 2500
[  230.873786][   T25] pwc: recv_control_msg error -71 req 02 val 2400
[  230.880536][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.896221][   T25] pwc: recv_control_msg error -71 req 02 val 2600
[  230.907031][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  230.926437][   T25] pwc: recv_control_msg error -71 req 02 val 2900
[  230.933437][   T25] pwc: recv_control_msg error -71 req 02 val 2800
[  230.943531][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.944659][ T8816] loop4: detected capacity change from 0 to 16
[  230.968618][ T8816] erofs: (device loop4): erofs_fc_fill_super: rootino(nid 36) is not a directory(i_mode 66300)
[  230.980201][   T25] pwc: recv_control_msg error -71 req 04 val 1100
[  230.992505][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.007113][   T25] pwc: recv_control_msg error -71 req 04 val 1200
[  231.032305][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.046001][   T25] pwc: Registered as video71.
[  231.062975][   T25] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input18
[  231.072683][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.087760][   T25] usb 4-1: USB disconnect, device number 13
[  231.095915][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.116442][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.128075][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.145815][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.163211][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.218672][ T8717] batman_adv: batadv0: Interface activated: batadv_slave_0
[  231.237658][ T8824] Process accounting resumed
[  231.258491][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.285968][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.300420][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.311807][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.322095][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.333862][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.364445][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.379864][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.401810][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.414581][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.441819][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.456514][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.472655][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.495758][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.505600][ T8717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.531229][ T8717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.545019][ T8717] batman_adv: batadv0: Interface activated: batadv_slave_1
[  231.580955][ T8717] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  231.601310][ T8717] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  231.615097][ T8717] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  231.638681][ T8717] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  231.651080][ T8831] loop2: detected capacity change from 0 to 128
[  231.853623][ T2566] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  231.883141][ T8837] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1018'.
[  231.888578][ T2566] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  232.027258][ T8846] loop3: detected capacity change from 0 to 2048
[  232.043528][ T8846] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  232.174008][ T8083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  232.223399][ T8083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  232.606222][ T5243] Bluetooth: hci2: command tx timeout
[  232.755956][ T5286] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  232.937947][ T5286] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  232.979787][ T5286] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  233.010607][ T5286] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  233.055545][ T5286] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  233.082297][ T5286] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.112321][ T5286] usb 1-1: config 0 descriptor??
[  233.226728][ T8856] loop1: detected capacity change from 0 to 32768
[  233.256445][ T8856] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1024 (8856)
[  233.289401][ T8856] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  233.311227][ T8856] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  233.331630][ T8877] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  233.338671][ T8877] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  233.356627][ T8856] BTRFS info (device loop1): using free-space-tree
[  233.537140][ T5286] acrux 0003:1A34:0802.000C: unknown main item tag 0x0
[  233.574889][ T5286] acrux 0003:1A34:0802.000C: unknown main item tag 0x0
[  233.597991][ T5286] acrux 0003:1A34:0802.000C: unknown main item tag 0x0
[  233.604917][ T5286] acrux 0003:1A34:0802.000C: unknown main item tag 0x0
[  233.627940][ T6830] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  233.633778][ T5286] acrux 0003:1A34:0802.000C: unknown main item tag 0x0
[  233.678158][ T5286] acrux 0003:1A34:0802.000C: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.0-1/input0
[  233.709793][ T5286] acrux 0003:1A34:0802.000C: no inputs found
[  233.735749][ T5286] acrux 0003:1A34:0802.000C: Failed to enable force feedback support, error: -19
[  233.816117][ T5286] usb 1-1: USB disconnect, device number 9
[  234.210325][   T29] audit: type=1326 audit(1729068303.104:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8905 comm="syz.2.1040" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b65d7dff9 code=0x0
[  234.261673][ T8876] loop3: detected capacity change from 0 to 32768
[  234.332793][ T8876] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  234.452731][ T8876] syz.3.1034 (8876) used greatest stack depth: 15832 bytes left
[  234.495891][  T838] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  234.520307][ T8309] ocfs2: Unmounting device (7,3) on (node local)
[  234.537212][ T8862] loop4: detected capacity change from 0 to 32768
[  234.577521][ T8862] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1027 (8862)
[  234.667613][  T838] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  234.669723][ T8862] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  234.678678][  T838] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  234.698984][ T5243] Bluetooth: hci2: command tx timeout
[  234.735937][  T838] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  234.756047][  T838] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  234.767389][  T838] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.777713][  T838] usb 2-1: config 0 descriptor??
[  234.819851][ T8862] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  234.839777][ T8916] loop9: detected capacity change from 0 to 7
[  234.868588][ T8862] BTRFS info (device loop4): using free-space-tree
[  234.876309][ T8916] Dev loop9: unable to read RDB block 7
[  234.891354][ T8918] loop0: detected capacity change from 0 to 4096
[  234.895687][ T8916]  loop9: AHDI p3
[  234.905875][ T8916] loop9: partition table partially beyond EOD, truncated
[  234.906352][ T8918] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  234.978921][ T8918] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  235.064086][ T8918] ntfs3(loop0): ino=1b, "file0" failed to parse mft record
[  235.084691][ T8918] ntfs3(loop0): ino=1b, "file0" attr_set_size
[  235.195260][  T838] plantronics 0003:047F:FFFF.000D: ignoring exceeding usage max
[  235.216884][   T29] audit: type=1800 audit(1729068304.104:197): pid=8862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1027" name="bus" dev="loop4" ino=263 res=0 errno=0
[  235.248772][  T838] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving
[  235.285969][  T838] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  235.352996][ T8037] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  235.985957][ T8933] loop3: detected capacity change from 0 to 40427
[  237.095737][ T5316] usb 2-1: reset high-speed USB device number 7 using dummy_hcd
[  237.298767][ T5316] usb 2-1: device descriptor read/64, error -32
[  238.025773][ T5316] usb 2-1: reset high-speed USB device number 7 using dummy_hcd
[  238.419509][ T8946] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1048'.
[  238.432883][ T8954] loop2: detected capacity change from 0 to 512
[  238.670154][ T8954] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.1052: corrupted in-inode xattr: invalid ea_ino
[  238.684376][ T8954] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.1052: couldn't read orphan inode 15 (err -117)
[  238.704067][ T8953] loop0: detected capacity change from 0 to 32768
[  238.711903][ T8953] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1053 (8953)
[  238.736039][ T8953] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  238.746428][ T8953] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  238.755158][ T8953] BTRFS info (device loop0): using free-space-tree
[  238.755478][ T8954] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  238.930801][ T7782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.073088][ T8717] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  239.182167][ T8992] loop2: detected capacity change from 0 to 1024
[  239.360348][ T9000] loop1: detected capacity change from 0 to 256
[  239.428328][   T51] usb 2-1: USB disconnect, device number 7
[  239.447212][   T35] hfsplus: b-tree write err: -5, ino 4
[  239.578459][ T9007] loop2: detected capacity change from 0 to 24
[  239.712045][ T9011] loop1: detected capacity change from 0 to 2048
[  239.787072][ T9011] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  239.829048][ T9011] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  239.911463][ T9021] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  239.996517][ T6830] UDF-fs: warning (device loop1): udf_evict_inode: Inode 1367 (mode 100000) has inode size 4102 different from extent length 4608. Filesystem need not be standards compliant.
[  240.099262][ T9027] netlink: 'syz.1.1076': attribute type 28 has an invalid length.
[  240.128082][ T9027] netlink: 160 bytes leftover after parsing attributes in process `syz.1.1076'.
[  240.129138][ T9023] loop3: detected capacity change from 0 to 2048
[  240.152370][ T9026] loop2: detected capacity change from 0 to 2048
[  240.197293][ T9023] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  240.207142][ T9026] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  240.219620][ T9026] ext4 filesystem being mounted at /86/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  240.271478][ T7782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.351464][ T8309] UDF-fs: warning (device loop3): udf_evict_inode: Inode 1346 (mode 100755) has inode size 4097 different from extent length 4608. Filesystem need not be standards compliant.
[  240.505823][ T5316] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  240.837166][ T9037] loop2: detected capacity change from 0 to 32768
[  240.931015][ T5316] usb 2-1: Using ep0 maxpacket: 16
[  241.021594][ T5316] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  241.053747][ T5316] usb 2-1: config 0 has no interface number 0
[  241.065693][ T5316] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  241.115948][ T5316] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  241.169708][ T5316] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  241.179776][ T5316] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  241.201065][ T8994] loop4: detected capacity change from 0 to 32768
[  241.217813][ T8994] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  241.228918][ T8994] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  241.245904][ T5316] usb 2-1: Product: syz
[  241.250103][ T5316] usb 2-1: SerialNumber: syz
[  241.256649][ T5316] usb 2-1: config 0 descriptor??
[  241.264179][ T5316] cm109 2-1:0.8: invalid payload size 0, expected 4
[  241.272044][ T5316] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input19
[  241.567449][ T8994] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  241.590503][ T5316] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  241.590566][ T5316] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  241.686225][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  241.694296][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  241.701700][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  241.709016][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  241.716384][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  241.724176][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  241.732018][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  241.739687][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  241.746966][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  241.754136][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  241.820555][ T9035] loop3: detected capacity change from 0 to 32768
[  241.837169][ T5316] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 246ms
[  241.843127][ T9035] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1080 (9035)
[  241.844767][ T5316] gfs2: fsid=syz:syz.0: jid=0: Done
[  241.875894][    C1] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  241.886302][ T5287] usb 2-1: USB disconnect, device number 8
[  241.925745][ T8994] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  241.945997][ T9035] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  241.948308][ T5287] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  241.977560][ T9035] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  242.010970][ T9035] BTRFS info (device loop3): using free-space-tree
[  242.456370][ T9047] loop0: detected capacity change from 0 to 32768
[  242.466223][ T8309] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  242.535897][   T29] audit: type=1326 audit(1729068311.424:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9071 comm="syz.1.1088" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd113f7dff9 code=0x0
[  242.657033][ T9047] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[  242.681258][ T9047] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  242.764154][ T9047] XFS (loop0): Ending clean mount
[  242.773126][ T9047] XFS (loop0): Quotacheck needed: Please wait.
[  242.910717][ T9047] XFS (loop0): Quotacheck: Done.
[  242.954920][ T9062] loop2: detected capacity change from 0 to 32768
[  243.024579][ T9062] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1087 (9062)
[  243.092365][ T9062] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  243.109735][ T9062] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  243.122291][ T9062] BTRFS info (device loop2): using free-space-tree
[  243.131833][ T8717] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  243.551476][ T7782] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  243.705807][ T5286] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  243.856354][ T5286] usb 2-1: Using ep0 maxpacket: 16
[  243.876854][ T5286] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11
[  243.915698][ T5286] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024
[  243.946215][ T5286] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  243.978874][ T5286] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  244.005787][ T5286] usb 2-1: Product: syz
[  244.015933][ T5286] usb 2-1: Manufacturer: syz
[  244.020603][ T5286] usb 2-1: SerialNumber: syz
[  244.056740][ T5286] usb 2-1: config 0 descriptor??
[  244.062355][ T9100] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  244.076418][ T5286] hub 2-1:0.0: bad descriptor, ignoring hub
[  244.095749][ T5286] hub 2-1:0.0: probe with driver hub failed with error -5
[  244.130872][ T5286] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input20
[  244.178714][ T9114] input: syz1 as /devices/virtual/input/input21
[  244.313430][ T9100] loop1: detected capacity change from 0 to 128
[  244.330736][ T9100] vfat: Bad value for 'gid'
[  244.378136][ T9100] vfat: Bad value for 'gid'
[  244.395191][ T9083] loop3: detected capacity change from 0 to 40427
[  244.405249][ T9083] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  244.413645][ T9083] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  244.427622][ T9083] F2FS-fs (loop3): invalid crc value
[  244.450325][ T5286] usb 2-1: USB disconnect, device number 9
[  244.456323][    C0] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  244.495044][ T9083] F2FS-fs (loop3): Found nat_bits in checkpoint
[  244.642220][ T9083] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  244.655018][ T9083] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  244.796279][ T8309] syz-executor: attempt to access beyond end of device
[  244.796279][ T8309] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  244.836596][ T8309] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  245.539029][ T9148] loop3: detected capacity change from 0 to 64
[  245.562543][ T9122] loop0: detected capacity change from 0 to 40427
[  245.588251][ T9122] F2FS-fs (loop0): Small segment_count (9 < 1 * 24)
[  245.599696][ T9149] loop1: detected capacity change from 0 to 1024
[  245.612064][ T9122] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  245.623810][ T9149] EXT4-fs: Ignoring removed oldalloc option
[  245.662485][ T9122] F2FS-fs (loop0): Found nat_bits in checkpoint
[  245.678910][ T9149] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  245.719207][   T29] audit: type=1800 audit(1729068314.614:199): pid=9149 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1111" name="bus" dev="loop1" ino=18 res=0 errno=0
[  245.754291][ T9122] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  245.762519][ T9122] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  245.822516][ T9122] syz.0.1099: attempt to access beyond end of device
[  245.822516][ T9122] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  245.893731][ T8717] syz-executor: attempt to access beyond end of device
[  245.893731][ T8717] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  245.916236][ T5316] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  245.946881][ T8717] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  245.948121][ T6830] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  246.075299][ T9169] loop1: detected capacity change from 0 to 64
[  246.081739][ T5316] usb 4-1: Using ep0 maxpacket: 32
[  246.092023][ T5316] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  246.107443][ T5316] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.128594][ T5316] usb 4-1: Product: syz
[  246.128617][ T5316] usb 4-1: Manufacturer: syz
[  246.128634][ T5316] usb 4-1: SerialNumber: syz
[  246.136542][ T5316] usb 4-1: config 0 descriptor??
[  246.585261][ T5316] airspy 4-1:0.0: Board ID: 00
[  246.591058][ T5316] airspy 4-1:0.0: Firmware version: 
[  246.708224][ T9187] loop1: detected capacity change from 0 to 1024
[  247.313407][ T9200] loop4: detected capacity change from 0 to 2048
[  247.365458][ T9200] EXT4-fs: Ignoring removed mblk_io_submit option
[  247.394577][ T5316] airspy 4-1:0.0: usb_control_msg() failed -71 request 0f
[  247.411206][ T5316] airspy 4-1:0.0: Registered as swradio16
[  247.429047][ T5316] airspy 4-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  247.455359][ T5316] usb 4-1: USB disconnect, device number 14
[  247.499262][ T9200] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  247.804580][ T9200] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1127: bg 0: block 234: padding at end of block bitmap is not set
[  247.834920][ T9200] EXT4-fs (loop4): Remounting filesystem read-only
[  248.069495][ T9208] loop0: detected capacity change from 0 to 256
[  248.122387][ T8037] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.133513][ T9208] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  248.313445][ T9210] loop1: detected capacity change from 0 to 512
[  248.385582][ T9210] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.1131: corrupted in-inode xattr: invalid ea_ino
[  248.452018][ T9210] EXT4-fs error (device loop1): ext4_orphan_get:1393: comm syz.1.1131: couldn't read orphan inode 15 (err -117)
[  248.521741][ T9210] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.641273][ T9185] loop2: detected capacity change from 0 to 131072
[  248.688251][ T6830] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.691633][ T9185] F2FS-fs (loop2): invalid crc value
[  248.785506][ T9185] F2FS-fs (loop2): Found nat_bits in checkpoint
[  248.931368][ T9185] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  251.215541][ T9243] loop3: detected capacity change from 0 to 128
[  251.377107][ T9252] loop0: detected capacity change from 0 to 512
[  251.424742][ T9252] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.1150: corrupted in-inode xattr: invalid ea_ino
[  251.475218][ T9252] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz.0.1150: couldn't read orphan inode 15 (err -117)
[  251.481637][ T9250] loop4: detected capacity change from 0 to 2048
[  251.497546][ T9252] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  251.523034][ T9252] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.1150: invalid indirect mapped block 234881024 (level 0)
[  251.630237][ T9258] loop1: detected capacity change from 0 to 2048
[  251.652904][ T8717] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.722220][ T9259] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  251.745546][ T9258] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  251.806469][ T9258] ext4 filesystem being mounted at /161/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  251.821533][ T9266] netlink: 'syz.0.1154': attribute type 10 has an invalid length.
[  251.897087][ T9266] bridge0: port 2(bridge_slave_1) entered disabled state
[  251.904586][ T9266] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.955763][ T9266] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.964530][ T9266] bridge0: port 2(bridge_slave_1) entered forwarding state
[  251.972980][ T9266] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.980161][ T9266] bridge0: port 1(bridge_slave_0) entered forwarding state
[  252.010484][ T6830] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  252.138043][ T9266] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  252.409859][   T29] audit: type=1326 audit(1729068321.304:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9278 comm="syz.4.1159" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa607f7dff9 code=0x0
[  252.431611][    C1] vkms_vblank_simulate: vblank timer overrun
[  252.765739][    T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  252.811167][ T9306] TCP: request_sock_subflow_v6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  252.816504][ T9302] loop3: detected capacity change from 0 to 1024
[  252.915699][    T9] usb 2-1: Using ep0 maxpacket: 16
[  252.923584][ T2566] hfsplus: b-tree write err: -5, ino 4
[  252.929674][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  252.943220][    T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  252.969983][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.999345][    T9] usb 2-1: config 0 descriptor??
[  253.020952][    T9] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input22
[  253.038106][ T9311] loop0: detected capacity change from 0 to 2048
[  253.061442][ T9311] udf: Unknown parameter 'lastMlock'
[  253.222708][ T9315] Bluetooth: MGMT ver 1.23
[  253.265893][ T5287] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  253.285773][ T4676] bcm5974 2-1:0.0: could not read from device
[  253.304256][ T9292] bcm5974 2-1:0.0: could not read from device
[  253.343266][    T9] usb 2-1: USB disconnect, device number 10
[  253.349966][ T4676] bcm5974 2-1:0.0: could not read from device
[  253.362705][ T4676] bcm5974 2-1:0.0: could not read from device
[  253.455855][ T5287] usb 4-1: Using ep0 maxpacket: 8
[  253.462377][ T5287] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  253.474076][ T5287] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  253.495201][ T5287] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  253.515715][ T5287] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  253.556566][ T5287] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  253.575722][ T5287] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.813627][ T5287] usb 4-1: GET_CAPABILITIES returned 0
[  253.819205][ T5287] usbtmc 4-1:16.0: can't read capabilities
[  254.023009][ T5287] usb 4-1: USB disconnect, device number 15
[  254.223642][ T9336] loop4: detected capacity change from 0 to 256
[  254.275813][ T9336] vfat: Unknown parameter '�0x0000000000000000��������'
[  255.133298][ T9324] loop2: detected capacity change from 0 to 40427
[  255.176317][ T9324] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  255.200048][ T9324] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  255.245294][ T9324] F2FS-fs (loop2): invalid crc value
[  255.274179][ T9324] F2FS-fs (loop2): Found nat_bits in checkpoint
[  255.310246][ T9359] 
@�: renamed from veth0_vlan (while UP)
[  255.384485][ T9324] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  255.410517][ T9324] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  255.415744][ T5286] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  255.522174][   T29] audit: type=1326 audit(1729068324.414:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9361 comm="syz.1.1192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd113f7dff9 code=0x7ffc0000
[  255.594475][   T29] audit: type=1326 audit(1729068324.454:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9361 comm="syz.1.1192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=23 compat=0 ip=0x7fd113f7dff9 code=0x7ffc0000
[  255.638540][ T5286] usb 4-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4
[  255.647854][ T5286] usb 4-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0
[  255.684154][   T29] audit: type=1326 audit(1729068324.454:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9361 comm="syz.1.1192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd113f7dff9 code=0x7ffc0000
[  255.723031][ T5286] usb 4-1: Manufacturer: syz
[  255.739191][ T5286] usb 4-1: config 0 descriptor??
[  255.754378][ T9364] loop4: detected capacity change from 0 to 1024
[  255.794167][ T9364] EXT4-fs: Ignoring removed nomblk_io_submit option
[  255.836783][ T9366] loop1: detected capacity change from 0 to 1024
[  255.889318][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  255.899158][ T9364] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  255.907984][ T1271] ieee802154 phy1 wpan1: encryption failed: -22
[  255.949921][ T9364] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  256.079742][ T9364] System zones: 0-1, 3-36
[  256.459230][ T5286] gs_usb 4-1:0.0: Configuring for 1 interfaces
[  256.468071][ T9364] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  256.555503][ T9375] loop1: detected capacity change from 0 to 128
[  256.593657][ T9375] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  256.618456][ T9375] ext4 filesystem being mounted at /171/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  256.690073][ T8037] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.690844][ T6830] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  256.870643][ T5287] usb 4-1: USB disconnect, device number 16
[  257.191699][ T9403] mmap: syz.2.1206 (9403) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  257.198022][ T9400] loop4: detected capacity change from 0 to 512
[  257.279016][ T9400] EXT4-fs error (device loop4): ext4_orphan_get:1388: inode #15: comm syz.4.1204: casefold flag without casefold feature
[  257.356421][ T9400] EXT4-fs error (device loop4): ext4_orphan_get:1393: comm syz.4.1204: couldn't read orphan inode 15 (err -117)
[  257.387134][ T9400] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  257.587905][ T8037] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  257.601242][ T5286] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  262.385945][ T9413] loop2: detected capacity change from 0 to 32768
[  262.735742][ T5286] usb 1-1: Using ep0 maxpacket: 16
[  263.285774][ T5238] Bluetooth: hci1: command 0x0406 tx timeout
[  263.855968][ T9410] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1209'.
[  263.864862][ T9410] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1209'.
[  263.874757][ T8717] ==================================================================
[  263.882838][ T8717] BUG: KASAN: slab-use-after-free in bpf_trace_run2+0xfa/0x540
[  263.890399][ T8717] Read of size 8 at addr ffff88807a801f18 by task syz-executor/8717
[  263.896476][ T9413] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1210 (9413)
[  263.898366][ T8717] 
[  263.898390][ T8717] CPU: 0 UID: 0 PID: 8717 Comm: syz-executor Not tainted 6.12.0-rc3-next-20241016-syzkaller #0
[  263.923666][ T8717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  263.933721][ T8717] Call Trace:
[  263.936994][ T8717]  <TASK>
[  263.939916][ T8717]  dump_stack_lvl+0x241/0x360
[  263.944589][ T8717]  ? __pfx_dump_stack_lvl+0x10/0x10
[  263.949779][ T8717]  ? __pfx__printk+0x10/0x10
[  263.954366][ T8717]  ? _printk+0xd5/0x120
[  263.958519][ T8717]  ? __virt_addr_valid+0x183/0x530
[  263.963621][ T8717]  ? __virt_addr_valid+0x183/0x530
[  263.968729][ T8717]  print_report+0x169/0x550
[  263.973228][ T8717]  ? __virt_addr_valid+0x183/0x530
[  263.978329][ T8717]  ? __virt_addr_valid+0x183/0x530
[  263.983428][ T8717]  ? __virt_addr_valid+0x45f/0x530
[  263.988526][ T8717]  ? __phys_addr+0xba/0x170
[  263.993018][ T8717]  ? bpf_trace_run2+0xfa/0x540
[  263.997771][ T8717]  kasan_report+0x143/0x180
[  264.002267][ T8717]  ? bpf_trace_run2+0xfa/0x540
[  264.007024][ T8717]  bpf_trace_run2+0xfa/0x540
[  264.011602][ T8717]  ? arch_do_signal_or_restart+0x51f/0x860
[  264.017412][ T8717]  ? __pfx_lock_release+0x10/0x10
[  264.022434][ T8717]  ? __pfx_bpf_trace_run2+0x10/0x10
[  264.027629][ T8717]  ? __might_fault+0xc6/0x120
[  264.032297][ T8717]  ? trace_sys_enter+0x9d/0x150
[  264.037144][ T8717]  __bpf_trace_sys_enter+0x38/0x60
[  264.042252][ T8717]  trace_sys_enter+0xd9/0x150
[  264.046921][ T8717]  syscall_trace_enter+0xf8/0x150
[  264.051938][ T8717]  do_syscall_64+0xcc/0x230
[  264.056440][ T8717]  ? clear_bhb_loop+0x35/0x90
[  264.061110][ T8717]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.067005][ T8717] RIP: 0033:0x7fc01a919959
[  264.071413][ T8717] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  264.091018][ T8717] RSP: 002b:00007ffe35d7a0c0 EFLAGS: 00000293 ORIG_RAX: 000000000000000f
[  264.099428][ T8717] RAX: ffffffffffffffda RBX: 0000000000000054 RCX: 00007fc01a919959
[  264.107389][ T8717] RDX: 00007ffe35d7a0c0 RSI: 00007ffe35d7a1f0 RDI: 0000000000000011
[  264.115354][ T8717] RBP: 00007ffe35d7a6cc R08: 0000000000000000 R09: 7fffffffffffffff
[  264.123322][ T8717] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
[  264.131284][ T8717] R13: 000000000003ecfe R14: 000000000003ecfe R15: 00007ffe35d7a720
[  264.139252][ T8717]  </TASK>
[  264.142258][ T8717] 
[  264.144566][ T8717] Allocated by task 9418:
[  264.148884][ T8717]  kasan_save_track+0x3f/0x80
[  264.153555][ T8717]  __kasan_kmalloc+0x98/0xb0
[  264.158137][ T8717]  __kmalloc_cache_noprof+0x243/0x390
[  264.163500][ T8717]  bpf_raw_tp_link_attach+0x2a0/0x6e0
[  264.168865][ T8717]  bpf_raw_tracepoint_open+0x177/0x1f0
[  264.174318][ T8717]  __sys_bpf+0x3c0/0x810
[  264.178549][ T8717]  __x64_sys_bpf+0x7c/0x90
[  264.182954][ T8717]  do_syscall_64+0xf3/0x230
[  264.187445][ T8717]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.193326][ T8717] 
[  264.195636][ T8717] Freed by task 9410:
[  264.199599][ T8717]  kasan_save_track+0x3f/0x80
[  264.204261][ T8717]  kasan_save_free_info+0x40/0x50
[  264.209295][ T8717]  __kasan_slab_free+0x59/0x70
[  264.214067][ T8717]  kfree+0x1a0/0x460
[  264.217965][ T8717]  rcu_core+0xaaa/0x17a0
[  264.222204][ T8717]  handle_softirqs+0x2c5/0x980
[  264.226963][ T8717]  __irq_exit_rcu+0xf4/0x1c0
[  264.231560][ T8717]  irq_exit_rcu+0x9/0x30
[  264.235801][ T8717]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  264.241428][ T8717]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  264.247396][ T8717] 
[  264.249709][ T8717] Last potentially related work creation:
[  264.255411][ T8717]  kasan_save_stack+0x3f/0x60
[  264.260090][ T8717]  __kasan_record_aux_stack+0xac/0xc0
[  264.265467][ T8717]  call_rcu+0x167/0xa70
[  264.269616][ T8717]  bpf_link_release+0x78/0x90
[  264.274283][ T8717]  __fput+0x23c/0xa50
[  264.278250][ T8717]  task_work_run+0x24f/0x310
[  264.282828][ T8717]  get_signal+0x15e8/0x1740
[  264.287324][ T8717]  arch_do_signal_or_restart+0x96/0x860
[  264.292879][ T8717]  syscall_exit_to_user_mode+0xc9/0x370
[  264.298433][ T8717]  do_syscall_64+0x100/0x230
[  264.303017][ T8717]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.308906][ T8717] 
[  264.311220][ T8717] The buggy address belongs to the object at ffff88807a801f00
[  264.311220][ T8717]  which belongs to the cache kmalloc-128 of size 128
[  264.325278][ T8717] The buggy address is located 24 bytes inside of
[  264.325278][ T8717]  freed 128-byte region [ffff88807a801f00, ffff88807a801f80)
[  264.338982][ T8717] 
[  264.341296][ T8717] The buggy address belongs to the physical page:
[  264.347705][ T8717] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a801
[  264.356456][ T8717] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  264.363564][ T8717] page_type: f5(slab)
[  264.367544][ T8717] raw: 00fff00000000000 ffff88801ac41a00 dead000000000100 dead000000000122
[  264.376122][ T8717] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[  264.384686][ T8717] page dumped because: kasan: bad access detected
[  264.391089][ T8717] page_owner tracks the page as allocated
[  264.396790][ T8717] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 61, tgid 61 (kworker/u8:4), ts 58947821412, free_ts 58773006444
[  264.415704][ T8717]  post_alloc_hook+0x1f3/0x230
[  264.420459][ T8717]  get_page_from_freelist+0x3123/0x3270
[  264.425994][ T8717]  __alloc_pages_noprof+0x292/0x710
[  264.431179][ T8717]  alloc_pages_mpol_noprof+0x3e8/0x680
[  264.436631][ T8717]  alloc_slab_page+0x6a/0x120
[  264.441295][ T8717]  allocate_slab+0x5a/0x2f0
[  264.445786][ T8717]  ___slab_alloc+0xcd1/0x14b0
[  264.450446][ T8717]  __slab_alloc+0x58/0xa0
[  264.454761][ T8717]  __kmalloc_cache_noprof+0x27b/0x390
[  264.460128][ T8717]  __hw_addr_add_ex+0x1a8/0x610
[  264.464969][ T8717]  dev_mc_add+0xa3/0x110
[  264.469207][ T8717]  igmp6_group_added+0x1a4/0x710
[  264.474156][ T8717]  __ipv6_dev_mc_inc+0x8bf/0xaa0
[  264.479100][ T8717]  addrconf_dad_work+0x448/0x16f0
[  264.484128][ T8717]  process_scheduled_works+0xa63/0x1850
[  264.489675][ T8717]  worker_thread+0x870/0xd30
[  264.494258][ T8717] page last free pid 5236 tgid 5236 stack trace:
[  264.500567][ T8717]  free_unref_page+0xcfb/0xf20
[  264.505318][ T8717]  __put_partials+0xeb/0x130
[  264.509899][ T8717]  put_cpu_partial+0x17c/0x250
[  264.514650][ T8717]  __slab_free+0x2ea/0x3d0
[  264.519055][ T8717]  qlist_free_all+0x9a/0x140
[  264.523636][ T8717]  kasan_quarantine_reduce+0x14f/0x170
[  264.529083][ T8717]  __kasan_slab_alloc+0x23/0x80
[  264.533929][ T8717]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  264.539811][ T8717]  __alloc_skb+0x1c3/0x440
[  264.544216][ T8717]  netlink_ack+0x13f/0xa30
[  264.548620][ T8717]  netlink_rcv_skb+0x262/0x430
[  264.553375][ T8717]  netlink_unicast+0x7f6/0x990
[  264.558128][ T8717]  netlink_sendmsg+0x8e4/0xcb0
[  264.562883][ T8717]  __sock_sendmsg+0x221/0x270
[  264.567553][ T8717]  __sys_sendto+0x39b/0x4f0
[  264.572052][ T8717]  __x64_sys_sendto+0xde/0x100
[  264.576810][ T8717] 
[  264.579123][ T8717] Memory state around the buggy address:
[  264.584737][ T8717]  ffff88807a801e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[  264.592785][ T8717]  ffff88807a801e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  264.600835][ T8717] >ffff88807a801f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  264.608881][ T8717]                             ^
[  264.613713][ T8717]  ffff88807a801f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  264.621758][ T8717]  ffff88807a802000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  264.629803][ T8717] ==================================================================
[  264.639802][ T8717] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  264.647022][ T8717] CPU: 0 UID: 0 PID: 8717 Comm: syz-executor Not tainted 6.12.0-rc3-next-20241016-syzkaller #0
[  264.657360][ T8717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  264.667422][ T8717] Call Trace:
[  264.670705][ T8717]  <TASK>
[  264.673643][ T8717]  dump_stack_lvl+0x241/0x360
[  264.678335][ T8717]  ? __pfx_dump_stack_lvl+0x10/0x10
[  264.683549][ T8717]  ? __pfx__printk+0x10/0x10
[  264.688164][ T8717]  ? vscnprintf+0x5d/0x90
[  264.692512][ T8717]  panic+0x349/0x880
[  264.696434][ T8717]  ? check_panic_on_warn+0x21/0xb0
[  264.701555][ T8717]  ? __pfx_panic+0x10/0x10
[  264.705988][ T8717]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[  264.711893][ T8717]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  264.717800][ T8717]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  264.724138][ T8717]  ? print_report+0x502/0x550
[  264.728829][ T8717]  check_panic_on_warn+0x86/0xb0
[  264.733787][ T8717]  ? bpf_trace_run2+0xfa/0x540
[  264.738567][ T8717]  end_report+0x77/0x160
[  264.742820][ T8717]  kasan_report+0x154/0x180
[  264.747333][ T8717]  ? bpf_trace_run2+0xfa/0x540
[  264.752092][ T8717]  bpf_trace_run2+0xfa/0x540
[  264.756675][ T8717]  ? arch_do_signal_or_restart+0x51f/0x860
[  264.762478][ T8717]  ? __pfx_lock_release+0x10/0x10
[  264.767492][ T8717]  ? __pfx_bpf_trace_run2+0x10/0x10
[  264.772683][ T8717]  ? __might_fault+0xc6/0x120
[  264.777358][ T8717]  ? trace_sys_enter+0x9d/0x150
[  264.782202][ T8717]  __bpf_trace_sys_enter+0x38/0x60
[  264.787308][ T8717]  trace_sys_enter+0xd9/0x150
[  264.791982][ T8717]  syscall_trace_enter+0xf8/0x150
[  264.797004][ T8717]  do_syscall_64+0xcc/0x230
[  264.801503][ T8717]  ? clear_bhb_loop+0x35/0x90
[  264.806177][ T8717]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.812063][ T8717] RIP: 0033:0x7fc01a919959
[  264.816470][ T8717] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  264.836068][ T8717] RSP: 002b:00007ffe35d7a0c0 EFLAGS: 00000293 ORIG_RAX: 000000000000000f
[  264.844473][ T8717] RAX: ffffffffffffffda RBX: 0000000000000054 RCX: 00007fc01a919959
[  264.852439][ T8717] RDX: 00007ffe35d7a0c0 RSI: 00007ffe35d7a1f0 RDI: 0000000000000011
[  264.860406][ T8717] RBP: 00007ffe35d7a6cc R08: 0000000000000000 R09: 7fffffffffffffff
[  264.868369][ T8717] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
[  264.876333][ T8717] R13: 000000000003ecfe R14: 000000000003ecfe R15: 00007ffe35d7a720
[  264.884302][ T8717]  </TASK>
[  264.887560][ T8717] Kernel Offset: disabled
[  264.891869][ T8717] Rebooting in 86400 seconds..