last executing test programs:

3m40.212495104s ago: executing program 1 (id=325):
syz_clone3(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xcac2d78a}}, 0x0, 0x0, 0x3f, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8)
r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x8, 0x0, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
close(r3)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, 0x0, 0x0)
writev(r1, 0x0, 0x0)
close(r1)
syz_open_dev$dri(&(0x7f0000000080), 0x103, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r4, 0x29, 0x41, 0x0, 0x0)

3m38.786425657s ago: executing program 1 (id=327):
socket(0xa, 0x3, 0x3a)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
syz_emit_ethernet(0x6e, &(0x7f0000000340)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @mcast1, @loopback={0x0, 0xffffac1414aa}, [], "1e520b4c951ee12e"}}}}}}}, 0x0)

3m38.781327962s ago: executing program 1 (id=329):
r0 = socket(0x40000000015, 0x5, 0x0)
getpeername$packet(r0, 0x0, 0x0)

3m38.697674089s ago: executing program 1 (id=330):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file2\x00', 0x400410, &(0x7f00000001c0)={[{@nodiscard}, {@nocheckpoint_merge}, {@fault_type={'fault_type', 0x3d, 0x7fff}}, {@inline_data}, {@flush_merge}, {@fault_injection={'fault_injection', 0x3d, 0x4ee}}, {@acl}, {@noacl}, {@compress_cache}, {@alloc_mode_def}, {@noextent_cache}, {@grpjquota}, {@checkpoint_diasble}]}, 0x4, 0x550c, &(0x7f00000089c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DKJjT9WPRWdRc/sEtZ9eBJ0yQN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmYmuvUDhKaN3f5+MHnmffPmmecNy8IzUxLAuTWf/PJTKW7ElYiYjYjrEdl5qTgy63l4LiJuRsTMY0epmP9j4mJEXI2IG6Pkec5S8dZnt4e31n588+evv7104drnX303vV0D0/Z8RHR38vP9bh7TVh4fFvO1YTuL3dVhEfM3uo+KcZrH/eZWlmG/Nl5Xy+JKK1+f7uz1R3G7U6uPYqu9nc3v9PIL9oetcZ7sAw9ru9m40dzKYrufZrF1mNd1cJj/33bYH+R5GkW+D7P0MRiMYz7fPGjm+9l5lMV6b1DM53nTRvNgFIdFLC4X9bTTyOrYOs43/f/2Vru3d5AMm7v9dtpL1irVFyvVO+XqbtpoDpqr5Vq3cWc1WWh1RsvKg2atu95K01anWamn3cVkoVWvl6vVZOFuc6td6yXVamWlslReWyzObiev3X836TSShVF8pd3bG7Q7/WQ73U3yTywmy5WVlxaTW9Xk7Y3NZPPBvXsbm++8f/e9+y9vvPFqsehvZb0Qy0vLy+XqUnm5uniO9v9xUXSyMLH9w7GUpl0AwNmj/wem4eT6/90HESff/4f+fyLOVP87LmuC/e953z8ci/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODc+n7ui9ezk/l8fK2Yf6qYeqYYlyJiJiJ++wezcfFIztkiz9y/rJ/7Sw3flCLLMLrGpeK4GhHrxfHr0yf9LQAAAMCT68uPbn6ad+v5y/y0C+I05TdtZq5/MKF8pYiYm/9hQtlmRi/PTihZ9u/7QhxMKFt2A+vyhJLlt9wuTCrbfzJ7JFx+LJTyMHOq5QAAAKfiaCdwul0IAAAAp+mTaRfAdJRi/Chz/Cw4+8v7Px8IXjkyAgAAAM6g0rQLAAAAAE5c1v/7/T8AAAB4suW//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzv3cJg5EcQB+Nnhh/2nRau/byt6gjC1hj3uMKCBNUEAOpIU0QA3klhIiiPA4BCIOkTy2lej7JGcylvnxBsFhZqQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALt1X68Xt1e/rtjm7fTt5RgMAAABcsq3Wi/qfWep/be5/b279bPpFRJQRcWnuPopPZ5mjJqd6ef7m9PnqVQ13EXXC4T0mzfUlIv401+OPrj8FAAAA+Lg2y9U8zdbTn9nQBdGntGhTfvubKa+IiGr2kCmtPOT9yhRWf7/H8T9TWr2ANc0UlpbcxrnS3qT+uR9X7aYnTZGa8uLLjkVmGzsAANCj0VnT7ywEAACAPv0bugCGUcTzVuZxK3CSmmZ77/NZDwAAAHiHiqELAAAAADpXz/97Ov9v7/w/AAAAGEY6/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAubav1YrNczdvm7Pbt5BkNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwxP68o0AIhEEY7F3fmcz9DysNmpqaVIHw8TcGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fzGkcVBwD8zc7OxlbFNcoeIqLgQS92u62tvYkHJXjwTxBCuq2xW3+0OdhSxFy8Sc69iB5FBCXe+j/0nEAu8ZbDHiJ4jszszO7kB7j+6Mwm+XzgzfvuMMz7vlkI+c57CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBh+O4kjtNDexQ38nObew+W037rUJ96tL69kLY0jqpM+mR4ufwh6ozDvTqSAQAA4GyIi/o+hLCTbCymfaOd1f9JcU1a83//7Cgu6vnDdX/RF7V/2n77dffF8UDt0TjpTW+sDPoXj6bSfHKznG3P/e0VzezJZ+9e4uwLaXyw9sIwyZ5n9O3jx++1snCuimwBgH/jQtHnQfH7UNr36kwMgDOjWSq8i/o/btebEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAVhmvh6SKOQggLzUmc2tp7sHxc/2h9e6FoVx8+XA9fT+6Z3iIJIdxYGfQvVjqb2Xb33v1bS4NB/071wSshhLpGfyef/q2Pprg4hFqej+D/Cfbn8i97RvI5IUGNP5QAADiVkryldf1OsrGYnovmQ9j/4WD9/3opDlPW/7sfX90sj1Wu/3uVzXD2dVdvf969e+/+myu3l272b/Y/fetS7+3e5WtXrlzrZu9Kut6YAAAA8N+08lau/xvzR9f/z5fiMGX9/8V3va/KY8Xq/2NNFv3qzgQAAOBse/7VP/+IjjkftVrhy6XV1Tu90XH8+dLoWEOq/9hc3sr1fzxfd1YAAABAFYZr0YH1/+ulOEy5/v/Mjy/9XL5nHEI4l6//X1j+bHC9uunMtCr+nLjuOQIAAFCvc3krr/8n2f7/xnjLQyOE8MZrozj/N4BT1f/x+9/8VB6rvP//cnVTnEmNzuh5ZH0nhGan7owAAAA4zZ7KW1rs/55sLH7yy/kPW/b/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFTtrwAAAP//RAE/8A==")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x200a017, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

3m37.435527763s ago: executing program 1 (id=337):
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0xd20edd2672d2d9b0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r0)
sendmsg$GTP_CMD_ECHOREQ(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r2, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_LINK={0x8}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @broadcast}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44001}, 0x20040010)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
open(&(0x7f0000000280)='.\x00', 0x20000, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='attr\x00')
fchdir(r4)
getresuid(&(0x7f0000000300), &(0x7f0000002380), &(0x7f00000023c0))
write$cgroup_int(r3, &(0x7f00000000c0)=0x1c3, 0x12)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x6a, 0x7c, 0xc9, 0x40, 0x45e, 0x284, 0x3fcb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe, 0x72, 0x78}}]}}]}}, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, 0x0)
fcntl$notify(0xffffffffffffffff, 0x402, 0x8)

3m36.652884439s ago: executing program 1 (id=348):
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108)
close(r0)
r1 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0x100, @remote}}}, 0x108)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101})

3m36.496052472s ago: executing program 32 (id=348):
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108)
close(r0)
r1 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0x100, @remote}}}, 0x108)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101})

2m23.343696837s ago: executing program 2 (id=1314):
timer_create(0x2, &(0x7f0000000140)={0x0, 0x12, 0x2}, &(0x7f0000044000)=<r0=>0x0)
rt_sigaction(0x12, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff, {[0x400]}}, 0x0, 0x8, &(0x7f0000000180))
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1008413, &(0x7f0000000000)={[{@noblock_validity}, {@barrier}]}, 0x0, 0x517, &(0x7f00000000c0)="$eJzs3c9vG1kdAPDvOHG2adJNFjjASuwu7KK0gtrJRrsb9VCKhOBUCSj3EhIniuLEVey0TVTRVPwBSAgBEie4cEHiD0BClbhwREiV4AwCBELQwgEk6CDb4zR17CS0rp0mn480nffDM9/33M543sx0JoBT60o2PU7T9EJETGTluWz6ZD2zE/FWRDx6eGehPiWRptf+lkSSlbXWlTa8EmPNRRor+MoXI76e7I9b3dpenS+XSxtZvlhbu1Gsbm1fXFmbXy4tl9ZnZ2fen/tg7r256efp3tJYljgXEZc//6fvfuvHX7j888/c+v31v5z/RtJs8932fvx/hg+sbX6f+TjTtsjGswU7lob3JkaPtsy97J8IAAD9VT8u/VB2nH8hJmLokONZAAAA4OWTfnY8/pO0rt3tM9KlHAAAAHiJ5CJiPJJcIbvfdzxyuUIhGvfwfiTO5sqVau3TS5XN9cV6XcRk5HNLK+XSdHZv62Tkk3p+ppF+kn+3LT8bEa9FxHcmRhv5wkKlvDjokx8AAABwSoy1jf//OdEc/wMAAAAnzOSgGwAAAAC8cMb/AAAAcPIZ/wMAAMCJ9qWrV+tT2nr/9eLNrc3Vys2Li6XqamFtc6GwUNm4UViuVJYbz+xbO3Blu68OXN+8XayVqrVidWv7+lplc712feXpV2ADAAAA/fPam/d/m0TEzqXRGL002igb2VP/7+w9AQNrIPDC7J6yiySbj+z/0O9ebc7/2KdGAX0xNOgGAAMzPOgGAAOTH3QDgIFLDqnvevPOr7L5J3rbHgAAoPemPvbk+v9O2/X/3IFL7hxcDRx7NmI4vVz/h9Orcf2/wy1/HTlYgBMl7wgATr3nvv5/KP+HCAAABm28MSW5QnZ6bzxyuUIh4lzjtQD5ZGmlXJqOiFcj4jcT+Vfq+ZnGksmhYwYAAAAAAAAAAAAAAAAAAAAAAAAAoClNk0gBAACAEy0i9+fkF81n+U9NvDPefn5gJPnXRGSvCL31g2vfuz1fq23M1Mv/vlte+35W/u4gzmAAAAAA7Vrj9NY4HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB66dHDOwutqZ9x//q5iJjsFH84zjTmZyIfEWf/kcTwnuWSiBjqQfydexHx0U7xk3qzdkN2ij/64uPHZPYtdIo/1oP4cJrdr+9/rnTa/nLxVmPeefsbjngq/6y67/9id/831GX7P3fEGK8/+Gmxa/x7Ea8Pd97/tOInXeK/fcT4X/vq9na3uvSHEVMdf3+Sp2IVa2s3itWt7Ysra/PLpeXS+uzszPtzH8y9NzddXFopl7I/O8b49sd/9vig/p/tEn/ykP6/c8T+//fB7YcfbibzneKff7tD/F/+KPvE/vi57LfvU1m6Xj/VSu8003u98ZNfv3FQ/xe79P+wv//zR+z/hS9/8w9H/CgA0AfVre3V+XK5tHFiE/VR+jFohsQxTNzdX/VmdF0qSQ5eYZqmaX2beo6GJd2j9yeR7JYMes8EAAD02pOj/0G3BAAAAAAAAAAAAAAAAAAAAE6vfjxXrD3mzm4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuJ/AQAA//8fp+fv")
timer_settime(0x0, 0x1, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_settime(r0, 0x1, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)

2m23.261516405s ago: executing program 2 (id=1315):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1000400, &(0x7f00000000c0), 0x6, 0x588, &(0x7f0000000300)="$eJzs3U1sHFcdAPD/TOzsOnGaFHooCGgohYCirmOnjapeWi5IUFUgFU49pNZ6Y0VeZyPvutTGB+fEgSsSlTjBhQsnDpU4IPWEuHKDG5dyQCooAtVICE01491kd7ObbOOPie3fTxrte/P1f2/kfeN5szMvgBPrYkRsR8TpiHgnIs5HUsxPulO8vjvl631yd6u+c3ernkSWvfWvqe4etuq99XvORsRPR8Sq9KXbG5sri81mY62bn+us3p5rb2y+eHN1cbmx3Li1sHBt/tqVV66+vLBvdX1u9Xcff+fmGz/6w++//NGft7/1k7zMr3WX5XXrWzXJsmzvAV/rHZfpmO3OSiMiP3Jv7H3vT4RT3fqcLrsgPJb87/FzEfF8N31PtbwyAQAHK8vOR3a+P39fOpDLsmTEOgDA0ZNf889Gkta61/+zkaa1WtGHV30mzqTNVrtz+UZr/VbS6+KbTm/cbDauFH2FEZWYTvL8fERcKKbd/MJQ/mpEPB0RP6/MFPlavdVcKuU/HgDg7ND5/z+V/PxfmWRTdwgA4ChzJgeAk+fB8/90KeUAAA6P638AOHn6zv8T3fkHAI6+6tCz/yNlyaGUBQA4HCP7/98+dz/9bDL0ii8A4Khz/x8ATpQfvPlmPmU7WVK8/3rp3Y31lda7Ly412iu11fV6rd5au11bbrWWi3f2rI7YxZ3+TLPVuj3/Uqy/N9dptDtz7Y3N66ut9Vud68V7va83PFgAAOV7+rkP/5pExParM8UUvbEcHv2DAOCISyNmyi4DUI5TZRcAKM1U2QUASqM/HnjUj3tH/kRoJiLeH7+NjgV4sl36wpj+/+H/DQbvB/x/H0bHBkrW/VrrBoATaG/9/3oP4Ch7+Infg0FwnGVZYjx/ADhhJriC9xNBOOYe6/4/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnHCzxZSkte5Y4LORprVaxLmIuBDTyY2bzcaViHgqIv5Sma7k+fmyCw0A7FH6j6Q7/tel8y/MDi89nfy3UnxGxI9/+dYv3lvs9IYOvDe/834xv7O2MDJA5eDrAAD0mRqe0TtPF599F/Kf3N2q96bDLODH394dXDSPu3N3q35/POKpbuGrkc878+9koDLJPg1MvH0nIp4drn96b/mF7sinw/Hz2OcOLH4UNZwdiD/4b1RaLNv9zI/F52cmjLcPZYbj4sO8/Xl91PcvjYvFZ/f7NzXYmFbjZw82ro+h1/7tZLvt305f/Hz/3z9XLdqaUe3fxUljvPTH745ddudU9sWpiF7snb72Z1e1SI2K/8KE8f/2pa88P+5gZb+KuBQPi7+bmuus3p5rb2z+9nsf/Gm5sdy4tbBwbf7alVeuvrwwV/RRz/V6qh/0z1cvPzW+/hFnxsSvPqL+X5+w/r/+3ztvf/Uh8b/5tVHx03jmIfHzc+I3Ym2i+ItnPhg7fHcef2lM/acG4p8e2C6fd3l4Z2P+ID/6++bSRAUFAA5Fe2NzZbHZbKxNkkhjc2Wxd6E58VYDiZnH2mrCRBzYnkcnpgcOQvWgYp0ds+g3n3mH03Gox2ffEnc+w8qVcop6Kpq9/qhHrtxdb3svQbNsD2W+OME6JTVIwKG5/6UvuyQAAAAAAAAAAAAAAMA47R92X/m3zw9F9T8MV3YdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOL4+DQAA//+T6cce")

2m23.179980469s ago: executing program 2 (id=1316):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000006500)={0x24, 0x14, 0x1, 0x0, 0x0, {0x11}, [@INET_DIAG_REQ_BYTECODE={0xd, 0x1, "e06d29dc9e5c86f8c8"}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040011}, 0x0)

2m23.179672838s ago: executing program 2 (id=1317):
r0 = syz_open_dev$cec(&(0x7f0000000d00), 0x0, 0xc2b02)
ioctl$CEC_ADAP_G_LOG_ADDRS(r0, 0x805c6103, &(0x7f0000000300))
r1 = syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000140)='./file1\x00', 0x1000c01, &(0x7f0000000040)=ANY=[], 0x5, 0x811, &(0x7f0000002380)="$eJzs3U1sHHcVAPA3rp04jkirgkoUpekkKVIiUndtty5WD2W7HjvT2rvW7holqlAbNU6J4vRTVWmEaHNpASEhThxLOVa99AZCAokDcEKiBy4ckCr1hAoCCYEAyWhnd+O1Y6/z5Vi0v5/Vndn/vJl5/9npvJ3NzmwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJFUpkulsSTm8uriqXRzlel6bb7P9O7yfrlm0Ge9EUnrvxgejv3tpv1fWJ18T+vhSBxsPzsYw63BcFzae89dj35+cKA7f5+EbtThzScN9T5JIt5sJXXhzPLy0svbkMht9L2fd0aGexp3RfTZvv9aaT3OZtW8Ucvny7NZmjdq6dTkZOnBkzONdCafyxqnG81sPq3Us3KzVk+PVY6nY1NTE2k2erq2WJ2dLs9l3cZHHhgvlSbTJ0YXsnK9Uas++MRoo3Iyn5vLq7NFzHjptWjFPNLaEZ/Mm2kzK8+n6bnzy0sTW/WuFTS2pmX3mo4dvP+uj1/96O/nl1o75GYLSTo75vjY2Pj42OTDUw8/UioNjpfG1zaU1okrETEQ0YrYlp2WnbV3g7bBzh5z1YSIlTtvzcEbbtJAp/7HXORRjcU4FWmkMVA8rv4NRSWmox61mG89/8PQuulpdA6Q3fr/pQf/8rt+6+2t/90qv3918oEo6v+h9rNDm9X/q7K4/r+xO681svp+O5vetlfi9bgUF+JMLMdyLMXLN5LDrvVL3ca/gVu7vNnIohp5NKIWecxHuWhJOy1pTMVkTEYpno6TMRN7Io2ZyGMusmjE6WhEM7Jij6pEPbIoRzNqUY80jkUljrdenZiKqZiINLIYjdNRi8WoxmxMR7lYyrk4X2z3iXV53fPtZ3723O8/fqc1fiVorE9HktabuVbQ3/oEXVXur6P+dyPU/0+b4c4x61rjb+nxG27GSlH/B699hv/8ZDvTAQAAALZBUnz6nkTEUNxbjM3kc9lTO50WAAAAcAsVX9s72BoMtcbujaR1/l/aIPLD254bAAAAcGskxTV2SUSMxH3tse7lUht9CAAAAAD8Hyr+/f9QazAS8UbR4PwfAAAAPmW+s9k99j/a1bnHbmNhd/KLv0a9PpRcXrkyX/niHe2RzuBrV6Y0Zw4k+zoLKQaTg5f2JhExWMkOJt27X/53d3v4SfF4YPUGhJvd6z8pElg4dX9ysbxRAtE/geJZfD8Ot2MOn20Pz3antNcyMpPPZaOV2tyjY0nnw5Hmq8+f/2YU3f9udX5fEufOLy+NPvvC8tkil8utpVy+2Ln7cdKdK6J9QUWfXFY6WyDu3bjHQ8WFGJ31jrTXW+rt/0B79oH+/U961/lWHGnHHBlpD0fW9n+4tc6x0UfHolzeN9DMTjVfXenpfSeLsXbP31zT8+t4Fd6Ko+2Yo8eOtgcbZDG+Jovnr85ivHf7X9u2uOYs3jn8xql//LqWZBNbZTFxk1kA7JRzxV1/VqvQnqIK/XulrVXQ1tXdPd05r+cod271XUZ3/p5aNxhXVff0Rqr7W3GsHXOs/X5i8MAGdaW0wRH9xfMv/qZzRH/ovR/9+OuHfvvBurp+HVm8F8fbMZ1B3P2rTWpsfeXO5BtPra2q77bmeHfT9TbmxpO4o7URix8fiksPnL945rml55aeHx+fmCw9VCo9PB5DxVuFzmCTTFUegM+2Pr+x0yq9yQffuhK62a/wJA9tcVZ995WvFIzGs/FCLMfZOFFcbRAR92281JGeryGc2OKsdaTnF15ObHFuuRo7vj5299Ek9kbEBrETPVvsiz8sBv/cphcEAG6DI1vU4aT7DuG1z3XmWBdxR5Kc2OK8e20tP94+d+2eHcfmtXwjX9nm7QEAnwVZ/ZNkpPl2Uq/nC0+PTU2NlZsns7ReqzyZ1vPp2SzNq82sXjlZrs5m6UK91qxVuh8dT2eNtLG4sFCrN9OZWj1dqDXyU8Uvv6edn35vZPPlajOvNBbmsnIjSyu1arNcaabTeaOSLiw+Ppc3Tmb1YubGQlbJZ/JKuZnXqmmjtlivZKNp2siynsB8Oqs285k8G0rzarpQz+fL9csRMbc4n6XTWaNSzxeatfYCu+vKqzO1+nyx2NEi7Zd6u//nndjmALDTXnn90oUzy8tLL9/YyB+vJXin+wgArLVBld6zowkBAAAAAAAAAAAAAABXufpyvVbrmpbh6H+R31Dc8OWDr+yOm7n68NM38uX32y/LzS/wvpduZjl7YnnXasuuzs6y89vnukeeeeyxC6styWDv5n38jf0n/5RFt3d9lrPx/ykbXer69r6IXT/9Qbvlq5sEJ4O3uKcfRsQNzL6S9Im5/cciAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjK/wIAAP//BPFR5w==")
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
futex_waitv(0x0, 0x0, 0x0, 0x0, 0x1)
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x800)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r3 = epoll_create1(0x0)
clock_gettime(0x0, &(0x7f0000000100)={<r4=>0x0, <r5=>0x0})
ioctl$VIDIOC_QUERYBUF_DMABUF(r2, 0xc0585609, &(0x7f0000000280)={0x0, 0x2, 0x4, 0x8, 0x2, {r4, r5/1000+10000}, {0x4, 0xc, 0x5, 0x1, 0x6, 0xff, "0be8c911"}, 0x90e5344, 0x4, {<r6=>0xffffffffffffffff}, 0xe, 0x0, r1})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r6, &(0x7f0000000040))
r7 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
getsockopt$netrom_NETROM_N2(r7, 0x103, 0x3, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r2, &(0x7f0000000c40)={0x8000203d})
pipe2$9p(&(0x7f0000000240)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r9, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r10 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r10)
ptrace(0x19, r10)
r11 = dup(r9)
read$FUSE(r11, &(0x7f0000004c00)={0x2020, 0x0, <r12=>0x0, 0x0, 0x0, <r13=>0x0}, 0x2020)
write$FUSE_BMAP(r11, &(0x7f0000000000)={0x18, 0x0, r12, {0xfffffffffffffffc}}, 0x18)
write$FUSE_DIRENTPLUS(r11, &(0x7f0000000440)=ANY=[@ANYBLOB="b0"], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r8, @ANYBLOB=',wfdno=', @ANYRESHEX=r11, @ANYBLOB=',directio,access=user,cache=mmap,vession=9p2000,cache=none,version=9p2000.u,obj_type=trans=fd,,\x00'])
newfstatat(0xffffffffffffff9c, &(0x7f0000000e80)='./file1\x00', &(0x7f0000000f00), 0x800)
r14 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x200, 0x20, 0xa}, 0x18)
kcmp(r13, r10, 0x0, r9, r14)

2m23.111215249s ago: executing program 2 (id=1319):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xc0}}, &(0x7f0000000080)='GPL\x00', 0xf, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)

2m22.791776738s ago: executing program 2 (id=1326):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000980)={0x98, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa, 0x0, 0x2}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @broadcast}}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_NAT_SRC={0x4}]}, 0x98}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={0xc0, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x2c, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @dev={0xfe, 0x80, '\x00', 0x31}}, @CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4040081}, 0x0)

2m22.724072647s ago: executing program 33 (id=1326):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000980)={0x98, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa, 0x0, 0x2}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @broadcast}}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_NAT_SRC={0x4}]}, 0x98}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={0xc0, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x2c, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @dev={0xfe, 0x80, '\x00', 0x31}}, @CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4040081}, 0x0)

41.465392635s ago: executing program 4 (id=2830):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x2)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0xfffffffe, 0x8}}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newtfilter={0x24, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xfff1, 0x4}}}, 0x24}}, 0x0)

41.465209073s ago: executing program 4 (id=2831):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10, 0x0, 0x0, &(0x7f0000000600)=[@rdma_map={0x24, 0x114, 0x3, {{0x0}, 0x0, 0x31}}], 0x30}, 0x0)

41.403662536s ago: executing program 4 (id=2834):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x2, 0x9, 0xfd, 0x2, 0x2, 0x0, 0x70bd28, 0x27dfdbfb}, 0x10}}, 0x44804)

41.264086199s ago: executing program 4 (id=2839):
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r1=>0x0})
sendto$packet(r0, 0x0, 0x0, 0x200068c0, &(0x7f0000000180)={0x11, 0x888e, r1, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f0000000240)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@stripe={'stripe', 0x3d, 0x4000}}, {@errors_remount}, {@max_batch_time={'max_batch_time', 0x3d, 0x4}}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r2, &(0x7f0000006b40)={0x2020}, 0x206e)

41.079744287s ago: executing program 4 (id=2845):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r0, 0x0)
ioctl$SIOCX25SFACILITIES(r0, 0x89e3, &(0x7f0000000000)={0x67, 0x1, 0x8, 0x2, 0x10, 0x7f})

40.74526931s ago: executing program 4 (id=2853):
r0 = socket(0x2, 0x5, 0x0)
getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000280), &(0x7f00000001c0)=0x9)

40.628960317s ago: executing program 34 (id=2853):
r0 = socket(0x2, 0x5, 0x0)
getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000280), &(0x7f00000001c0)=0x9)

1.091405028s ago: executing program 3 (id=3533):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0)
recvmmsg(r0, &(0x7f00000010c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/153, 0x99}, {&(0x7f0000001c40)=""/4096, 0x1000}], 0x2}, 0x7}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000004c40)=""/4096, 0x1000}, {&(0x7f00000008c0)=""/229, 0xe5}, {&(0x7f0000000240)=""/105, 0x69}, {&(0x7f00000000c0)=""/17, 0x11}, {&(0x7f0000001600)=""/117, 0x75}, {&(0x7f0000003c40)=""/4084, 0xff4}, {&(0x7f0000000380)=""/158, 0x9e}], 0x7}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x5}], 0x5, 0x40008022, 0x0)

1.03137349s ago: executing program 3 (id=3534):
r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$restrict_keyring(0x1d, r0, 0x0, 0x0)
keyctl$get_persistent(0x16, 0x0, r0)

969.334598ms ago: executing program 0 (id=3536):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f00000001c0)={0xa, 0x4e21, 0x80001, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=[@pktinfo={{0x20, 0x29, 0x32, {@private0={0xfc, 0x0, '\x00', 0x1}}}}], 0x20}, 0x0)

969.017894ms ago: executing program 5 (id=3537):
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x0, 0xffffffff})
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)

968.008212ms ago: executing program 3 (id=3538):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000780)=ANY=[@ANYBLOB="020080"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, &(0x7f0000000280)={0x40, 0x30, 0x2, "a9ce"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000980)={0x34, &(0x7f0000000580)={0x20, 0x12, 0x2, "e347"}, 0x0, 0x0, 0x0, 0x0, 0x0})

965.766418ms ago: executing program 0 (id=3539):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000004000000000000000000000850000007a00000095"], &(0x7f00000000c0)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x4}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)
sendmmsg$inet6(r0, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000ac0)="01", 0xfffffe9c}], 0x1}}], 0x2, 0x0)

869.889476ms ago: executing program 5 (id=3540):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @loopback}, @in6={0xa, 0x0, 0xffffffff, @private0}], 0x38)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000000)=[@in6={0xa, 0x4e22, 0x34, @mcast1, 0x5}], 0x1c)

869.659943ms ago: executing program 0 (id=3541):
syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x800800, &(0x7f0000004140)=ANY=[], 0x1, 0x1d1, &(0x7f0000000280)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBguMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xS3vdmlN+Z0566motk2VmaPX8Jo8sJpfaY+QmuZiHgYEhNPXIouLKquzEnJzUouKFDBW3WJMqTp9gYLluf02lWYLT4Y88h0OSpoMO0xEfj6wZjSWck6Q0xdjYMhXOnvkgv45N4wjDoxXMG+s88xrrClOn5qXlJVVlVWXNmzhx48zGzsbGlRProtL8VjG2pLhsaupkZHLYoiawmdlQfZKN9oR37aseJjmw9nj4NZ8yVnqdynzJeGGR1KkVVTMnfFGazWj4neEOT9kKCQ0NJ4krEhYNjA1H6mwbXBkqbiWnNDCkKYQxJqmxibVtOTMnhJmfzW2BQkvyCabQoxxLZ0pYHBCqOvnTUvOtQ6LbjG1PHdjO8Bw+zrOmoE/Q6LgEg9NCwf8yIGMSGhrKNNYyLbVd8KVI46+E12pjpwwGd3umZbAAZWkAkSuhPFmwnoTkFR46mppGKckJDZskEpLcCgyVGbbu4Vwt0MCAFG0qDAwM2xlhcQsB12CMUTAKRsEoGAWjYBSMglEwCkbBKBgFIwIAAgAA///A9Jlq")

811.257448ms ago: executing program 5 (id=3542):
prctl$PR_SCHED_CORE(0x26, 0x1, 0x0, 0x1, 0x0)

810.965572ms ago: executing program 0 (id=3543):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x30, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x18207}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @gre={{0x8}, {0x4}}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x10, 0xfffffffe, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x3, 0xffe0}, {0x0, 0x7}, {0xf, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x44}, 0x40004)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x4000000)

810.855447ms ago: executing program 5 (id=3544):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000180)="0b041400e0ffe2ff02004788001ca13bb100000208007f604803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14)

748.849483ms ago: executing program 0 (id=3545):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x0, 0x0, 0x0, 0x6}, 0x94)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = epoll_create1(0x0)
r1 = userfaultfd(0x80801)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000004c0)={0xb0002016})
epoll_pwait2(r0, &(0x7f0000000280)=[{}], 0x1, &(0x7f0000000300)={0x0, 0x989680}, 0x0, 0x0)

748.525804ms ago: executing program 5 (id=3546):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@setlink={0x48, 0x13, 0x331, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x24604, 0x46001}, [@IFLA_IFNAME={0x14, 0x3, 'dummy0\x00'}, @IFLA_MTU={0x8, 0x4, 0x7}, @IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x2, 0x0, 0x1, {0x4}}]}]}, 0x48}}, 0x20040850)

748.189454ms ago: executing program 0 (id=3547):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000240)='./file0\x00', 0x8c0, &(0x7f0000000100)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c001967b9b8a6cdd636d75428f2c5e8054d01858eef552755576e749526b36860cf2511040d1ce5a743ffd83d29d1ba3a54a59d8c7aa249f08d3c8c6d04ac105d67934db6190d59f2323b55a5a4"], 0x1, 0x442c, &(0x7f00000088c0)="$eJzs3c9PHNcdAPA3A67BtV3s+uBKlbpSLbVqKwQ+tcVSMWBjsKkrt/ahl/UCa5tqYS1Yqhx8IDdLOUXKIcrBSqTcOFlIOTt/Qi45OmdLySGXSJGsEO3sLN4ZdsOGsBBbn89hh3k/v/DdefvmsEycqj1YWissrRVKK4Xqwr21i4X/Vyvry+UQH5K28x87vPnpTi/eJz805icHFjnt3Jy8+u87F0P4dPHzF9vb29uhrj+0Ndry8zdfP1poPTbFYXKg9bw+bvvRDsp/QwjndsVV15fEE0IUQriclk2kx8EQwqm07s6jd+4WDiiap8/Ll4ov5x5vjV2Y3Xyy1fl3j0L4oPKbv9xf/vL3fWNf/OmApgcAAAAAAAAAAAAAAAAA4DU3fevm7X+NjIZnUejfjHZ/X3c6PXb6fuz2gfld739ZAAAAAAAAAAAAAAAAAAAA+Jl69f3/QnS2zff/p9LjeIf+2//ofYz0zsw/b05dGRlNn/8e7ar/a1r01eW+cKbNc9/zz3+/nOvf/vnvu+fZr2Z8zXmHQhQPZ87jeHg4hI/SB7+fj07Elepa7c/3qusriwcWxmsrm/84Kctkp1HUbf7jidz4vX/+/693vZvq53cP7i32Rsvmv69ju4/fjrq6/idz/Q4j/+xfNv/9Sdlga4PxxgJQz/+7/Xvnfyo3fq/yfzqEUIjqsRYyK0B9D1Mv77RfISub/2NJWWbpTP+Qna7/b3P5v5Ib/6jW/438BxFtZfP/i6RsINPiePKa5D/e+/q/mhv/KPJfj3/D539Xsvlv5Dr0Z5okf8lu1//p3Pgd83/8p8V9O07jPB1l3gGbUaO80/+rIyub/4Fd9a/u/+Ku9n/Xcv0P6/6vOW/z/q+5/P8xatz/0V42/4Md23V7/c/k+vV6/R9P9n/sVzb/J5Ky7N55KHntNv+zufF7lf/krmSgmf9X68l3xxvlH9r/dSWb/182CuPWFhvJa7L/i/be/1/PjX8U+796/Btxb2d9U2Tzf7Jju3r+P+vi8/9Grl/v8x/CiL3+vmXzf6pju+T6H9g7/3O5fr3O/x96OTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAa2AiPQ6FKB7OnMfx8HAIk+n5+XAimi8tFucr2f6FcDa6X6nOlyrFpZXqYrlYqlSqCyFcSevPhYForVKtFZdLD6/ujDUYPSiXVmvz5VIthDCdlv82nGqONb9UWy49DCFc26n7VVxdffigtFJcXFr9+8jIyEiY2YnhTFR+q1ZeqTVmb9SGMLvTdyhqCS6pvr4Ty8nof9X11ZVSJSm/0dKnUl0oVVr6zKV174UzUW11fWWhVCsXK9X7zfmO0nh6nJq59Z9bN0Z31d+NGseJww0LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB/p2djf3g8h9DfO4hDCePOHqF37p8/Ll4ov5x5vjV2Y3Xyy9aJTOwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgq7dIyaQBCFAfjNpEjS5RiplqRLuyEQkiIbBE+gx/AwehQv4R0sLGwtRJBd1HUXttHq+5oH8zPzHswDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAY5ntUjf/f3iNSPO0fI5bT1fo8/63r/LP7/sMdZuR2fv6qr9Mfpqv8oz7alPmY7razSXTUxqK1J+19uuzz3DtX3771zdf0fYmUi4go6/w15VwUw94CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHjgUAAAAAhPlbR9G3AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADArwAAAP//TJ8ZlQ==")

670.112154ms ago: executing program 5 (id=3548):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
getrlimit(0x4, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
mount$afs(0x0, 0x0, &(0x7f00000002c0), 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x891c, &(0x7f0000000000)={'ip6tnl0\x00', {0x2, 0x4e22, @empty}})
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/time_for_children\x00')
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$unix(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000190c0)=ANY=[], 0x18}, 0x4000)
r4 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r5, 0xc0205647, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f0000000140)={'pcl711\x00', [0x9e1, 0x2566, 0x2, 0x100000, 0x8, 0x0, 0x5, 0x10, 0x1002, 0x0, 0x1, 0x5, 0x344, 0x1, 0x7, 0x0, 0x8, 0x3, 0x9, 0xe, 0x100, 0x1003, 0x8, 0xa, 0x5, 0x1, 0xb0c4, 0x7df, 0xd, 0x400007, 0x6]})
pipe2$watch_queue(0x0, 0x80)

290.83377ms ago: executing program 3 (id=3549):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000140)={0xc, "1803c809800000000800000000000000000000000000d63175876b4c69a600", <r1=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x16c, "fa02c80a3a1e38dd031dd7504fe580963900", <r2=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45b00e4f5b53e0ca34dd02acecdc67c5e3126628168", r1, <r3=>0xffffffffffffffff})
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000000)={0x6, "34e6498c25f58dad9987ffe93bbabd18cf504a2700", <r5=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f00000000c0)={"0e337b42cc00d331ff0007000000000000001a00", r5, <r6=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000200)={"130f2672af9ee0452321864922cd3bebd7f9cec5064e58445f1268334b4900", r6})

90.509485ms ago: executing program 3 (id=3550):
syz_mount_image$minix(&(0x7f0000000040), &(0x7f0000000100)='./file1\x00', 0x42, &(0x7f0000000540)=ANY=[], 0xd, 0x1a4, &(0x7f0000000640)="$eJzs271u2lAUwPFj7GKgX7S0HapKRerQLsVAW6Ru7aNQcBGqaaKQBcRA8gJ5hrxfGKIsmULk648oBoNCAIP8/w3Y3HM/zgWudIRkAZBav6QsmmiScd98yBXPSlrSKQHYkql/vZkCSB/92ruWk04EwJZNfouq/S8uRy3Rs2FdENy58XEQz5gz9cPkROS94ce1nOSj9cW5yOdgvFaIDr9yWwph/GkknFXzf/kUrP9MnssLeSlFeSWvpeSv3w7Hv3to+TO7IQAAUkCTyrJ4TIcn6jUvf7uOXVU9I/58V73ceC12/qyK1xfG9Y/x+ZlqfKV14LQX7gPArMzK59+jh+d/PmPJ+QeQnP5g+K/pOPbRDtzk7uczNUU2uKi5C1ve3xtToi3GWmbOx4ZOZV7I/dGsc18j/2Bs9jMcR1vcajrJ79TwVtf9NPhfDEgB67h3aPUHw6/dXrNjd+z/9Wr1Z+PHt1qjbqnK3lpc3wPYX3dlQNKZAAAAAAAAAAAAAACAVb2Rt0mnAAAAAGBLlj4YJIbX8REPGCW9RwAAds5tAAAA//8YBw3V")
pipe(0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000000))

0s ago: executing program 3 (id=3551):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r1 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000080)={{{@in6=@local, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, 0x3, 0x4e20, 0x0, 0x2}, {0x0, 0x15000000000000, 0x0, 0x1, 0x8001, 0x7, 0x0, 0xd3d}, {0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x1, 0x1}, {{@in6=@loopback, 0x4d6, 0x3c}, 0xa, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x1}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)

kernel console output (not intermixed with test programs):

 mds server is up or the cluster is laggy
[  154.810083][ T8686] new mount options do not match the existing superblock, will be ignored
[  155.221762][ T8683] loop0: detected capacity change from 0 to 131072
[  155.228267][ T8683] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0)
[  155.231515][ T8683] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  155.319736][ T8683] F2FS-fs (loop0): invalid crc value
[  155.448880][ T8708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1127'.
[  155.468955][ T8683] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  155.746490][ T8683] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  155.749726][ T8683] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  156.765315][ T8748] netlink: 'syz.2.1146': attribute type 10 has an invalid length.
[  156.769456][ T8748] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1146'.
[  156.773331][ T8748] dummy0: entered promiscuous mode
[  156.782303][ T8748] bridge0: port 3(dummy0) entered blocking state
[  156.787737][ T8748] bridge0: port 3(dummy0) entered disabled state
[  156.798535][ T8748] dummy0: entered allmulticast mode
[  156.803070][ T8748] bridge0: port 3(dummy0) entered blocking state
[  156.805987][ T8748] bridge0: port 3(dummy0) entered forwarding state
[  157.015776][ T8760] raw_sendmsg: syz.3.1152 forgot to set AF_INET. Fix it!
[  157.291840][ T8770] loop2: detected capacity change from 0 to 32768
[  157.296488][ T8770] read_mapping_page failed!
[  157.299146][ T8770] diRead: diIAGRead returned -5
[  157.742365][ T8775] loop2: detected capacity change from 0 to 32768
[  157.745358][ T8775] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1158 (8775)
[  157.750942][ T8775] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  157.754081][ T8775] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[  157.757008][ T8775] BTRFS info (device loop2): disk space caching is enabled
[  157.759324][ T8775] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  157.779528][ T8775] BTRFS info (device loop2): rebuilding free space tree
[  157.786368][ T8775] BTRFS info (device loop2): disabling free space tree
[  157.789316][ T8775] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  157.792304][ T8775] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  157.815555][ T8775] BTRFS info (device loop2): balance: start -d -m
[  157.831992][ T8775] BTRFS info (device loop2): relocating block group 6881280 flags data|metadata
[  157.864498][ T8775] BTRFS info (device loop2): balance: paused
[  157.890533][ T5852] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  158.075566][ T8795] netlink: 'syz.2.1159': attribute type 21 has an invalid length.
[  159.692247][ T8811] loop0: detected capacity change from 0 to 40427
[  159.705572][ T8811] F2FS-fs (loop0): invalid crc value
[  159.735830][ T8828] tipc: Invalid UDP bearer configuration
[  159.735863][ T8828] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  159.781973][ T8811] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  159.786173][ T8811] F2FS-fs (loop0): Start checkpoint disabled!
[  159.796008][ T8811] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  159.892627][   T40] kworker/u10:2: attempt to access beyond end of device
[  159.892627][   T40] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  159.899360][   T40] CPU: 1 UID: 0 PID: 40 Comm: kworker/u10:2 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  159.899382][   T40] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  159.899421][   T40] Workqueue: writeback wb_workfn (flush-7:0)
[  159.899444][   T40] Call Trace:
[  159.899451][   T40]  <TASK>
[  159.899459][   T40]  dump_stack_lvl+0x189/0x250
[  159.899481][   T40]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.899498][   T40]  ? __pfx_queue_work_on+0x10/0x10
[  159.899511][   T40]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  159.899529][   T40]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  159.899557][   T40]  f2fs_handle_critical_error+0x37c/0x540
[  159.899584][   T40]  f2fs_write_end_io+0x886/0xb60
[  159.899619][   T40]  __submit_merged_bio+0x27a/0x6a0
[  159.899645][   T40]  __submit_merged_write_cond+0x255/0x530
[  159.899671][   T40]  f2fs_write_data_pages+0x261d/0x3000
[  159.899725][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  159.899758][   T40]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  159.899807][   T40]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  159.899826][   T40]  ? look_up_lock_class+0x74/0x170
[  159.899854][   T40]  ? trace_f2fs_writepages+0x7f/0x200
[  159.899879][   T40]  ? f2fs_write_node_pages+0x478/0x6e0
[  159.899903][   T40]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  159.899936][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  159.899957][   T40]  do_writepages+0x32e/0x550
[  159.899981][   T40]  ? reacquire_held_locks+0x127/0x1d0
[  159.899996][   T40]  ? writeback_sb_inodes+0x384/0x1010
[  159.900022][   T40]  __writeback_single_inode+0x145/0xff0
[  159.900040][   T40]  ? do_raw_spin_unlock+0x4d/0x240
[  159.900061][   T40]  writeback_sb_inodes+0x6c7/0x1010
[  159.900105][   T40]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  159.900164][   T40]  ? rcu_is_watching+0x15/0xb0
[  159.900187][   T40]  wb_writeback+0x43b/0xaf0
[  159.900214][   T40]  ? queue_io+0x3d1/0x590
[  159.900234][   T40]  ? __pfx_wb_writeback+0x10/0x10
[  159.900260][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[  159.900282][   T40]  wb_workfn+0x409/0xef0
[  159.900311][   T40]  ? __pfx_wb_workfn+0x10/0x10
[  159.900331][   T40]  ? __lock_acquire+0xab9/0xd20
[  159.900361][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[  159.900381][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[  159.900421][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[  159.900434][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[  159.900449][   T40]  process_scheduled_works+0xae1/0x17b0
[  159.900493][   T40]  ? __pfx_process_scheduled_works+0x10/0x10
[  159.900524][   T40]  worker_thread+0x8a0/0xda0
[  159.900566][   T40]  kthread+0x711/0x8a0
[  159.900587][   T40]  ? __pfx_worker_thread+0x10/0x10
[  159.900600][   T40]  ? __pfx_kthread+0x10/0x10
[  159.900618][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[  159.900635][   T40]  ? lockdep_hardirqs_on+0x9c/0x150
[  159.900651][   T40]  ? __pfx_kthread+0x10/0x10
[  159.900670][   T40]  ret_from_fork+0x3fc/0x770
[  159.900687][   T40]  ? __pfx_ret_from_fork+0x10/0x10
[  159.900710][   T40]  ? __switch_to_asm+0x39/0x70
[  159.900725][   T40]  ? __switch_to_asm+0x33/0x70
[  159.900741][   T40]  ? __pfx_kthread+0x10/0x10
[  159.900758][   T40]  ret_from_fork_asm+0x1a/0x30
[  159.900791][   T40]  </TASK>
[  159.900798][   T40] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  160.256277][ T8839] loop2: detected capacity change from 0 to 32768
[  160.261499][ T8839] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1179 (8839)
[  160.273916][ T8839] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  160.282903][ T8839] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  160.286280][ T8839] BTRFS info (device loop2): using free-space-tree
[  160.435599][ T8866] loop0: detected capacity change from 0 to 1024
[  160.443364][ T5852] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  160.552753][ T4071] hfsplus: found bad thread record in catalog
[  161.020561][ T8880] loop2: detected capacity change from 0 to 32768
[  161.043716][ T8880] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  161.063092][ T8880] XFS (loop2): Ending clean mount
[  161.241683][ T5852] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  161.392842][ T8910] loop2: detected capacity change from 0 to 128
[  161.403945][ T8910] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  161.411474][ T8910] ext4 filesystem being mounted at /378/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  161.440680][ T5852] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  162.351497][ T8914] syz.2.1201 (8914): drop_caches: 2
[  162.431385][ T8929] netlink: 'syz.2.1208': attribute type 1 has an invalid length.
[  162.583589][ T8937] tmpfs: Bad value for 'mpol'
[  162.676902][ T8943] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1215'.
[  163.296978][ T5876] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  163.466888][ T5876] usb 3-1: Using ep0 maxpacket: 16
[  163.470082][ T5876] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  163.473061][ T5876] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  163.476123][ T5876] usb 3-1: config 1 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  163.482838][ T5876] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  163.485803][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.488445][ T5876] usb 3-1: Product: syz
[  163.489852][ T5876] usb 3-1: Manufacturer: syz
[  163.491855][ T5876] usb 3-1: SerialNumber: syz
[  163.717959][ T5876] usb 3-1: USB disconnect, device number 19
[  165.017928][ T9028] loop2: detected capacity change from 0 to 256
[  165.158543][ T9044] loop0: detected capacity change from 0 to 512
[  165.171496][ T9044] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.1258: bg 0: block 5: invalid block bitmap
[  165.181634][ T9044] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  165.192647][ T9044] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.1258: invalid indirect mapped block 3 (level 2)
[  165.201242][ T9044] EXT4-fs (loop0): 2 truncates cleaned up
[  165.205118][ T9044] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.242295][ T9050] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1260'.
[  165.252472][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.818391][ T9072] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  167.010887][   T55] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  167.020583][   T55] Bluetooth: hci2: Injecting HCI hardware error event
[  167.025850][   T55] Bluetooth: hci2: hardware error 0x00
[  167.558591][ T9098] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1278'.
[  167.616573][ T9102] net_ratelimit: 17 callbacks suppressed
[  167.616583][ T9102] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1303
[  167.726303][ T9083] Bluetooth: hci0: command 0x206a tx timeout
[  167.726646][ T5238] Bluetooth: hci0: Opcode 0x206a failed: -110
[  167.904644][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811e7b4c00: rx timeout, send abort
[  167.906664][ T9114] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  167.907827][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811e7b5400: rx timeout, send abort
[  167.912217][ T6073] IPVS: starting estimator thread 0...
[  167.912937][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811e7b4c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  167.921023][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811e7b5400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  168.014867][ T9116] IPVS: using max 48 ests per chain, 115200 per kthread
[  168.250888][ T5238] Bluetooth: hci1: link tx timeout
[  168.253304][ T5238] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  169.166361][   T55] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  169.220354][ T9147] loop2: detected capacity change from 0 to 512
[  169.238161][ T9147] FAT-fs (loop2): error, clusters badly computed (1 != 0)
[  169.240962][ T9147] FAT-fs (loop2): Filesystem has been set read-only
[  169.245136][ T9147] FAT-fs (loop2): error, clusters badly computed (2 != 1)
[  169.251790][ T9147] FAT-fs (loop2): error, clusters badly computed (3 != 2)
[  169.255931][ T9147] FAT-fs (loop2): error, clusters badly computed (4 != 3)
[  169.262155][ T9147] FAT-fs (loop2): error, clusters badly computed (5 != 4)
[  169.541238][ T9162] syzkaller0: entered promiscuous mode
[  169.543384][ T9162] syzkaller0: entered allmulticast mode
[  170.297933][ T5238] Bluetooth: hci1: command 0x0406 tx timeout
[  170.384781][   T33] audit: type=1800 audit(1755246628.334:45): pid=9166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1309" name="file1" dev="tmpfs" ino=2133 res=0 errno=0
[  170.565267][ T9176] loop2: detected capacity change from 0 to 512
[  170.571055][ T9176] EXT4-fs (loop2): blocks per group (34) and clusters per group (32768) inconsistent
[  170.622260][ T9178] loop2: detected capacity change from 0 to 512
[  170.629049][ T9178] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  170.633104][ T9178] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  170.636507][ T9178] System zones: 0-2, 18-18, 34-35
[  170.643561][ T9178] EXT4-fs (loop2): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  170.673237][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0700-0000-0000-000000000000.
[  170.732019][ T9185] loop2: detected capacity change from 0 to 764
[  170.788690][ T9188] !: renamed from dummy0 (while UP)
[  171.037426][ T9199] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1324'.
[  171.041167][ T9199] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[  171.150937][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.273524][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.399652][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.520105][ T5238] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  171.526487][ T5238] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  171.530674][ T5238] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  171.533479][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.534349][ T5238] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  171.541961][ T5238] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  171.591096][ T9224] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1337'.
[  171.594661][ T9224] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1337'.
[  171.765429][   T13] dummy0: left allmulticast mode
[  171.772866][   T13] bridge0: port 3(dummy0) entered disabled state
[  171.781306][   T13] bridge_slave_1: left allmulticast mode
[  171.783872][   T13] bridge_slave_1: left promiscuous mode
[  171.786707][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.798512][   T13] bridge_slave_0: left allmulticast mode
[  171.800995][   T13] bridge_slave_0: left promiscuous mode
[  171.808866][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.003943][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  173.010616][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  173.014735][   T13] bond0 (unregistering): Released all slaves
[  173.028353][ T9243] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1346'.
[  173.111196][   T13] tipc: Disabling bearer <udp:syz2>
[  173.121170][   T13] tipc: Left network mode
[  173.203857][ T9217] chnl_net:caif_netlink_parms(): no params data found
[  173.349079][ T9217] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.357391][ T9217] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.361987][ T9217] bridge_slave_0: entered allmulticast mode
[  173.368039][ T9217] bridge_slave_0: entered promiscuous mode
[  173.391930][   T13] hsr_slave_0: left promiscuous mode
[  173.394378][   T13] hsr_slave_1: left promiscuous mode
[  173.398256][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  173.400994][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  173.404609][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  173.407631][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  173.431694][   T13] veth1_macvtap: left promiscuous mode
[  173.434192][   T13] veth0_macvtap: left promiscuous mode
[  173.437402][   T13] veth1_vlan: left promiscuous mode
[  173.439579][   T13] veth0_vlan: left promiscuous mode
[  173.532839][   T13] pim6reg9 (unregistering): left allmulticast mode
[  173.572394][   T55] Bluetooth: hci1: command tx timeout
[  173.664101][ T9268] Invalid source name
[  173.665957][ T9268] UBIFS error (pid: 9268): cannot open "./file0", error -22
[  173.783085][ T9276] netlink: 'syz.3.1358': attribute type 11 has an invalid length.
[  173.791602][ T9276] netlink: 149476 bytes leftover after parsing attributes in process `syz.3.1358'.
[  173.822137][ T9280] loop0: detected capacity change from 0 to 512
[  173.825329][ T9280] EXT4-fs: inline encryption not supported
[  173.833578][ T9280] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz.0.1361: corrupted in-inode xattr: invalid ea_ino
[  173.841561][ T9280] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.1361: couldn't read orphan inode 15 (err -117)
[  173.851168][ T9280] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  173.860762][ T9280] cgroup: name respecified
[  173.877097][ T9275] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  173.900977][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.303930][   T13] team0 (unregistering): Port device team_slave_1 removed
[  174.349600][   T13] team0 (unregistering): Port device team_slave_0 removed
[  174.881425][ T9217] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.885941][ T9217] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.889999][ T9217] bridge_slave_1: entered allmulticast mode
[  174.902582][ T9217] bridge_slave_1: entered promiscuous mode
[  174.953833][ T9217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  174.961570][ T9217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  175.038644][ T9217] team0: Port device team_slave_0 added
[  175.049391][ T9217] team0: Port device team_slave_1 added
[  175.151148][ T9217] batman_adv: batadv0: Adding interface: batadv_slave_0
[  175.166060][ T9217] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.176326][ T9217] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  175.185345][ T9217] batman_adv: batadv0: Adding interface: batadv_slave_1
[  175.185360][ T9217] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.185380][ T9217] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  175.259524][ T9217] hsr_slave_0: entered promiscuous mode
[  175.262529][ T9217] hsr_slave_1: entered promiscuous mode
[  175.268925][ T9217] debugfs: 'hsr0' already exists in 'hsr'
[  175.271139][ T9217] Cannot create hsr debugfs directory
[  175.346371][   T13] IPVS: stop unused estimator thread 0...
[  175.420518][ T9316] tipc: Started in network mode
[  175.422560][ T9316] tipc: Node identity ac14140f, cluster identity 4711
[  175.425014][ T9316] tipc: New replicast peer: 255.255.255.255
[  175.428605][ T9316] tipc: Enabled bearer <udp:syz2>, priority 10
[  175.440317][ T9316] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1377'.
[  175.443778][ T9316] tipc: Disabling bearer <udp:syz2>
[  175.566136][ T9217] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  175.571081][ T9322] loop0: detected capacity change from 0 to 4096
[  175.580081][ T9217] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  175.593544][ T9217] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  175.597461][ T9324] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  175.599347][ T9217] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  175.645648][   T55] Bluetooth: hci1: command tx timeout
[  175.702054][ T9217] 8021q: adding VLAN 0 to HW filter on device bond0
[  175.726607][ T9217] 8021q: adding VLAN 0 to HW filter on device team0
[  175.734295][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.736667][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[  175.743982][ T9341] netlink: 'syz.3.1386': attribute type 9 has an invalid length.
[  175.749338][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.751696][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[  175.842209][ T9349] overlayfs: failed to clone upperpath
[  175.847838][ T9349] overlayfs: failed to clone upperpath
[  175.911055][ T9217] 8021q: adding VLAN 0 to HW filter on device batadv0
[  175.981337][ T9361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1392'.
[  176.096325][ T9217] veth0_vlan: entered promiscuous mode
[  176.103758][ T9217] veth1_vlan: entered promiscuous mode
[  176.131954][ T9217] veth0_macvtap: entered promiscuous mode
[  176.138083][ T9217] veth1_macvtap: entered promiscuous mode
[  176.155025][ T9217] batman_adv: batadv0: Interface activated: batadv_slave_0
[  176.167364][ T9217] batman_adv: batadv0: Interface activated: batadv_slave_1
[  176.177448][ T5871] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  176.182132][ T5871] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  176.188286][ T5871] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  176.192118][ T5871] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  176.262884][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  176.267945][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  176.287538][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  176.290465][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  176.510164][ T9375] loop0: detected capacity change from 0 to 512
[  176.514011][ T9375] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  176.524541][ T9375] EXT4-fs (loop0): 1 truncate cleaned up
[  176.529212][ T9375] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  176.575034][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.596161][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  176.755745][   T10] usb 5-1: Using ep0 maxpacket: 32
[  176.763580][   T10] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  176.773401][   T10] usb 5-1: config 0 has no interface number 0
[  176.780998][ T9389] loop0: detected capacity change from 0 to 8
[  176.799483][   T10] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  176.803056][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.814221][   T10] usb 5-1: Product: syz
[  176.817626][ T9389] SQUASHFS error: Unable to read inode 0x127
[  176.820197][   T10] usb 5-1: Manufacturer: syz
[  176.822094][   T10] usb 5-1: SerialNumber: syz
[  176.830434][   T10] usb 5-1: config 0 descriptor??
[  176.836066][   T10] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  176.839673][   T10] usb 5-1: selecting invalid altsetting 1
[  176.845185][   T10] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  176.872011][   T10] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  176.877470][   T10] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  176.881234][   T10] usb 5-1: media controller created
[  176.952469][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  177.066891][   T10] usb 5-1: DVB: registering adapter 1 frontend 0 (Zarlink ZL10353 DVB-T)...
[  177.080218][   T10] dvbdev: dvb_create_media_entity: media entity 'Zarlink ZL10353 DVB-T' registered.
[  177.183372][   T10] DVB: Unable to find symbol mxl5005s_attach()
[  177.274344][   T10] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  177.380411][   T10] usb 5-1: USB disconnect, device number 2
[  177.726330][   T55] Bluetooth: hci1: command tx timeout
[  178.117143][ T9409] loop4: detected capacity change from 0 to 2048
[  178.160323][ T9412] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  178.211418][ T9409] NILFS (loop4): failed to count free inodes: err=-34
[  178.214526][ T9409] NILFS (loop4): failed to count free inodes: err=-34
[  178.662840][ T9433] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1421'.
[  178.666866][ T9433] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  180.084991][   T55] Bluetooth: hci1: command tx timeout
[  180.096817][   T33] audit: type=1400 audit(1755246638.025:46): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=9425 comm="syz.4.1418"
[  180.123196][ T9433] batman_adv: batadv0: Removing interface: batadv_slave_1
[  180.338682][ T9444] loop4: detected capacity change from 0 to 256
[  180.342469][ T9444] exfat: Deprecated parameter 'namecase'
[  180.344984][ T9444] exfat: Deprecated parameter 'namecase'
[  180.347452][ T9444] exfat: Deprecated parameter 'namecase'
[  180.359207][ T9444] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  180.413149][ T9448] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  180.609206][ T9460] sp0: Synchronizing with TNC
[  181.356381][ T9475] bond1: entered promiscuous mode
[  181.358179][ T9475] 8021q: adding VLAN 0 to HW filter on device bond1
[  181.682345][ T9483] loop4: detected capacity change from 0 to 40427
[  181.686784][ T9483] F2FS-fs (loop4): invalid crc value
[  181.743108][ T9483] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  181.747458][ T9483] F2FS-fs (loop4): Start checkpoint disabled!
[  181.755497][ T9483] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  181.852553][ T1089] kworker/u9:5: attempt to access beyond end of device
[  181.852553][ T1089] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  181.859666][ T1089] CPU: 1 UID: 0 PID: 1089 Comm: kworker/u9:5 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  181.859688][ T1089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  181.859698][ T1089] Workqueue: writeback wb_workfn (flush-7:4)
[  181.859722][ T1089] Call Trace:
[  181.859728][ T1089]  <TASK>
[  181.859735][ T1089]  dump_stack_lvl+0x189/0x250
[  181.859758][ T1089]  ? __pfx_dump_stack_lvl+0x10/0x10
[  181.859775][ T1089]  ? __pfx_queue_work_on+0x10/0x10
[  181.859788][ T1089]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  181.859807][ T1089]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  181.859832][ T1089]  f2fs_handle_critical_error+0x37c/0x540
[  181.859856][ T1089]  f2fs_write_end_io+0x886/0xb60
[  181.859884][ T1089]  __submit_merged_bio+0x27a/0x6a0
[  181.859908][ T1089]  __submit_merged_write_cond+0x255/0x530
[  181.859935][ T1089]  f2fs_write_data_pages+0x261d/0x3000
[  181.859988][ T1089]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  181.860022][ T1089]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  181.860072][ T1089]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  181.860104][ T1089]  ? trace_f2fs_writepages+0x7f/0x200
[  181.860125][ T1089]  ? f2fs_write_node_pages+0x478/0x6e0
[  181.860148][ T1089]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  181.860182][ T1089]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  181.860239][ T1089]  do_writepages+0x32e/0x550
[  181.860264][ T1089]  ? reacquire_held_locks+0x127/0x1d0
[  181.860279][ T1089]  ? writeback_sb_inodes+0x384/0x1010
[  181.860305][ T1089]  __writeback_single_inode+0x145/0xff0
[  181.860330][ T1089]  ? do_raw_spin_unlock+0x4d/0x240
[  181.860352][ T1089]  writeback_sb_inodes+0x6c7/0x1010
[  181.860396][ T1089]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  181.860455][ T1089]  ? rcu_is_watching+0x15/0xb0
[  181.860479][ T1089]  wb_writeback+0x43b/0xaf0
[  181.860505][ T1089]  ? queue_io+0x3d1/0x590
[  181.860522][ T1089]  ? __pfx_wb_writeback+0x10/0x10
[  181.860547][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  181.860570][ T1089]  wb_workfn+0x409/0xef0
[  181.860597][ T1089]  ? __pfx_wb_workfn+0x10/0x10
[  181.860617][ T1089]  ? __lock_acquire+0xab9/0xd20
[  181.860647][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  181.860669][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  181.860684][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  181.860697][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  181.860713][ T1089]  process_scheduled_works+0xae1/0x17b0
[  181.860751][ T1089]  ? __pfx_process_scheduled_works+0x10/0x10
[  181.860782][ T1089]  worker_thread+0x8a0/0xda0
[  181.860824][ T1089]  kthread+0x711/0x8a0
[  181.860845][ T1089]  ? __pfx_worker_thread+0x10/0x10
[  181.860859][ T1089]  ? __pfx_kthread+0x10/0x10
[  181.860878][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  181.860894][ T1089]  ? lockdep_hardirqs_on+0x9c/0x150
[  181.860909][ T1089]  ? __pfx_kthread+0x10/0x10
[  181.860927][ T1089]  ret_from_fork+0x3fc/0x770
[  181.860945][ T1089]  ? __pfx_ret_from_fork+0x10/0x10
[  181.860966][ T1089]  ? __switch_to_asm+0x39/0x70
[  181.860982][ T1089]  ? __switch_to_asm+0x33/0x70
[  181.860998][ T1089]  ? __pfx_kthread+0x10/0x10
[  181.861016][ T1089]  ret_from_fork_asm+0x1a/0x30
[  181.861049][ T1089]  </TASK>
[  181.861056][ T1089] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  182.083450][ T9487] trusted_key: encrypted_key: master key parameter is missing
[  182.162890][ T9489] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  185.075019][  T973] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  185.169015][ T9560] netlink: 'syz.3.1475': attribute type 11 has an invalid length.
[  185.231946][  T973] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  185.254141][  T973] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.258247][  T973] usb 5-1: Product: syz
[  185.260113][  T973] usb 5-1: Manufacturer: syz
[  185.262133][  T973] usb 5-1: SerialNumber: syz
[  185.283270][  T973] usb 5-1: config 0 descriptor??
[  185.501769][  T973] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  186.110260][ T9614] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6erspan0
[  186.710709][  T973] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  186.716974][  T973] usb 5-1: USB disconnect, device number 3
[  187.034438][ T9652] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1517'.
[  187.051436][ T9652] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1517'.
[  187.471021][ T9659] loop4: detected capacity change from 0 to 16
[  187.474235][ T9659] erofs: Unknown parameter '00000000000000000000017777777777777777777770177777777777777777777718446744073709551615000000000000000000000x000000000000000018446744073709551615$'
[  187.578768][ T9661] netlink: 'syz.4.1522': attribute type 10 has an invalid length.
[  187.625097][ T9661] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  187.774274][ T9669] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1526'.
[  187.880074][ T9676] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1529'.
[  188.438391][ T9705] loop4: detected capacity change from 0 to 512
[  188.480571][ T9705] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.1543: casefold flag without casefold feature
[  188.486521][ T9705] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1543: couldn't read orphan inode 15 (err -117)
[  188.491257][ T9705] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  188.497393][ T9705] EXT4-fs error (device loop4): htree_dirblock_to_tree:1051: inode #2: comm syz.4.1543: Directory hole found for htree leaf block 0
[  188.534054][ T9217] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.687009][ T9715] netlink: 'syz.3.1548': attribute type 10 has an invalid length.
[  188.690513][ T9715] team_slave_0: left promiscuous mode
[  188.704919][ T9715] team_slave_1: left promiscuous mode
[  188.708910][ T9715] team0: Cannot enslave team device to itself
[  189.642119][ T9751] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1561'.
[  190.364969][ T5238] Bluetooth: hci0: command 0x206a tx timeout
[  190.635882][ T9806] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1587'.
[  190.639614][ T9806] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1587'.
[  190.939841][ T9816] bond0: Unable to set up delay as MII monitoring is disabled
[  191.134561][ T9830] loop4: detected capacity change from 0 to 64
[  191.173466][ T9830] Bad inode number on dev loop4: 6 is out of range
[  191.278823][ T9842] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1603'.
[  191.454424][ T9857] netlink: 'syz.4.1612': attribute type 3 has an invalid length.
[  191.458695][ T9857] netlink: 'syz.4.1612': attribute type 1 has an invalid length.
[  191.461805][ T9857] netlink: 216 bytes leftover after parsing attributes in process `syz.4.1612'.
[  191.599330][ T9866] netlink: 724 bytes leftover after parsing attributes in process `syz.4.1617'.
[  191.934764][ T9883] netlink: 'syz.4.1625': attribute type 1 has an invalid length.
[  192.347211][ T9901] loop4: detected capacity change from 0 to 8
[  192.417756][ T9901] SQUASHFS error: xz decompression failed, data probably corrupt
[  192.421077][ T9901] SQUASHFS error: Failed to read block 0x108: -5
[  192.423615][ T9901] SQUASHFS error: Unable to read metadata cache entry [106]
[  192.426648][ T9901] SQUASHFS error: Unable to read inode 0x11f
[  193.120734][ T9920] __nla_validate_parse: 3 callbacks suppressed
[  193.120747][ T9920] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1641'.
[  193.127893][ T9920] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1641'.
[  193.212897][ T9922] loop4: detected capacity change from 0 to 4096
[  193.220071][ T9922] NILFS (loop4): mounting unchecked fs
[  193.223583][ T9922] NILFS (loop4): recovery required for readonly filesystem
[  193.228912][ T9922] NILFS (loop4): write access will be enabled during recovery
[  193.233996][ T9922] NILFS (loop4): invalid segment: Checksum error in segment payload
[  193.237917][ T9922] NILFS (loop4): trying rollback from an earlier position
[  193.249922][ T9922] NILFS (loop4): norecovery option specified, skipping roll-forward recovery
[  193.420450][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  193.423972][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  195.172724][ T9988] loop4: detected capacity change from 0 to 32768
[  195.179227][ T9988] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1672 (9988)
[  195.188298][ T9988] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  195.192199][ T9988] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  195.195508][ T9988] BTRFS info (device loop4): disk space caching is enabled
[  195.198345][ T9988] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  195.229336][ T9988] BTRFS info (device loop4): rebuilding free space tree
[  195.239988][ T9988] BTRFS info (device loop4): disabling free space tree
[  195.242728][ T9988] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  195.246469][ T9988] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  195.318180][T10005] netlink: 'syz.3.1673': attribute type 21 has an invalid length.
[  195.321033][T10005] netlink: 'syz.3.1673': attribute type 15 has an invalid length.
[  195.323764][T10005] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1673'.
[  195.327267][T10005] IPv6: NLM_F_CREATE should be specified when creating new route
[  195.330223][T10005] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  195.332994][T10005] IPv6: NLM_F_CREATE should be set when creating new route
[  195.335720][T10005] IPv6: NLM_F_CREATE should be set when creating new route
[  195.338360][T10005] IPv6: NLM_F_CREATE should be set when creating new route
[  195.340911][ T9217] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  195.393273][T10007] netlink: 'syz.3.1675': attribute type 1 has an invalid length.
[  195.467016][T10007] bond3: (slave gretap2): making interface the new active one
[  195.471025][T10007] bond3: (slave gretap2): Enslaving as an active interface with an up link
[  195.868136][T10032] bond0: entered promiscuous mode
[  195.869745][T10032] bond_slave_0: entered promiscuous mode
[  195.881779][T10032] bond_slave_1: entered promiscuous mode
[  195.883691][T10032] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode
[  195.895402][T10032] batadv0: entered promiscuous mode
[  195.901407][T10032] hsr1: entered allmulticast mode
[  195.903380][T10032] bond0: entered allmulticast mode
[  195.907533][T10032] bond_slave_0: entered allmulticast mode
[  195.909842][T10032] bond_slave_1: entered allmulticast mode
[  195.912153][T10032] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode
[  195.915198][T10032] batadv0: entered allmulticast mode
[  195.917841][T10032] 8021q: adding VLAN 0 to HW filter on device hsr1
[  195.924132][T10032] bond0: left promiscuous mode
[  195.928379][T10032] bond_slave_0: left promiscuous mode
[  195.930729][T10032] bond_slave_1: left promiscuous mode
[  195.933092][T10032] mac80211_hwsim hwsim11 wlan1: left promiscuous mode
[  195.936779][T10032] batadv0: left promiscuous mode
[  196.580361][T10063] netem: change failed
[  196.661383][T10069] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1704'.
[  197.977118][T10100] netlink: 'syz.4.1716': attribute type 3 has an invalid length.
[  198.409348][T10109] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1719'.
[  198.452219][T10111] loop4: detected capacity change from 0 to 128
[  198.457839][T10111] EXT4-fs: Ignoring removed bh option
[  198.465483][T10111] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  198.470835][T10111] ext4 filesystem being mounted at /99/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  198.511438][ T9217] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  198.601740][ T5871] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.110734][ T5871] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.195677][T10127] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1725'.
[  199.286597][ T5871] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.349058][T10139] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1732'.
[  199.377682][T10142] netlink: 'syz.3.1733': attribute type 12 has an invalid length.
[  199.381084][T10142] netlink: 211856 bytes leftover after parsing attributes in process `syz.3.1733'.
[  199.386444][ T5871] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.517514][ T5871] bridge_slave_1: left allmulticast mode
[  199.520154][ T5871] bridge_slave_1: left promiscuous mode
[  199.522745][ T5871] bridge0: port 2(bridge_slave_1) entered disabled state
[  199.543887][ T5871] bridge_slave_0: left allmulticast mode
[  199.548221][ T5871] bridge_slave_0: left promiscuous mode
[  199.550824][ T5871] bridge0: port 1(bridge_slave_0) entered disabled state
[  199.824294][T10149] loop4: detected capacity change from 0 to 2048
[  199.830395][T10149] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  199.858120][T10151] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  199.870484][T10149] NILFS error (device loop4): __nilfs_read_inode: invalid file type bits in mode 0177777 for inode 12
[  200.014284][T10149] Remounting filesystem read-only
[  200.277220][T10156] openvswitch: netlink: IP tunnel dst address not specified
[  200.507600][T10166] loop4: detected capacity change from 0 to 512
[  200.562229][T10166] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  200.567883][T10166] ext4 filesystem being mounted at /108/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  200.731915][T10166] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #2: comm syz.4.1742: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  200.773406][ T5238] Bluetooth: hci0: command 0x206a tx timeout
[  200.795304][   T55] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  200.940947][ T9217] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.011007][ T5871] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  201.019936][ T5871] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  201.026148][ T5871] bond0 (unregistering): Released all slaves
[  201.286404][ T5895] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  201.341388][ T5871] hsr_slave_0: left promiscuous mode
[  201.347632][ T5871] hsr_slave_1: left promiscuous mode
[  201.356186][ T5871] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  201.359085][ T5871] batman_adv: batadv0: Removing interface: batadv_slave_0
[  201.367023][ T5871] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  201.370034][ T5871] batman_adv: batadv0: Removing interface: batadv_slave_1
[  201.397578][ T5871] veth1_macvtap: left promiscuous mode
[  201.399901][ T5871] veth0_macvtap: left promiscuous mode
[  201.402126][ T5871] veth1_vlan: left promiscuous mode
[  201.404329][ T5871] veth0_vlan: left promiscuous mode
[  201.437115][ T5895] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  201.440924][ T5895] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  201.451054][ T5895] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  201.454943][ T5895] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  201.459291][ T5895] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  201.477121][ T5895] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  201.480748][ T5895] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  201.483940][ T5895] usb 5-1: Product: syz
[  201.494766][ T5895] usb 5-1: Manufacturer: syz
[  201.502170][ T5895] cdc_wdm 5-1:1.0: skipping garbage
[  201.504307][ T5895] cdc_wdm 5-1:1.0: skipping garbage
[  201.523527][ T5895] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  201.526664][ T5895] cdc_wdm 5-1:1.0: Unknown control protocol
[  202.001799][ T5871] team0 (unregistering): Port device team_slave_1 removed
[  202.031791][ T5871] team0 (unregistering): Port device team_slave_0 removed
[  202.983263][ T5895] usb 5-1: USB disconnect, device number 4
[  203.329030][T10204] netlink: 'syz.0.1757': attribute type 10 has an invalid length.
[  203.331986][T10204] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1757'.
[  203.451784][T10212] fuse: Bad value for 'fd'
[  204.056594][ T5871] tipc: Subscription rejected, illegal request
[  204.526664][T10254] loop4: detected capacity change from 0 to 2048
[  204.531012][T10254] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  204.535252][T10254] NILFS (loop4): segment count 8142508126285856831 exceeds upper limit (1152921504606846975 segments)
[  204.627599][T10258] loop4: detected capacity change from 0 to 256
[  204.630974][T10258] exfat: Deprecated parameter 'namecase'
[  204.633371][T10258] exfat: Deprecated parameter 'namecase'
[  204.643696][T10258] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbc51571d, utbl_chksum : 0xe619d30d)
[  204.810203][T10264] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1785'.
[  204.814259][    C0] vcan0: j1939_session_tx_dat: 0xffff88802a6b7c00: queue data error: -100
[  205.227472][T10274] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1788'.
[  206.031325][T10280] loop4: detected capacity change from 0 to 1024
[  206.063639][T10280] hfsplus: xattr exists yet
[  206.082417][ T1089] hfsplus: b-tree write err: -5, ino 4
[  206.688548][   T33] audit: type=1326 audit(1755246664.646:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10289 comm="syz.3.1795" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff02b18ebe9 code=0x7ffc0000
[  206.695482][   T33] audit: type=1326 audit(1755246664.646:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10289 comm="syz.3.1795" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff02b18ebe9 code=0x7ffc0000
[  206.702127][   T33] audit: type=1326 audit(1755246664.646:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10289 comm="syz.3.1795" exe="/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7ff02b18ebe9 code=0x7ffc0000
[  206.712356][   T33] audit: type=1326 audit(1755246664.646:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10289 comm="syz.3.1795" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff02b18ebe9 code=0x7ffc0000
[  206.721025][   T33] audit: type=1326 audit(1755246664.646:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10289 comm="syz.3.1795" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff02b18ebe9 code=0x7ffc0000
[  207.220239][T10304] loop4: detected capacity change from 0 to 32768
[  207.223954][T10304] bcachefs (/dev/loop4): error validating superblock: Invalid superblock: optional field extends past end of superblock (type 1497488896)
[  207.229450][T10304] bcachefs: bch2_fs_get_tree() error: invalid_sb_field_size
[  207.604418][ T5901] usb 5-1: new low-speed USB device number 5 using dummy_hcd
[  207.816583][ T5901] usb 5-1: config index 0 descriptor too short (expected 36, got 30)
[  207.818951][ T5901] usb 5-1: config 0 has an invalid descriptor of length 9, skipping remainder of the config
[  207.822026][ T5901] usb 5-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  207.826146][ T5901] usb 5-1: config 0 interface 0 has no altsetting 0
[  207.828782][ T5901] usb 5-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.00
[  207.837584][ T5901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.843437][ T5901] usb 5-1: config 0 descriptor??
[  207.850825][ T5901] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  208.026651][T10341] netlink: 'syz.3.1818': attribute type 1 has an invalid length.
[  208.029987][T10341] netlink: 'syz.3.1818': attribute type 4 has an invalid length.
[  208.033264][T10341] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1818'.
[  208.057104][  T973] usb 5-1: USB disconnect, device number 5
[  208.841464][T10372] autofs: Bad value for 'fd'
[  209.516415][T10390] loop4: detected capacity change from 0 to 40427
[  209.535272][T10390] F2FS-fs (loop4): build fault injection rate: 16
[  209.537975][T10390] F2FS-fs (loop4): build fault injection type: 0x77
[  209.544059][T10390] F2FS-fs (loop4): invalid crc value
[  209.548685][T10390] F2FS-fs (loop4): inject kvmalloc in f2fs_kvmalloc of f2fs_fill_super+0x4429/0x6ff0
[  209.552443][T10390] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-12)
[  209.772039][T10407] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.775691][T10407] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.861769][T10407] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  209.888845][T10407] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  210.211290][T10407] xfrm1: left promiscuous mode
[  210.213303][T10407] xfrm1: left allmulticast mode
[  210.216571][T10407] gretap1: left promiscuous mode
[  210.222735][ T5875] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  210.226982][ T5875] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  210.244615][ T5875] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  210.249429][ T5875] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  211.152376][  T973] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  211.308139][  T973] usb 5-1: config 11 has an invalid interface number: 62 but max is 0
[  211.311697][  T973] usb 5-1: config 11 has no interface number 0
[  211.317086][  T973] usb 5-1: New USB device found, idVendor=22b8, idProduct=2d9a, bcdDevice=bf.dc
[  211.320706][  T973] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.324106][  T973] usb 5-1: Product: syz
[  211.327611][  T973] usb 5-1: Manufacturer: syz
[  211.329439][  T973] usb 5-1: SerialNumber: syz
[  211.584174][  T973] hub 5-1:11.62: bad descriptor, ignoring hub
[  211.586798][  T973] hub 5-1:11.62: probe with driver hub failed with error -5
[  211.609784][  T973] usb 5-1: USB disconnect, device number 6
[  212.202016][T10477] loop4: detected capacity change from 0 to 8
[  212.231882][T10477] SQUASHFS error: xz decompression failed, data probably corrupt
[  212.236385][T10477] SQUASHFS error: Failed to read block 0x108: -5
[  212.238890][T10477] SQUASHFS error: Unable to read metadata cache entry [106]
[  212.241854][T10477] SQUASHFS error: Unable to read inode 0x0
[  212.468507][T10501] loop4: detected capacity change from 0 to 256
[  212.782480][T10517] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1901'.
[  212.799066][T10517] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  212.802105][T10517] batman_adv: batadv0: Removing interface: batadv_slave_0
[  212.935189][T10526] netlink: 'syz.3.1906': attribute type 10 has an invalid length.
[  212.947877][T10526] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  213.071619][T10539] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1912'.
[  213.088162][T10539] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1912'.
[  213.377036][T10552] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1918'.
[  213.458839][T10546] loop4: detected capacity change from 0 to 32768
[  213.462919][T10546] bcachefs (/dev/loop4): error validating superblock: Invalid superblock: optional field with size 0 (type 1)
[  213.477779][T10546] bcachefs: bch2_fs_get_tree() error: invalid_sb_field_size
[  214.206369][T10571] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1926'.
[  214.548543][T10585] netlink: 'syz.4.1933': attribute type 11 has an invalid length.
[  214.797782][T10589] loop4: detected capacity change from 0 to 32768
[  214.801408][T10589] bcachefs (/dev/loop4): error validating superblock: Invalid superblock: member info area missing
[  214.805884][T10589] bcachefs: bch2_fs_get_tree() error: invalid_sb_members_missing
[  214.905569][T10591] loop4: detected capacity change from 0 to 1764
[  215.103943][T10607] batadv0: entered promiscuous mode
[  215.105847][T10607] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[  215.666210][T10638] loop4: detected capacity change from 0 to 24
[  216.363973][T10654] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1963'.
[  216.589461][T10669] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1969'.
[  217.401760][   T10] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  217.554548][   T10] usb 5-1: Using ep0 maxpacket: 16
[  217.561328][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  217.565386][   T10] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  217.569112][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.576001][   T10] usb 5-1: config 0 descriptor??
[  217.785235][T10711] Invalid ELF header len 8
[  217.995643][   T10] hid-multitouch 0003:1FD2:6007.0005: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0
[  218.202778][   T10] usb 5-1: USB disconnect, device number 7
[  218.380830][T10751] netlink: 'syz.3.2004': attribute type 2 has an invalid length.
[  218.385783][T10751] netlink: 'syz.3.2004': attribute type 2 has an invalid length.
[  218.408145][T10753] netlink: 'syz.3.2005': attribute type 3 has an invalid length.
[  218.577753][T10765] overlayfs: failed to clone upperpath
[  219.938771][T10811] loop4: detected capacity change from 0 to 128
[  219.956760][   T33] audit: type=1800 audit(1755246677.916:52): pid=10811 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2032" name="file1" dev="loop4" ino=1048609 res=0 errno=0
[  219.969179][T10811] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 52)
[  219.972358][T10811] FAT-fs (loop4): Filesystem has been set read-only
[  220.137928][T10813] input: syz0 as /devices/virtual/input/input7
[  220.265218][T10819] netlink: 'syz.0.2036': attribute type 3 has an invalid length.
[  220.268821][T10819] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2036'.
[  221.379025][ T5876] libceph: connect (1)[c::]:6789 error -101
[  221.381516][ T5876] libceph: mon0 (1)[c::]:6789 connect error
[  221.472132][T10849] ceph: No mds server is up or the cluster is laggy
[  224.524572][   T10] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  224.674375][   T10] usb 5-1: Using ep0 maxpacket: 32
[  224.679509][   T10] usb 5-1: config 252 has an invalid interface number: 91 but max is 0
[  224.682985][   T10] usb 5-1: config 252 has no interface number 0
[  224.685756][   T10] usb 5-1: config 252 interface 91 has no altsetting 0
[  224.695715][   T10] usb 5-1: New USB device found, idVendor=07ca, idProduct=a309, bcdDevice=7f.92
[  224.699469][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.702642][   T10] usb 5-1: Product: syz
[  224.704562][   T10] usb 5-1: Manufacturer: syz
[  224.706514][   T10] usb 5-1: SerialNumber: syz
[  224.927765][   T10] usb 5-1: USB disconnect, device number 8
[  225.773236][T10927] loop4: detected capacity change from 0 to 2048
[  225.833758][T10927] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  225.981566][T10940] 9pnet_fd: Insufficient options for proto=fd
[  226.485204][ T9217] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.720776][T10965] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  226.721715][T10964] IPVS: stopping master sync thread 10965 ...
[  227.492339][T10982] overlayfs: failed to clone upperpath
[  227.580536][T10987] netlink: 148 bytes leftover after parsing attributes in process `syz.3.2108'.
[  227.600906][T10987] netlink: 148 bytes leftover after parsing attributes in process `syz.3.2108'.
[  227.636429][T10990] overlayfs: failed to clone upperpath
[  227.973226][T11011] overlayfs: failed to resolve './cgroup': -2
[  229.010588][T11057] tunl0: entered promiscuous mode
[  229.012355][T11057] netlink: 'syz.3.2140': attribute type 4 has an invalid length.
[  229.016430][T11057] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2140'.
[  229.729521][T11075] loop4: detected capacity change from 0 to 736
[  231.004113][ T5876] libceph: connect (1)[c::]:6789 error -101
[  231.006810][ T5876] libceph: mon0 (1)[c::]:6789 connect error
[  231.015157][   T55] Bluetooth: hci0: command 0x206a tx timeout
[  231.052171][ T5876] libceph: connect (1)[c::]:6789 error -101
[  231.056674][ T5876] libceph: mon0 (1)[c::]:6789 connect error
[  231.274194][ T5876] libceph: connect (1)[c::]:6789 error -101
[  231.277067][ T5876] libceph: mon0 (1)[c::]:6789 connect error
[  231.316984][ T5876] libceph: connect (1)[c::]:6789 error -101
[  231.325107][ T5876] libceph: mon0 (1)[c::]:6789 connect error
[  231.785318][ T5876] libceph: connect (1)[c::]:6789 error -101
[  231.787866][ T5876] libceph: mon0 (1)[c::]:6789 connect error
[  231.825312][T11113] ceph: No mds server is up or the cluster is laggy
[  231.825384][T11116] ceph: No mds server is up or the cluster is laggy
[  231.853778][ T5876] libceph: connect (1)[c::]:6789 error -101
[  231.860862][ T5876] libceph: mon0 (1)[c::]:6789 connect error
[  231.922358][T11145] loop4: detected capacity change from 0 to 2048
[  231.929788][T11145] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  232.174492][ T6073] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  232.324907][ T6073] usb 5-1: Using ep0 maxpacket: 32
[  232.332277][ T6073] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  232.335914][ T6073] usb 5-1: config 0 has no interface number 0
[  232.338560][ T6073] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid maxpacket 50160, setting to 1024
[  232.350623][ T6073] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  232.354747][ T6073] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  232.364324][ T6073] usb 5-1: Product: syz
[  232.366205][ T6073] usb 5-1: Manufacturer: syz
[  232.368202][ T6073] usb 5-1: SerialNumber: syz
[  232.373206][ T6073] usb 5-1: config 0 descriptor??
[  232.378419][ T6073] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  232.385619][ T6073] em28xx 5-1:0.132: Video interface 132 found: isoc
[  232.650548][ T6073] em28xx 5-1:0.132: unknown em28xx chip ID (0)
[  232.717628][T11172] 9pnet_fd: Insufficient options for proto=fd
[  232.734830][ T6073] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  232.740980][ T6073] em28xx 5-1:0.132: board has no eeprom
[  232.796165][ T6073] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  232.799981][ T6073] em28xx 5-1:0.132: analog set to isoc mode.
[  232.802823][   T95] em28xx 5-1:0.132: Registering V4L2 extension
[  232.816739][ T6073] usb 5-1: USB disconnect, device number 9
[  232.820234][ T6073] em28xx 5-1:0.132: Disconnecting em28xx
[  233.310265][   T95] em28xx 5-1:0.132: Config register raw data: 0xffffffed
[  233.313277][   T95] em28xx 5-1:0.132: AC97 chip type couldn't be determined
[  233.317077][   T95] em28xx 5-1:0.132: No AC97 audio processor
[  233.326330][   T95] usb 5-1: Decoder not found
[  233.328115][   T95] em28xx 5-1:0.132: failed to create media graph
[  233.331019][   T95] em28xx 5-1:0.132: V4L2 device video103 deregistered
[  233.340064][   T95] em28xx 5-1:0.132: Remote control support is not available for this card.
[  233.343924][ T6073] em28xx 5-1:0.132: Closing input extension
[  233.358918][ T6073] em28xx 5-1:0.132: Freeing device
[  234.758681][T11237] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2216'.
[  235.010612][T11257] sctp: [Deprecated]: syz.0.2226 (pid 11257) Use of int in maxseg socket option.
[  235.010612][T11257] Use struct sctp_assoc_value instead
[  235.184403][   T95] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  235.338342][   T95] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  235.342909][   T95] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  235.348411][   T95] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  235.352802][   T95] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  235.358767][   T95] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  235.362338][   T95] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.367819][   T95] usb 5-1: config 0 descriptor??
[  235.370661][T11253] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  235.781730][   T95] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  235.784302][   T95] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  235.787273][   T95] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  235.789769][   T95] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  235.792600][   T95] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  235.802476][   T95] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  236.049259][   T24] usb 5-1: USB disconnect, device number 10
[  236.292658][T11287] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  236.295716][T11287] IPv6: NLM_F_CREATE should be set when creating new route
[  236.307946][T11287] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  237.169281][T11314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2251'.
[  237.505030][T11301] loop4: detected capacity change from 0 to 131072
[  237.572693][T11301] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  237.579403][T11301] F2FS-fs (loop4): Mounted with checkpoint version = 1b41e955
[  238.787865][T11352] netlink: 'syz.0.2267': attribute type 3 has an invalid length.
[  238.792204][T11352] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  238.803396][T11344] loop4: detected capacity change from 0 to 32768
[  238.817864][T11344] JBD2: Ignoring recovery information on journal
[  238.879776][T11344] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  239.010839][   T33] audit: type=1800 audit(1755246696.966:53): pid=11344 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2254" name="file1" dev="loop4" ino=17058 res=0 errno=0
[  239.075917][ T9217] ocfs2: Unmounting device (7,4) on (node local)
[  239.607246][T11368] loop4: detected capacity change from 0 to 512
[  239.652559][T11374] netlink: 'syz.4.2275': attribute type 1 has an invalid length.
[  239.658100][T11374] netlink: 212 bytes leftover after parsing attributes in process `syz.4.2275'.
[  239.661677][T11374] netlink: 'syz.4.2275': attribute type 1 has an invalid length.
[  239.750374][ T5876] IPVS: starting estimator thread 0...
[  239.855749][T11383] IPVS: using max 63 ests per chain, 151200 per kthread
[  240.092835][T11395] loop4: detected capacity change from 0 to 32768
[  240.105473][T11395] bcachefs (/dev/loop4): error reading default superblock: Bad minimum version 0.24: unwritten_extents, greater than version field 0.11: inode_btree_change
[  240.112821][T11395] bcachefs (/dev/loop4): error validating superblock: Bad sb offset (got 288230376151715840, read from 4096)
[  240.126851][T11395] bcachefs: bch2_fs_get_tree() error: invalid_sb_offset
[  241.286869][T11444] loop4: detected capacity change from 0 to 256
[  241.295434][T11444] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d)
[  241.958078][T11449] loop4: detected capacity change from 0 to 40427
[  241.963739][T11449] F2FS-fs (loop4): invalid crc value
[  242.022699][T11449] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  242.028285][T11449] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  242.045353][T11449] F2FS-fs (loop4): Can't enable fs-verity on inode 3: the verity feature is not enabled on this filesystem
[  242.133630][T11460] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  242.137929][T11460] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  242.302042][T11476] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2312'.
[  242.611507][T11500] loop4: detected capacity change from 0 to 8192
[  243.607008][T11540] overlayfs: failed to clone upperpath
[  243.668313][T11546] netlink: 'syz.4.2354': attribute type 1 has an invalid length.
[  243.687021][T11548] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2353'.
[  243.690255][T11548] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2353'.
[  243.885382][   T55] Bluetooth: hci1: Unable to find connection for big 0x00
[  243.937251][T11569] openvswitch: netlink: Message has 4784 unknown bytes.
[  243.940216][T11569] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  243.982181][T11571] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  244.658946][T11585] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode
[  244.661563][T11585] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  245.074621][T11597] loop4: detected capacity change from 0 to 40427
[  245.080613][T11597] F2FS-fs (loop4): invalid crc value
[  245.139133][T11597] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  245.142853][T11597] F2FS-fs (loop4): Start checkpoint disabled!
[  245.207385][T11597] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  245.231275][   T33] audit: type=1800 audit(1755246703.186:54): pid=11597 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2378" name="file1" dev="loop4" ino=10 res=0 errno=0
[  245.887899][T11608] syz.4.2378: attempt to access beyond end of device
[  245.887899][T11608] loop4: rw=2049, sector=77824, nr_sectors = 2568 limit=40427
[  245.900688][T11609] syz.4.2378: attempt to access beyond end of device
[  245.900688][T11609] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  245.906045][T11609] syz.4.2378: attempt to access beyond end of device
[  245.906045][T11609] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  245.911458][T11609] syz.4.2378: attempt to access beyond end of device
[  245.911458][T11609] loop4: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  245.918149][T11609] syz.4.2378: attempt to access beyond end of device
[  245.918149][T11609] loop4: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  245.923489][T11609] syz.4.2378: attempt to access beyond end of device
[  245.923489][T11609] loop4: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  245.928533][T11609] syz.4.2378: attempt to access beyond end of device
[  245.928533][T11609] loop4: rw=2049, sector=45136, nr_sectors = 8 limit=40427
[  245.932956][T11609] syz.4.2378: attempt to access beyond end of device
[  245.932956][T11609] loop4: rw=2049, sector=45144, nr_sectors = 8 limit=40427
[  245.938179][T11609] syz.4.2378: attempt to access beyond end of device
[  245.938179][T11609] loop4: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  246.073926][   T33] audit: type=1800 audit(1755246703.566:55): pid=11608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2378" name="file1" dev="loop4" ino=10 res=0 errno=0
[  246.130286][ T4071] kworker/u10:4: attempt to access beyond end of device
[  246.130286][ T4071] loop4: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  246.144448][ T4071] CPU: 1 UID: 0 PID: 4071 Comm: kworker/u10:4 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  246.144472][ T4071] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  246.144482][ T4071] Workqueue: writeback wb_workfn (flush-7:4)
[  246.144505][ T4071] Call Trace:
[  246.144512][ T4071]  <TASK>
[  246.144518][ T4071]  dump_stack_lvl+0x189/0x250
[  246.144541][ T4071]  ? __pfx_dump_stack_lvl+0x10/0x10
[  246.144557][ T4071]  ? __pfx_queue_work_on+0x10/0x10
[  246.144571][ T4071]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  246.144591][ T4071]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  246.144620][ T4071]  f2fs_handle_critical_error+0x37c/0x540
[  246.144646][ T4071]  f2fs_write_end_io+0x886/0xb60
[  246.144677][ T4071]  __submit_merged_bio+0x27a/0x6a0
[  246.144704][ T4071]  __submit_merged_write_cond+0x255/0x530
[  246.144730][ T4071]  f2fs_write_data_pages+0x261d/0x3000
[  246.144783][ T4071]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  246.144846][ T4071]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  246.144894][ T4071]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  246.144926][ T4071]  ? trace_f2fs_writepages+0x7f/0x200
[  246.144947][ T4071]  ? f2fs_write_node_pages+0x478/0x6e0
[  246.144971][ T4071]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  246.145002][ T4071]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  246.145024][ T4071]  do_writepages+0x32e/0x550
[  246.145048][ T4071]  ? reacquire_held_locks+0x127/0x1d0
[  246.145062][ T4071]  ? writeback_sb_inodes+0x384/0x1010
[  246.145088][ T4071]  __writeback_single_inode+0x145/0xff0
[  246.145107][ T4071]  ? do_raw_spin_unlock+0x4d/0x240
[  246.145128][ T4071]  writeback_sb_inodes+0x6c7/0x1010
[  246.145171][ T4071]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  246.145235][ T4071]  ? rcu_is_watching+0x15/0xb0
[  246.145260][ T4071]  wb_writeback+0x43b/0xaf0
[  246.145286][ T4071]  ? queue_io+0x3d1/0x590
[  246.145307][ T4071]  ? __pfx_wb_writeback+0x10/0x10
[  246.145334][ T4071]  ? _raw_spin_unlock_irq+0x23/0x50
[  246.145356][ T4071]  wb_workfn+0x409/0xef0
[  246.145386][ T4071]  ? __pfx_wb_workfn+0x10/0x10
[  246.145407][ T4071]  ? __lock_acquire+0xab9/0xd20
[  246.145438][ T4071]  ? process_scheduled_works+0x9ef/0x17b0
[  246.145459][ T4071]  ? _raw_spin_unlock_irq+0x23/0x50
[  246.145474][ T4071]  ? process_scheduled_works+0x9ef/0x17b0
[  246.145487][ T4071]  ? process_scheduled_works+0x9ef/0x17b0
[  246.145502][ T4071]  process_scheduled_works+0xae1/0x17b0
[  246.145545][ T4071]  ? __pfx_process_scheduled_works+0x10/0x10
[  246.145576][ T4071]  worker_thread+0x8a0/0xda0
[  246.145593][ T4071]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  246.145619][ T4071]  ? __kthread_parkme+0x7b/0x200
[  246.145644][ T4071]  kthread+0x711/0x8a0
[  246.145664][ T4071]  ? __pfx_worker_thread+0x10/0x10
[  246.145678][ T4071]  ? __pfx_kthread+0x10/0x10
[  246.145697][ T4071]  ? _raw_spin_unlock_irq+0x23/0x50
[  246.145713][ T4071]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.145730][ T4071]  ? __pfx_kthread+0x10/0x10
[  246.145748][ T4071]  ret_from_fork+0x3fc/0x770
[  246.145766][ T4071]  ? __pfx_ret_from_fork+0x10/0x10
[  246.145786][ T4071]  ? __switch_to_asm+0x39/0x70
[  246.145803][ T4071]  ? __switch_to_asm+0x33/0x70
[  246.145844][ T4071]  ? __pfx_kthread+0x10/0x10
[  246.145862][ T4071]  ret_from_fork_asm+0x1a/0x30
[  246.145895][ T4071]  </TASK>
[  246.145902][ T4071] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  246.337146][T11613] netlink: 'syz.3.2383': attribute type 22 has an invalid length.
[  246.346732][T11613] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2383'.
[  246.963340][T11664] loop4: detected capacity change from 0 to 2048
[  246.971535][T11664] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[  246.976044][T11664] UDF-fs: Scanning with blocksize 512 failed
[  246.983068][T11664] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  247.225276][T11667] loop4: detected capacity change from 0 to 32768
[  247.860948][T11677] macvtap0: entered allmulticast mode
[  247.863287][T11677] veth0_macvtap: entered allmulticast mode
[  248.254332][  T973] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  248.339118][T11711] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2426'.
[  248.380373][   T33] audit: type=1326 audit(1755246706.336:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11714 comm="syz.3.2428" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff02b18ebe9 code=0x0
[  248.407835][  T973] usb 5-1: config index 0 descriptor too short (expected 69, got 36)
[  248.411167][  T973] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  248.418418][  T973] usb 5-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  248.422105][  T973] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.426727][  T973] usb 5-1: Product: syz
[  248.428324][  T973] usb 5-1: Manufacturer: syz
[  248.434357][  T973] usb 5-1: SerialNumber: syz
[  248.437521][  T973] usb 5-1: config 0 descriptor??
[  248.443560][  T973] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622
[  249.159370][  T973] gspca_pac7302: reg_w() failed i: ff v: 01 error -71
[  249.161931][  T973] gspca_pac7302 5-1:0.0: probe with driver gspca_pac7302 failed with error -71
[  249.170943][  T973] usb 5-1: USB disconnect, device number 11
[  249.333676][T11738] tmpfs: Bad value for 'mpol'
[  250.192455][T11765] could not allocate digest TFM handle sm3
[  250.237691][T11769] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2450'.
[  250.384419][T11780] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2455'.
[  250.388177][T11780] 0: renamed from hsr_slave_1
[  250.398593][T11780] 0: entered allmulticast mode
[  250.401028][T11780] A link change request failed with some changes committed already. Interface c0 may have been left with an inconsistent configuration, please check.
[  250.535209][T11793] bridge1: entered promiscuous mode
[  250.851562][T11816] loop4: detected capacity change from 0 to 16
[  250.853979][T11816] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  250.980844][T11819] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2473'.
[  251.079071][T11821] loop4: detected capacity change from 0 to 4096
[  251.095110][T11824] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  251.359799][T11837] loop4: detected capacity change from 0 to 512
[  251.380401][T11837] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.2481: Invalid inode bitmap blk 4 in block_group 0
[  251.395932][T11837] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  251.432610][T11837] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement.
[  251.467044][ T9217] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.774429][  T973] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  251.924424][  T973] usb 5-1: Using ep0 maxpacket: 32
[  251.928373][  T973] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  251.932560][  T973] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  251.939830][  T973] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[  251.943316][  T973] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  251.948722][  T973] usb 5-1: config 0 descriptor??
[  252.668994][  T973] koneplus 0003:1E7D:2D51.0007: unknown main item tag 0x0
[  252.671778][  T973] koneplus 0003:1E7D:2D51.0007: unknown main item tag 0x0
[  252.674635][  T973] koneplus 0003:1E7D:2D51.0007: unknown main item tag 0x0
[  252.676838][  T973] koneplus 0003:1E7D:2D51.0007: unknown main item tag 0x0
[  252.679023][  T973] koneplus 0003:1E7D:2D51.0007: unknown main item tag 0x0
[  252.683731][  T973] koneplus 0003:1E7D:2D51.0007: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.4-1/input0
[  252.774457][  T973] koneplus 0003:1E7D:2D51.0007: couldn't init struct koneplus_device
[  252.777279][  T973] koneplus 0003:1E7D:2D51.0007: couldn't install mouse
[  252.781019][  T973] koneplus 0003:1E7D:2D51.0007: probe with driver koneplus failed with error -71
[  252.795604][  T973] usb 5-1: USB disconnect, device number 12
[  253.349265][T11895] loop4: detected capacity change from 0 to 1024
[  253.357082][T11895] hfsplus: found bad thread record in catalog
[  253.533307][T11905] loop4: detected capacity change from 0 to 22
[  253.538566][T11905] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  253.541560][T11905] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  254.017667][T11916] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2517'.
[  254.062434][T11920] loop4: detected capacity change from 0 to 128
[  254.374322][T11939] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000000004
[  254.849021][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  254.851492][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  255.321857][T11975] netlink: 'syz.4.2544': attribute type 1 has an invalid length.
[  255.629383][T11987] loop4: detected capacity change from 0 to 512
[  255.636428][T11987] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  255.642691][T11987] EXT4-fs (loop4): orphan cleanup on readonly fs
[  255.650449][T11987] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:517: comm syz.4.2549: Block bitmap for bg 0 marked uninitialized
[  255.656373][T11987] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  255.659851][T11987] EXT4-fs (loop4): 1 orphan inode deleted
[  255.663612][T11987] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  255.677468][T11987] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  255.682092][T11987] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  255.688203][T11987] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:517: comm syz.4.2549: Block bitmap for bg 0 marked uninitialized
[  255.696319][T11987] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:517: comm syz.4.2549: Block bitmap for bg 0 marked uninitialized
[  255.703218][T11987] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:517: comm syz.4.2549: Block bitmap for bg 0 marked uninitialized
[  255.722910][ T9217] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.830643][T11992] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2550'.
[  255.928132][T12000] netlink: 'syz.4.2554': attribute type 4 has an invalid length.
[  256.393314][T12035] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2571'.
[  256.675878][T12056] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2581'.
[  256.806132][T12063] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2584'.
[  258.106916][   T33] audit: type=1326 audit(1755246716.066:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12093 comm="syz.0.2596" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe88438ebe9 code=0x7ffc0000
[  258.114955][   T33] audit: type=1326 audit(1755246716.066:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12093 comm="syz.0.2596" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe88438ebe9 code=0x7ffc0000
[  258.122539][   T33] audit: type=1326 audit(1755246716.066:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12093 comm="syz.0.2596" exe="/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7fe88438ebe9 code=0x7ffc0000
[  258.212481][   T33] audit: type=1326 audit(1755246716.066:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12093 comm="syz.0.2596" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe88438ebe9 code=0x7ffc0000
[  258.221489][   T33] audit: type=1326 audit(1755246716.076:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12093 comm="syz.0.2596" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe88438ebe9 code=0x7ffc0000
[  258.258266][T12099] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2600'.
[  258.261716][T12099] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2600'.
[  258.490544][T12120] loop4: detected capacity change from 0 to 512
[  258.535662][T12120] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.539607][T12120] ext4 filesystem being mounted at /328/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  258.959434][ T9217] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.322395][T12141] loop4: detected capacity change from 0 to 512
[  259.332598][T12141] EXT4-fs: Ignoring removed i_version option
[  259.337370][T12141] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  259.346263][T12141] EXT4-fs (loop4): 1 truncate cleaned up
[  259.349271][T12141] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  259.466691][ T9217] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.535172][T12149] netlink: 'syz.0.2620': attribute type 2 has an invalid length.
[  259.551419][T12149] : entered promiscuous mode
[  259.617411][T12159] overlayfs: failed to clone upperpath
[  259.726533][T12167] overlayfs: failed to clone upperpath
[  259.796744][T12155] loop4: detected capacity change from 0 to 32768
[  259.801065][T12155] bcachefs (/dev/loop4): error validating superblock: Invalid superblock section clean: entry type clock overruns end of section
[  259.801065][T12155] clean (size 2912):
[  259.801065][T12155] flags:          0
[  259.801065][T12155] journal_seq:    10
[  259.801065][T12155] dev_usage: 
[  259.801065][T12155] usage: type=key_version v=0
[  259.801065][T12155] (unknown jset_entry_type 255)
[  259.801065][T12155] usage: type=reserved v=0
[  259.801065][T12155] usage: type=reserved v=0
[  259.801065][T12155] usage: type=reserved v=0
[  259.801065][T12155] data_usage: btree: 1/1 [0]=2816
[  259.801065][T12155] data_usage: journal: 1/1 [0]=0
[  259.801065][T12155] data_usage: user: 1/1 [0]=16
[  259.801065][T12155] dev_usage: dev=0  
[  259.801065][T12155]   free: buckets=83 sectors=0 fragmented=0
[  259.801065][T12155]   sb: buckets=25 sectors=6152 fragmented=248
[  259.801065][T12155]   journal: buckets=8 sectors=2048 fragmented=0
[  259.801065][T12155]   btree: buckets=11 sectors=2816 fragmented=0
[  259.801065][T12155]   user: buckets=1 sectors=16 fragmented=240
[  259.801065][T12155]   cached: buckets=0 sectors=0 fragmented=0
[  259.801065][T12155]   parity: buckets=0 sectors=0 fragmented=0
[  259.801065][T12155]   stripe: buckets=0 sectors=0 fragmented=0
[  259.801065][T12155]   need_gc_gens: buckets=0 sectors=0 fragmented=0
[  259.801065][T12155]   need_discard: buckets=0 sectors=0 fragmented=0
[  259.801065][T12155] 
[  259.851869][T12155] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  260.077329][T12183] loop4: detected capacity change from 0 to 8
[  260.088317][T12183] SQUASHFS error: Failed to read block 0x260685: -5
[  260.091331][T12183] SQUASHFS error: Unable to read metadata cache entry [260685]
[  260.096684][T12183] SQUASHFS error: Unable to read directory block [260685:0]
[  260.516978][T12205] netlink: 'syz.0.2648': attribute type 3 has an invalid length.
[  260.520103][T12205] netlink: 'syz.0.2648': attribute type 27 has an invalid length.
[  260.546302][   T55] Bluetooth: hci0: unexpected event for opcode 0x0406
[  260.714349][   T24] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  261.098118][   T24] usb 5-1: Using ep0 maxpacket: 32
[  261.102375][   T24] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  261.106115][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.115012][   T24] usb 5-1: config 0 descriptor??
[  261.120243][   T24] gspca_main: nw80x-2.14.0 probing 055f:d001
[  261.334623][   T24] gspca_nw80x: reg_w err -71
[  261.338612][   T24] nw80x 5-1:0.0: probe with driver nw80x failed with error -71
[  261.344864][   T24] usb 5-1: USB disconnect, device number 13
[  262.913443][T12269] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2677'.
[  263.204312][ T6073] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  263.354436][ T6073] usb 5-1: Using ep0 maxpacket: 32
[  263.360242][ T6073] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  263.363561][ T6073] usb 5-1: config 0 has no interface number 0
[  263.366194][ T6073] usb 5-1: config 0 interface 12 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  263.370371][ T6073] usb 5-1: config 0 interface 12 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  263.375605][ T6073] usb 5-1: config 0 interface 12 has no altsetting 0
[  263.381679][ T6073] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  263.385348][ T6073] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.388825][ T6073] usb 5-1: Product: syz
[  263.390801][ T6073] usb 5-1: Manufacturer: syz
[  263.392875][ T6073] usb 5-1: SerialNumber: syz
[  263.398310][ T6073] usb 5-1: config 0 descriptor??
[  263.403536][ T6073] f81534 5-1:0.12: unsupported endpoint max packet size
[  263.612543][ T6073] usb 5-1: USB disconnect, device number 14
[  263.953372][T12295] netlink: 'syz.0.2688': attribute type 1 has an invalid length.
[  263.959019][T12295] netlink: 'syz.0.2688': attribute type 1 has an invalid length.
[  264.108378][T12303] netlink: 384 bytes leftover after parsing attributes in process `syz.0.2692'.
[  264.713686][T12290] 9pnet_fd: p9_fd_create_tcp (12290): problem connecting socket to 127.0.0.1
[  265.040264][T12334] mac80211_hwsim hwsim10 wlan0: entered promiscuous mode
[  265.047497][T12334] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  265.358338][T12361] loop4: detected capacity change from 0 to 512
[  265.361668][T12361] EXT4-fs: Ignoring removed nomblk_io_submit option
[  265.376964][T12361] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  265.380263][T12361] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  265.429119][T12361] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.2718: Allocating blocks 41-42 which overlap fs metadata
[  265.457125][T12361] EXT4-fs (loop4): Remounting filesystem read-only
[  265.459824][T12361] Quota error (device loop4): write_blk: dquota write failed
[  265.462809][T12361] Quota error (device loop4): find_free_dqentry: Can't write quota data block 5
[  265.480258][T12361] Quota error (device loop4): write_blk: dquota write failed
[  265.483304][T12361] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  265.502316][T12361] EXT4-fs (loop4): 1 truncate cleaned up
[  265.506327][T12361] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  265.549083][ T9217] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.614920][T12373] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2721'.
[  266.385671][T12392] A link change request failed with some changes committed already. Interface veth1_to_team may have been left with an inconsistent configuration, please check.
[  266.854485][   T95] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  267.004486][   T95] usb 5-1: Using ep0 maxpacket: 8
[  267.008689][   T95] usb 5-1: config 0 has an invalid interface number: 151 but max is 1
[  267.011871][   T95] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  267.015281][   T95] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  267.018363][   T95] usb 5-1: config 0 has no interface number 0
[  267.020789][   T95] usb 5-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  267.024965][   T95] usb 5-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[  267.029543][   T95] usb 5-1: config 0 interface 151 altsetting 0 endpoint 0x83 has invalid maxpacket 64466, setting to 1024
[  267.033829][   T95] usb 5-1: config 0 interface 151 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  267.037993][   T95] usb 5-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  267.046786][   T95] usb 5-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7
[  267.050226][   T95] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.053374][   T95] usb 5-1: Product: syz
[  267.055234][   T95] usb 5-1: Manufacturer: syz
[  267.056707][   T95] usb 5-1: SerialNumber: syz
[  267.060350][   T95] usb 5-1: config 0 descriptor??
[  267.062973][T12403] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  267.068510][   T95] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  267.284089][   T24] usb 5-1: USB disconnect, device number 15
[  268.084997][T12453] netlink: 'syz.0.2760': attribute type 29 has an invalid length.
[  268.658415][T12473] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2769'.
[  269.954423][ T6073] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  270.106264][ T6073] usb 5-1: config 0 has an invalid interface number: 30 but max is 0
[  270.109235][ T6073] usb 5-1: config 0 has no interface number 0
[  270.115082][ T6073] usb 5-1: New USB device found, idVendor=0572, idProduct=d811, bcdDevice=94.e2
[  270.118009][ T6073] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.135653][ T6073] usb 5-1: config 0 descriptor??
[  270.142879][ T6073] dvb-usb: found a 'Mygica D689 DMB-TH' in warm state.
[  270.155346][ T6073] usb 5-1: setting power ON
[  270.157179][ T6073] dvb-usb: bulk message failed: -22 (2/0)
[  270.297453][ T6073] dvb-usb: bulk message failed: -22 (1/0)
[  270.408206][ T6073] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  270.425848][ T6073] dvb-usb: Mygica D689 DMB-TH error while loading driver (-19)
[  270.429057][ T6073] dvb_usb_cxusb 5-1:0.30: probe with driver dvb_usb_cxusb failed with error -22
[  270.444369][ T6073] usb 5-1: USB disconnect, device number 16
[  270.994045][T12545] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2802'.
[  272.110883][T12592] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  272.208711][T12600] geneve2: entered promiscuous mode
[  272.210973][T12600] geneve2: entered allmulticast mode
[  272.219634][T12598] loop4: detected capacity change from 0 to 4096
[  272.639533][T12631] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2838'.
[  272.662851][T12630] fuse: Bad value for 'fd'
[  272.713680][T12630] loop4: detected capacity change from 0 to 512
[  272.718746][T12631] netlink: 'syz.3.2838': attribute type 2 has an invalid length.
[  272.722227][T12630] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  272.743138][T12630] EXT4-fs (loop4): 1 truncate cleaned up
[  272.753013][T12630] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  272.803394][ T9217] EXT4-fs error (device loop4): ext4_lookup:1787: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256)
[  272.818191][ T9217] EXT4-fs (loop4): Remounting filesystem read-only
[  272.881807][ T9941] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.043960][T12655] bpf: Bad value for 'gid'
[  273.180682][ T5875] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.251457][ T5875] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.386858][ T5875] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.459135][T12675] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2861'.
[  273.465732][ T5875] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.580797][ T5238] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  273.587584][ T5238] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  273.591858][ T5238] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  273.598929][ T5238] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  273.604123][ T5238] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  273.620677][ T5875] bridge_slave_1: left allmulticast mode
[  273.626782][ T5875] bridge_slave_1: left promiscuous mode
[  273.629255][ T5875] bridge0: port 2(bridge_slave_1) entered disabled state
[  273.638162][ T5875] bridge_slave_0: left allmulticast mode
[  273.640559][ T5875] bridge_slave_0: left promiscuous mode
[  273.642978][ T5875] bridge0: port 1(bridge_slave_0) entered disabled state
[  273.673882][T12687] overlayfs: failed to clone lowerpath
[  274.161520][ T5875] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  274.167711][ T5875] bond_slave_0: left allmulticast mode
[  274.173154][ T5875] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  274.177778][ T5875] bond_slave_1: left allmulticast mode
[  274.186744][ T5875] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  274.190431][ T5875] mac80211_hwsim hwsim11 wlan1: left allmulticast mode
[  274.202479][ T5875] bond0 (unregistering): Released all slaves
[  274.326649][ T5875] bond1 (unregistering): Released all slaves
[  274.627100][ T5875] hsr_slave_0: left promiscuous mode
[  274.637155][ T5875] hsr_slave_1: left promiscuous mode
[  274.639937][ T5875] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  274.642926][ T5875] batman_adv: batadv0: Removing interface: batadv_slave_0
[  274.657309][ T5875] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  274.660309][ T5875] batman_adv: batadv0: Removing interface: batadv_slave_1
[  274.692229][ T5875] veth1_macvtap: left promiscuous mode
[  274.694572][ T5875] veth0_macvtap: left promiscuous mode
[  274.696892][ T5875] veth1_vlan: left promiscuous mode
[  274.698924][ T5875] veth0_vlan: left promiscuous mode
[  274.798222][T12731] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2886'.
[  275.143362][ T5875] team0 (unregistering): Port device team_slave_1 removed
[  275.188848][ T5875] team0 (unregistering): Port device team_slave_0 removed
[  275.651759][T12682] chnl_net:caif_netlink_parms(): no params data found
[  275.654922][   T55] Bluetooth: hci1: command tx timeout
[  275.826490][T12682] bridge0: port 1(bridge_slave_0) entered blocking state
[  275.828957][T12682] bridge0: port 1(bridge_slave_0) entered disabled state
[  275.831759][T12682] bridge_slave_0: entered allmulticast mode
[  275.846472][T12682] bridge_slave_0: entered promiscuous mode
[  275.851915][T12682] bridge0: port 2(bridge_slave_1) entered blocking state
[  275.856740][T12682] bridge0: port 2(bridge_slave_1) entered disabled state
[  275.874558][T12682] bridge_slave_1: entered allmulticast mode
[  275.878677][T12682] bridge_slave_1: entered promiscuous mode
[  276.059084][T12682] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  276.076686][T12682] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  276.089261][ T5875] IPVS: stop unused estimator thread 0...
[  276.148632][T12682] team0: Port device team_slave_0 added
[  276.157791][T12682] team0: Port device team_slave_1 added
[  276.202118][T12682] batman_adv: batadv0: Adding interface: batadv_slave_0
[  276.208504][T12682] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  276.228675][T12682] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  276.233989][T12682] batman_adv: batadv0: Adding interface: batadv_slave_1
[  276.244304][T12682] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  276.260780][T12682] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  276.331205][T12682] hsr_slave_0: entered promiscuous mode
[  276.344580][T12682] hsr_slave_1: entered promiscuous mode
[  276.347277][T12682] debugfs: 'hsr0' already exists in 'hsr'
[  276.349373][T12682] Cannot create hsr debugfs directory
[  276.620052][T12682] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  276.630670][T12682] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  276.636961][T12682] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  276.646742][T12682] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  276.768114][T12682] 8021q: adding VLAN 0 to HW filter on device bond0
[  276.783174][T12682] 8021q: adding VLAN 0 to HW filter on device team0
[  276.792212][ T4636] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.794950][ T4636] bridge0: port 1(bridge_slave_0) entered forwarding state
[  276.809221][ T4636] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.811954][ T4636] bridge0: port 2(bridge_slave_1) entered forwarding state
[  276.998330][T12682] 8021q: adding VLAN 0 to HW filter on device batadv0
[  277.239195][T12682] veth0_vlan: entered promiscuous mode
[  277.251060][T12682] veth1_vlan: entered promiscuous mode
[  277.296942][T12682] veth0_macvtap: entered promiscuous mode
[  277.305883][T12682] veth1_macvtap: entered promiscuous mode
[  277.325537][T12682] batman_adv: batadv0: Interface activated: batadv_slave_0
[  277.337278][T12682] batman_adv: batadv0: Interface activated: batadv_slave_1
[  277.375939][ T5871] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  277.384413][ T5871] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  277.399398][ T5871] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  277.403170][ T5871] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  277.472176][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.478660][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.507524][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.510746][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.651844][T12812] loop5: detected capacity change from 0 to 4096
[  277.672100][T12812] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  277.677946][T12812] ntfs3(loop5): Failed to initialize $Extend/$ObjId.
[  277.680754][T12812] ntfs3(loop5): ino=5, mi_enum_attr
[  277.737145][   T55] Bluetooth: hci1: command tx timeout
[  277.859514][T12816] loop5: detected capacity change from 0 to 2048
[  277.872625][T12816] hpfs: filesystem error: improperly stopped; already mounted read-only
[  277.876585][T12816] hpfs: filesystem error: sector(s) 'dir_band' badly placed at 7b318cc2
[  277.942269][T12818] loop5: detected capacity change from 0 to 1024
[  277.948849][T12818] EXT4-fs (loop5): first meta block group too large: 33024 (group descriptor block count 1)
[  278.008603][T12821] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2920'.
[  278.173816][T12833] tmpfs: Bad value for 'mpol'
[  278.627880][T12853] loop5: detected capacity change from 0 to 1024
[  278.646640][T12853] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  278.688914][T12682] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  278.929355][T12862] loop5: detected capacity change from 0 to 40427
[  278.936722][T12862] F2FS-fs (loop5): build fault injection rate: 771
[  278.942392][T12862] F2FS-fs (loop5): invalid crc value
[  279.025702][T12869] delete_channel: no stack
[  279.028643][T12862] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  279.033886][T12862] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  279.165335][T12682] syz-executor: attempt to access beyond end of device
[  279.165335][T12682] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  279.186263][T12682] CPU: 0 UID: 0 PID: 12682 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  279.186280][T12682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  279.186285][T12682] Call Trace:
[  279.186290][T12682]  <TASK>
[  279.186294][T12682]  dump_stack_lvl+0x189/0x250
[  279.186310][T12682]  ? __pfx_dump_stack_lvl+0x10/0x10
[  279.186320][T12682]  ? __pfx_queue_work_on+0x10/0x10
[  279.186328][T12682]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  279.186339][T12682]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  279.186354][T12682]  f2fs_handle_critical_error+0x37c/0x540
[  279.186369][T12682]  f2fs_write_end_io+0x886/0xb60
[  279.186385][T12682]  __submit_merged_bio+0x27a/0x6a0
[  279.186398][T12682]  __submit_merged_write_cond+0x255/0x530
[  279.186412][T12682]  f2fs_write_data_pages+0x261d/0x3000
[  279.186438][T12682]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  279.186470][T12682]  ? check_path+0x21/0x40
[  279.186478][T12682]  ? check_noncircular+0xe0/0x160
[  279.186508][T12682]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  279.186546][T12682]  do_writepages+0x32e/0x550
[  279.186563][T12682]  ? do_raw_spin_unlock+0x4d/0x240
[  279.186574][T12682]  filemap_fdatawrite+0x199/0x240
[  279.186585][T12682]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  279.186617][T12682]  ? do_raw_spin_unlock+0x4d/0x240
[  279.186627][T12682]  f2fs_sync_dirty_inodes+0x31f/0x830
[  279.186643][T12682]  f2fs_write_checkpoint+0x95a/0x1df0
[  279.186662][T12682]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  279.186688][T12682]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  279.186704][T12682]  ? kfree+0x18e/0x440
[  279.186714][T12682]  ? kill_f2fs_super+0x298/0x6c0
[  279.186724][T12682]  kill_f2fs_super+0x2c3/0x6c0
[  279.186735][T12682]  ? __pfx_kill_f2fs_super+0x10/0x10
[  279.186742][T12682]  ? radix_tree_delete_item+0x2b6/0x400
[  279.186756][T12682]  ? shrinker_free+0x2ce/0x3e0
[  279.186766][T12682]  deactivate_locked_super+0xbc/0x130
[  279.186777][T12682]  cleanup_mnt+0x425/0x4c0
[  279.186786][T12682]  ? lockdep_hardirqs_on+0x9c/0x150
[  279.186798][T12682]  task_work_run+0x1d4/0x260
[  279.186810][T12682]  ? __pfx_task_work_run+0x10/0x10
[  279.186818][T12682]  ? __x64_sys_umount+0x122/0x160
[  279.186831][T12682]  ? exit_to_user_mode_loop+0x40/0x110
[  279.186844][T12682]  exit_to_user_mode_loop+0xec/0x110
[  279.186855][T12682]  do_syscall_64+0x2bd/0x3b0
[  279.186865][T12682]  ? lockdep_hardirqs_on+0x9c/0x150
[  279.186875][T12682]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.186883][T12682]  ? exc_page_fault+0x9f/0xf0
[  279.186893][T12682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.186901][T12682] RIP: 0033:0x7f93f178ff17
[  279.186910][T12682] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  279.186917][T12682] RSP: 002b:00007ffda656fab8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  279.186926][T12682] RAX: 0000000000000000 RBX: 00007f93f1811c05 RCX: 00007f93f178ff17
[  279.186932][T12682] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffda656fb70
[  279.186936][T12682] RBP: 00007ffda656fb70 R08: 0000000000000000 R09: 0000000000000000
[  279.186941][T12682] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffda6570c00
[  279.186946][T12682] R13: 00007f93f1811c05 R14: 00000000000443a1 R15: 00007ffda6570c40
[  279.186960][T12682]  </TASK>
[  279.186963][T12682] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  279.804408][   T55] Bluetooth: hci1: command tx timeout
[  279.824686][T12909] loop5: detected capacity change from 0 to 4096
[  279.828314][T12909] EXT4-fs: Conflicting test_dummy_encryption options
[  280.052244][T12921] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2966'.
[  280.062535][T12921] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2966'.
[  281.087619][T12961] netlink: 136 bytes leftover after parsing attributes in process `syz.3.2982'.
[  281.134132][T12964] netlink: 'syz.3.2983': attribute type 10 has an invalid length.
[  281.142761][T12964] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  281.884355][   T55] Bluetooth: hci1: command tx timeout
[  282.233363][T13003] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3001'.
[  283.384384][ T6073] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  283.575348][ T6073] usb 6-1: config 0 has an invalid interface number: 156 but max is 0
[  283.578602][ T6073] usb 6-1: config 0 has no interface number 0
[  283.581014][ T6073] usb 6-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  283.585537][ T6073] usb 6-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  283.595771][ T6073] usb 6-1: config 0 interface 156 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  283.599743][ T6073] usb 6-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  283.603257][ T6073] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  283.688343][ T6073] usb 6-1: config 0 descriptor??
[  283.698958][ T6073] gspca_main: spca561-2.14.0 probing abcd:cdee
[  283.900978][ T6073] spca561 6-1:0.156: probe with driver spca561 failed with error -22
[  283.906556][ T6073] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  283.909159][ T6073] usb 6-1: MIDIStreaming interface descriptor not found
[  283.937557][ T6073] usb 6-1: USB disconnect, device number 2
[  284.208567][T13062] overlayfs: failed to clone upperpath
[  284.622712][T13097] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3045'.
[  284.669716][T13101] syzkaller1: entered promiscuous mode
[  284.672120][T13101] syzkaller1: entered allmulticast mode
[  284.925294][T13116] netlink: 128 bytes leftover after parsing attributes in process `syz.3.3053'.
[  284.936806][T13116] netlink: 128 bytes leftover after parsing attributes in process `syz.3.3053'.
[  284.967437][T13118] loop5: detected capacity change from 0 to 1024
[  284.979423][T13118] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  285.063719][   T33] audit: type=1804 audit(1755246743.016:62): pid=13123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.3055" name="/newroot/43/file0/bus" dev="loop5" ino=840 res=1 errno=0
[  285.375284][T13136] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3063'.
[  285.379934][T13136] bridge0: port 2(bridge_slave_1) entered disabled state
[  285.651413][T13160] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  286.267469][T13189] cgroup: Bad value for 'name'
[  286.412021][T13199] bridge0: port 3(hsr_slave_1) entered blocking state
[  286.414161][T13199] bridge0: port 3(hsr_slave_1) entered disabled state
[  286.416609][T13199] hsr_slave_1: entered allmulticast mode
[  286.419604][T13199] hsr_slave_1: left allmulticast mode
[  286.652846][T13210] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3097'.
[  286.752294][   T95] IPVS: starting estimator thread 0...
[  286.844512][T13221] IPVS: using max 40 ests per chain, 96000 per kthread
[  287.211768][ T6073] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  287.375481][ T6073] usb 6-1: Using ep0 maxpacket: 16
[  287.379593][ T6073] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  287.382739][ T6073] usb 6-1: config 0 has no interface number 0
[  287.385674][ T6073] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  287.392098][ T6073] usb 6-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d
[  287.398638][ T6073] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.401856][ T6073] usb 6-1: Product: syz
[  287.403486][ T6073] usb 6-1: Manufacturer: syz
[  287.405532][ T6073] usb 6-1: SerialNumber: syz
[  287.411072][ T6073] usb 6-1: config 0 descriptor??
[  287.418450][ T6073] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  287.442884][ T6073] snd-usb-audio 6-1:0.1: probe with driver snd-usb-audio failed with error -2
[  287.636544][ T6073] usb 6-1: USB disconnect, device number 3
[  288.418710][T13254] loop5: detected capacity change from 0 to 65
[  288.429845][T13254] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing
[  288.432632][T13254] BFS-fs: bfs_fill_super(): NOTE: filesystem loop5 was created with 512 inodes, the real maximum is 511, mounting anyway
[  288.506612][T13256] netlink: 'syz.5.3115': attribute type 2 has an invalid length.
[  288.543342][T13258] netlink: 72 bytes leftover after parsing attributes in process `syz.5.3116'.
[  288.547220][T13258] netlink: 72 bytes leftover after parsing attributes in process `syz.5.3116'.
[  289.003027][T13287] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3129'.
[  289.169086][T13295] loop5: detected capacity change from 0 to 128
[  289.178764][T13295] omfs: sysblock number (f784317bf884317b) is out of range
[  289.214037][T13297] netlink: 'syz.5.3134': attribute type 8 has an invalid length.
[  289.224153][T13297] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  289.416556][T13305] libceph: resolve '4' (ret=-3): failed
[  290.185907][T13338] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096
[  290.438325][T13352] sch_tbf: burst 4398 is lower than device lo mtu (65499) !
[  290.749689][T13372] netlink: 71 bytes leftover after parsing attributes in process `syz.0.3170'.
[  291.466799][T13420] netlink: 'syz.3.3192': attribute type 21 has an invalid length.
[  291.469606][T13420] IPv6: NLM_F_CREATE should be specified when creating new route
[  291.472329][T13420] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  291.475244][T13420] IPv6: NLM_F_CREATE should be set when creating new route
[  291.477913][T13420] IPv6: NLM_F_CREATE should be set when creating new route
[  291.480536][T13420] IPv6: NLM_F_CREATE should be set when creating new route
[  293.048840][T13452] loop5: detected capacity change from 0 to 32768
[  294.074579][T13485] loop5: detected capacity change from 0 to 40427
[  294.078676][T13485] F2FS-fs (loop5): build fault injection rate: 771
[  294.083175][T13485] F2FS-fs (loop5): invalid crc value
[  294.158838][T13485] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  294.162400][T13485] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  294.500632][T13525] input: syz0 as /devices/virtual/input/input11
[  294.681888][T13539] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3244'.
[  294.894306][  T973] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  294.907082][T13556] vlan2: entered allmulticast mode
[  295.047071][  T973] usb 6-1: config 5 has an invalid interface number: 42 but max is 0
[  295.051398][  T973] usb 6-1: config 5 has no interface number 0
[  295.053907][  T973] usb 6-1: config 5 interface 42 has no altsetting 0
[  295.059662][  T973] usb 6-1: New USB device found, idVendor=2304, idProduct=021f, bcdDevice= 0.15
[  295.063432][  T973] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.067975][  T973] usb 6-1: Product: syz
[  295.069741][  T973] usb 6-1: Manufacturer: syz
[  295.071698][  T973] usb 6-1: SerialNumber: syz
[  295.287750][  T973] dvb-usb: found a 'PCTV HDTV USB' in warm state.
[  295.290373][  T973] pctv452e: pctv452e_power_ctrl: 1
[  295.290373][  T973] 
[  295.293193][  T973] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  295.293193][  T973] 
[  295.297478][  T973] dvb-usb: bulk message failed: -22 (5/0)
[  295.302644][  T973] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  295.309181][  T973] dvb-usb: PCTV HDTV USB error while loading driver (-19)
[  295.313875][  T973] usb 6-1: USB disconnect, device number 4
[  295.899435][T13588] loop7: detected capacity change from 0 to 7
[  295.905053][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  295.908887][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  295.913491][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  295.917181][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  295.922388][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  295.925873][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  295.931129][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  295.934747][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  295.938533][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  295.942242][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  295.945822][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  295.949435][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  295.952629][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  295.956293][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  295.959403][T13588] ldm_validate_partition_table(): Disk read failed.
[  295.962391][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  295.966119][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  295.994722][T13589] Invalid logical block size (6)
[  295.998588][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  296.001611][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  296.005092][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  296.008655][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  296.011656][T13588] Dev loop7: unable to read RDB block 0
[  296.015252][T13588]  loop7: unable to read partition table
[  296.016998][T13588] loop7: partition table beyond EOD, truncated
[  296.019033][T13588] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X	%`ր{֐ȵ4FLQk݊) failed (rc=-5)
[  296.239998][T13594] loop5: detected capacity change from 0 to 512
[  296.260402][T13594] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  296.266594][T13594] ext4 filesystem being mounted at /100/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  296.277354][T13594] EXT4-fs warning (device loop5): ext4_group_add:1716: Can't resize non-sparse filesystem further
[  296.298757][T12682] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  296.392099][T13600] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3270'.
[  296.931806][T13610] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3275'.
[  297.068571][   T33] audit: type=1326 audit(1755246755.026:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13613 comm="syz.3.3277" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff02b18ebe9 code=0x0
[  297.323160][T13621] syz_tun: entered allmulticast mode
[  297.713389][   T33] audit: type=1326 audit(1755246755.666:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13625 comm="syz.0.3282" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe88438ebe9 code=0x7ffc0000
[  297.723038][   T33] audit: type=1326 audit(1755246755.666:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13625 comm="syz.0.3282" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe88438ebe9 code=0x7ffc0000
[  297.773619][   T33] audit: type=1326 audit(1755246755.726:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13625 comm="syz.0.3282" exe="/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fe88438ebe9 code=0x7ffc0000
[  297.784048][   T33] audit: type=1326 audit(1755246755.726:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13625 comm="syz.0.3282" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe88438ebe9 code=0x7ffc0000
[  297.792799][   T33] audit: type=1326 audit(1755246755.726:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13625 comm="syz.0.3282" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe88438ebe9 code=0x7ffc0000
[  298.493934][T13651] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  298.509224][T13651] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  298.583302][T13655] loop5: detected capacity change from 0 to 764
[  301.481897][T13721] vlan2: entered allmulticast mode
[  301.484067][T13721] vlan1: entered allmulticast mode
[  301.488048][T13721] veth0_vlan: entered allmulticast mode
[  301.696453][T13727] tmpfs: Bad value for 'mpol'
[  301.754760][T13725] loop5: detected capacity change from 0 to 32768
[  301.781175][T13725] (syz.5.3327,13725,0):ocfs2_read_blocks_sync:112 ERROR: status = -12
[  301.786219][T13725] (syz.5.3327,13725,0):ocfs2_read_locked_inode:597 ERROR: status = -12
[  301.789596][T13725] (syz.5.3327,13725,0):_ocfs2_get_system_file_inode:144 ERROR: status = -12
[  301.793302][T13725] (syz.5.3327,13725,0):ocfs2_init_local_system_inodes:496 ERROR: status=-22, sysfile=8, slot=0
[  301.798577][T13725] (syz.5.3327,13725,0):ocfs2_init_local_system_inodes:505 ERROR: status = -22
[  301.802661][T13725] (syz.5.3327,13725,0):ocfs2_mount_volume:1758 ERROR: status = -22
[  301.812309][T13725] (syz.5.3327,13725,0):ocfs2_fill_super:1177 ERROR: status = -22
[  302.374020][T13762] gfs2: gfs2 mount does not exist
[  302.437420][T13758] loop5: detected capacity change from 0 to 40427
[  302.441088][T13758] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504)
[  302.443810][T13758] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  302.453427][T13758] F2FS-fs (loop5): invalid crc value
[  302.461735][T13758] F2FS-fs (loop5): Wrong journal entry on segno 4294939138
[  302.473517][T13758] F2FS-fs (loop5): Failed to initialize F2FS segment manager (-117)
[  302.479328][T13769] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3347'.
[  302.709022][T13779] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3352'.
[  302.995211][   T95] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  303.129709][T13785] tipc: Enabled bearer <eth:macvtap0>, priority 10
[  303.154542][   T95] usb 6-1: Using ep0 maxpacket: 32
[  303.159475][   T95] usb 6-1: config 0 has an invalid interface number: 151 but max is 0
[  303.162740][   T95] usb 6-1: config 0 has no interface number 0
[  303.182070][   T95] usb 6-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  303.186498][   T95] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.189738][   T95] usb 6-1: Product: syz
[  303.191467][   T95] usb 6-1: Manufacturer: syz
[  303.193837][   T95] usb 6-1: SerialNumber: syz
[  303.203982][   T95] usb 6-1: config 0 descriptor??
[  303.424418][   T95] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  303.471682][   T95] usb 6-1: USB disconnect, device number 5
[  304.244595][   T24] tipc: Node number set to 2886997007
[  304.746916][T13823] loop5: detected capacity change from 0 to 1024
[  304.759083][T13823] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  304.763825][T13823] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  304.794614][T12682] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  306.123714][T13886] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3395'.
[  306.167774][T13888] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3396'.
[  306.171314][T13888] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3396'.
[  306.615655][T13906] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  306.781447][T13912] netlink: 'syz.5.3408': attribute type 21 has an invalid length.
[  306.930723][T13918] veth0_to_bond: entered allmulticast mode
[  306.933193][T13918] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check.
[  307.104813][  T973] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  307.257933][  T973] usb 6-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62
[  307.264567][  T973] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.267534][  T973] usb 6-1: Product: syz
[  307.268789][  T973] usb 6-1: Manufacturer: syz
[  307.270310][  T973] usb 6-1: SerialNumber: syz
[  307.284960][  T973] usb 6-1: config 0 descriptor??
[  307.300123][  T973] usb 6-1: selecting invalid altsetting 1
[  307.302671][  T973] comedi comedi5: could not switch to alternate setting 1
[  307.309675][  T973] usbduxfast 6-1:0.0: driver 'usbduxfast' failed to auto-configure device.
[  307.704026][   T95] usb 6-1: USB disconnect, device number 6
[  307.816906][T13952] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  307.824052][T13952] Error validating options; rc = [-22]
[  308.544025][T13978] Bluetooth: hci0: expected 2 bytes, got 7 bytes
[  309.184746][   T95] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  309.336385][   T95] usb 6-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  309.340421][   T95] usb 6-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  309.344696][   T95] usb 6-1: config 4 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 77
[  309.348569][   T95] usb 6-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101
[  309.353300][   T95] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  309.356914][   T95] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.362624][T14018] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  309.569742][   T95] ath6kl: Failed to submit usb control message: -71
[  309.572241][   T95] ath6kl: unable to send the bmi data to the device: -71
[  309.574888][   T95] ath6kl: Unable to send get target info: -71
[  309.589688][   T95] ath6kl: Failed to init ath6kl core: -71
[  309.593021][   T95] ath6kl_usb 6-1:4.0: probe with driver ath6kl_usb failed with error -71
[  309.609187][   T95] usb 6-1: USB disconnect, device number 7
[  310.315512][T14073] loop5: detected capacity change from 0 to 1024
[  310.320084][T14073] hfsplus: failed to load catalog file
[  310.787964][T14109] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3501'.
[  310.791481][T14109] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3501'.
[  310.795425][T14109] tipc: MTU too low for tipc bearer
[  310.871321][T14116] vxcan3: entered allmulticast mode
[  311.180488][T14129] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3511'.
[  311.192073][T14129] netlink: 'syz.3.3511': attribute type 7 has an invalid length.
[  311.197369][T14129] netlink: 'syz.3.3511': attribute type 8 has an invalid length.
[  311.200688][T14129] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3511'.
[  311.209839][T14129] gretap0: entered promiscuous mode
[  311.212897][T14129] batadv_slave_1: entered promiscuous mode
[  311.217306][T14129] erspan0: entered promiscuous mode
[  311.220655][T14129] hsr1: Slave A (gretap0) is not up; please bring it up to get a fully working HSR network
[  311.224939][T14129] hsr1: Slave B (batadv_slave_1) is not up; please bring it up to get a fully working HSR network
[  311.229927][T14129] hsr1: Interlink (erspan0) is not up; please bring it up to get a fully working HSR network
[  311.754378][   T24] usb 6-1: new low-speed USB device number 8 using dummy_hcd
[  311.919288][   T24] usb 6-1: config index 0 descriptor too short (expected 1307, got 27)
[  311.922683][   T24] usb 6-1: config 0 has an invalid interface number: 0 but max is -1
[  311.926247][   T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 0
[  311.929562][   T24] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  311.934946][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 4
[  311.940617][   T24] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  311.950994][   T24] usb 6-1: string descriptor 0 read error: -22
[  311.953387][   T24] usb 6-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  311.958196][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.962509][   T24] usb 6-1: config 0 descriptor??
[  311.967042][   T24] hub 6-1:0.0: bad descriptor, ignoring hub
[  311.969368][   T24] hub 6-1:0.0: probe with driver hub failed with error -5
[  312.409573][   T24] usb 6-1: USB disconnect, device number 8
[  312.863851][T14180] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3535'.
[  313.060888][T14197] openvswitch: netlink: VXLAN extension message has 3 unknown bytes.
[  313.139899][T14203] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  313.929785][T14214] ==================================================================
[  313.932958][T14214] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x2cf2/0x5400
[  313.936327][T14214] Read of size 1 at addr ffff8880404510b0 by task syz.3.3551/14214
[  313.939602][T14214] 
[  313.941422][T14214] CPU: 0 UID: 0 PID: 14214 Comm: syz.3.3551 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  313.941444][T14214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  313.941456][T14214] Call Trace:
[  313.941465][T14214]  <TASK>
[  313.941474][T14214]  dump_stack_lvl+0x189/0x250
[  313.941494][T14214]  ? __kasan_check_byte+0x12/0x40
[  313.941516][T14214]  ? __pfx_dump_stack_lvl+0x10/0x10
[  313.941533][T14214]  ? lock_release+0x4b/0x3e0
[  313.941552][T14214]  ? __virt_addr_valid+0x4a5/0x5c0
[  313.941570][T14214]  print_report+0xca/0x240
[  313.941582][T14214]  ? xfrm_state_find+0x2cf2/0x5400
[  313.941596][T14214]  kasan_report+0x118/0x150
[  313.941614][T14214]  ? xfrm_state_find+0x2cf2/0x5400
[  313.941628][T14214]  xfrm_state_find+0x2cf2/0x5400
[  313.941639][T14214]  ? unwind_get_return_address+0x4d/0x90
[  313.941655][T14214]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  313.941681][T14214]  ? xfrm_state_find+0x1da/0x5400
[  313.941696][T14214]  ? __pfx_xfrm_state_find+0x10/0x10
[  313.941712][T14214]  ? trace_fib_table_lookup+0x85/0x200
[  313.941730][T14214]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  313.941757][T14214]  ? fib_rules_lookup+0xc55/0xe90
[  313.941771][T14214]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  313.941787][T14214]  ? __lock_acquire+0xab9/0xd20
[  313.941814][T14214]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  313.941834][T14214]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  313.941851][T14214]  ? xfrm_expand_policies+0x41f/0x6a0
[  313.941868][T14214]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  313.941887][T14214]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  313.941903][T14214]  ? rcuref_put+0x1b7/0x210
[  313.941918][T14214]  ? __pfx_rcuref_put+0x10/0x10
[  313.941934][T14214]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  313.941956][T14214]  xfrm_lookup_route+0x3c/0x1c0
[  313.941973][T14214]  __ip4_datagram_connect+0x9a5/0x1270
[  313.941996][T14214]  __ip6_datagram_connect+0x9f0/0x1150
[  313.942018][T14214]  ? __pfx___ip6_datagram_connect+0x10/0x10
[  313.942033][T14214]  ? __local_bh_enable_ip+0x12d/0x1c0
[  313.942045][T14214]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  313.942091][T14214]  ip6_datagram_connect_v6_only+0x63/0xa0
[  313.942112][T14214]  __sys_connect+0x316/0x440
[  313.942135][T14214]  ? __pfx___sys_connect+0x10/0x10
[  313.942157][T14214]  ? rcu_is_watching+0x15/0xb0
[  313.942174][T14214]  __x64_sys_connect+0x7a/0x90
[  313.942194][T14214]  do_syscall_64+0xfa/0x3b0
[  313.942213][T14214]  ? lockdep_hardirqs_on+0x9c/0x150
[  313.942239][T14214]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.942254][T14214]  ? exc_page_fault+0x9f/0xf0
[  313.942273][T14214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.942288][T14214] RIP: 0033:0x7ff02b18ebe9
[  313.942302][T14214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  313.942315][T14214] RSP: 002b:00007ff02c0a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  313.942331][T14214] RAX: ffffffffffffffda RBX: 00007ff02b3b5fa0 RCX: 00007ff02b18ebe9
[  313.942342][T14214] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000004
[  313.942352][T14214] RBP: 00007ff02b211e19 R08: 0000000000000000 R09: 0000000000000000
[  313.942362][T14214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  313.942371][T14214] R13: 00007ff02b3b6038 R14: 00007ff02b3b5fa0 R15: 00007ffde19ab698
[  313.942387][T14214]  </TASK>
[  313.942392][T14214] 
[  314.071157][T14214] Allocated by task 12913:
[  314.072943][T14214]  kasan_save_track+0x3e/0x80
[  314.074798][T14214]  __kasan_slab_alloc+0x6c/0x80
[  314.076728][T14214]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  314.078837][T14214]  xfrm_state_alloc+0x24/0x2f0
[  314.080756][T14214]  __find_acq_core+0x8a7/0x1c00
[  314.082728][T14214]  xfrm_find_acq+0x78/0xa0
[  314.084420][T14214]  xfrm_alloc_userspi+0x6b3/0xc90
[  314.086460][T14214]  xfrm_user_rcv_msg+0x7a3/0xab0
[  314.088443][T14214]  netlink_rcv_skb+0x208/0x470
[  314.090277][T14214]  xfrm_netlink_rcv+0x79/0x90
[  314.092099][T14214]  netlink_unicast+0x82f/0x9e0
[  314.093996][T14214]  netlink_sendmsg+0x805/0xb30
[  314.095868][T14214]  __sock_sendmsg+0x21c/0x270
[  314.097745][T14214]  ____sys_sendmsg+0x505/0x830
[  314.099633][T14214]  ___sys_sendmsg+0x21f/0x2a0
[  314.101517][T14214]  __x64_sys_sendmsg+0x19b/0x260
[  314.103483][T14214]  do_syscall_64+0xfa/0x3b0
[  314.105290][T14214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.107617][T14214] 
[  314.108587][T14214] Freed by task 95:
[  314.110107][T14214]  kasan_save_track+0x3e/0x80
[  314.111968][T14214]  kasan_save_free_info+0x46/0x50
[  314.114002][T14214]  __kasan_slab_free+0x5b/0x80
[  314.115870][T14214]  kmem_cache_free+0x18f/0x400
[  314.117747][T14214]  xfrm_state_gc_task+0x52d/0x6b0
[  314.119713][T14214]  process_scheduled_works+0xae1/0x17b0
[  314.121890][T14214]  worker_thread+0x8a0/0xda0
[  314.123735][T14214]  kthread+0x711/0x8a0
[  314.125408][T14214]  ret_from_fork+0x3fc/0x770
[  314.127302][T14214]  ret_from_fork_asm+0x1a/0x30
[  314.129270][T14214] 
[  314.130251][T14214] The buggy address belongs to the object at ffff888040450d80
[  314.130251][T14214]  which belongs to the cache xfrm_state of size 928
[  314.135634][T14214] The buggy address is located 816 bytes inside of
[  314.135634][T14214]  freed 928-byte region [ffff888040450d80, ffff888040451120)
[  314.141009][T14214] 
[  314.142012][T14214] The buggy address belongs to the physical page:
[  314.144590][T14214] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888040450900 pfn:0x40450
[  314.148525][T14214] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  314.151852][T14214] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  314.154787][T14214] page_type: f5(slab)
[  314.156420][T14214] raw: 00fff00000000040 ffff8881053d2b40 dead000000000122 0000000000000000
[  314.159779][T14214] raw: ffff888040450900 00000000800e000c 00000000f5000000 0000000000000000
[  314.163123][T14214] head: 00fff00000000040 ffff8881053d2b40 dead000000000122 0000000000000000
[  314.166327][T14214] head: ffff888040450900 00000000800e000c 00000000f5000000 0000000000000000
[  314.169704][T14214] head: 00fff00000000002 ffffea0001011401 00000000ffffffff 00000000ffffffff
[  314.173116][T14214] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  314.176548][T14214] page dumped because: kasan: bad access detected
[  314.179009][T14214] page_owner tracks the page as allocated
[  314.181201][T14214] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 8282, tgid 8281 (syz.3.957), ts 141103805478, free_ts 140449573798
[  314.187575][T14214]  post_alloc_hook+0x240/0x2a0
[  314.189215][T14214]  get_page_from_freelist+0x21e4/0x22c0
[  314.191122][T14214]  __alloc_frozen_pages_noprof+0x181/0x370
[  314.193273][T14214]  alloc_pages_mpol+0x232/0x4a0
[  314.195230][T14214]  allocate_slab+0x8a/0x370
[  314.197028][T14214]  ___slab_alloc+0xbeb/0x1410
[  314.198848][T14214]  kmem_cache_alloc_noprof+0x283/0x3c0
[  314.201102][T14214]  xfrm_state_alloc+0x24/0x2f0
[  314.202997][T14214]  pfkey_add+0x6e4/0x2e00
[  314.204381][T14214]  pfkey_sendmsg+0xbfe/0x1090
[  314.205843][T14214]  __sock_sendmsg+0x21c/0x270
[  314.207536][T14214]  ____sys_sendmsg+0x505/0x830
[  314.209220][T14214]  ___sys_sendmsg+0x21f/0x2a0
[  314.211129][T14214]  __x64_sys_sendmsg+0x19b/0x260
[  314.212767][T14214]  do_syscall_64+0xfa/0x3b0
[  314.214165][T14214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.215964][T14214] page last free pid 8247 tgid 8246 stack trace:
[  314.217966][T14214]  __free_frozen_pages+0xbc4/0xd30
[  314.219805][T14214]  stack_depot_save_flags+0x436/0x860
[  314.221766][T14214]  kasan_save_track+0x4f/0x80
[  314.223633][T14214]  __kasan_kmalloc+0x93/0xb0
[  314.225492][T14214]  __kmalloc_cache_noprof+0x230/0x3d0
[  314.227665][T14214]  indx_delete_entry+0x12b/0x3180
[  314.229707][T14214]  ntfs_remove_reparse+0x155/0x370
[  314.231761][T14214]  ntfs_create_inode+0x2497/0x32a0
[  314.233755][T14214]  ntfs_symlink+0x112/0x160
[  314.235570][T14214]  vfs_symlink+0x143/0x2f0
[  314.237380][T14214]  do_symlinkat+0x1b1/0x3f0
[  314.239202][T14214]  __x64_sys_symlink+0x7a/0x90
[  314.241103][T14214]  do_syscall_64+0xfa/0x3b0
[  314.242855][T14214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.245166][T14214] 
[  314.246184][T14214] Memory state around the buggy address:
[  314.248413][T14214]  ffff888040450f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  314.251416][T14214]  ffff888040451000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  314.254547][T14214] >ffff888040451080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  314.257675][T14214]                                      ^
[  314.259921][T14214]  ffff888040451100: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  314.263070][T14214]  ffff888040451180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  314.266125][T14214] ==================================================================
[  314.274886][T14214] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  314.277198][T14214] CPU: 1 UID: 0 PID: 14214 Comm: syz.3.3551 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  314.281391][T14214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  314.285120][T14214] Call Trace:
[  314.286282][T14214]  <TASK>
[  314.287201][T14214]  dump_stack_lvl+0x99/0x250
[  314.288568][T14214]  ? __asan_memcpy+0x40/0x70
[  314.290320][T14214]  ? __pfx_dump_stack_lvl+0x10/0x10
[  314.292192][T14214]  ? __pfx__printk+0x10/0x10
[  314.293670][T14214]  vpanic+0x281/0x750
[  314.295250][T14214]  ? preempt_schedule+0xae/0xc0
[  314.297159][T14214]  ? __pfx_vpanic+0x10/0x10
[  314.298904][T14214]  ? preempt_schedule_common+0x83/0xd0
[  314.300758][T14214]  ? preempt_schedule+0xae/0xc0
[  314.302237][T14214]  ? __pfx_preempt_schedule+0x10/0x10
[  314.303952][T14214]  panic+0xb9/0xc0
[  314.305433][T14214]  ? __pfx_panic+0x10/0x10
[  314.307148][T14214]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  314.309352][T14214]  ? xfrm_state_find+0x2cf2/0x5400
[  314.311053][T14214]  check_panic_on_warn+0x89/0xb0
[  314.312818][T14214]  ? xfrm_state_find+0x2cf2/0x5400
[  314.314413][T14214]  end_report+0x78/0x160
[  314.315919][T14214]  kasan_report+0x129/0x150
[  314.317716][T14214]  ? xfrm_state_find+0x2cf2/0x5400
[  314.319458][T14214]  xfrm_state_find+0x2cf2/0x5400
[  314.320953][T14214]  ? unwind_get_return_address+0x4d/0x90
[  314.322886][T14214]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  314.324970][T14214]  ? xfrm_state_find+0x1da/0x5400
[  314.326713][T14214]  ? __pfx_xfrm_state_find+0x10/0x10
[  314.328388][T14214]  ? trace_fib_table_lookup+0x85/0x200
[  314.330080][T14214]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  314.331954][T14214]  ? fib_rules_lookup+0xc55/0xe90
[  314.333398][T14214]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  314.335263][T14214]  ? __lock_acquire+0xab9/0xd20
[  314.336700][T14214]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  314.338313][T14214]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  314.340221][T14214]  ? xfrm_expand_policies+0x41f/0x6a0
[  314.342067][T14214]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  314.344051][T14214]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  314.346272][T14214]  ? rcuref_put+0x1b7/0x210
[  314.347720][T14214]  ? __pfx_rcuref_put+0x10/0x10
[  314.349249][T14214]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  314.350934][T14214]  xfrm_lookup_route+0x3c/0x1c0
[  314.352521][T14214]  __ip4_datagram_connect+0x9a5/0x1270
[  314.354489][T14214]  __ip6_datagram_connect+0x9f0/0x1150
[  314.356722][T14214]  ? __pfx___ip6_datagram_connect+0x10/0x10
[  314.358778][T14214]  ? __local_bh_enable_ip+0x12d/0x1c0
[  314.360335][T14214]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  314.362467][T14214]  ip6_datagram_connect_v6_only+0x63/0xa0
[  314.364607][T14214]  __sys_connect+0x316/0x440
[  314.366004][T14214]  ? __pfx___sys_connect+0x10/0x10
[  314.367886][T14214]  ? rcu_is_watching+0x15/0xb0
[  314.369697][T14214]  __x64_sys_connect+0x7a/0x90
[  314.371480][T14214]  do_syscall_64+0xfa/0x3b0
[  314.373045][T14214]  ? lockdep_hardirqs_on+0x9c/0x150
[  314.374790][T14214]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.377059][T14214]  ? exc_page_fault+0x9f/0xf0
[  314.378437][T14214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.380502][T14214] RIP: 0033:0x7ff02b18ebe9
[  314.381912][T14214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  314.387849][T14214] RSP: 002b:00007ff02c0a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  314.390314][T14214] RAX: ffffffffffffffda RBX: 00007ff02b3b5fa0 RCX: 00007ff02b18ebe9
[  314.392654][T14214] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000004
[  314.395130][T14214] RBP: 00007ff02b211e19 R08: 0000000000000000 R09: 0000000000000000
[  314.397551][T14214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  314.399827][T14214] R13: 00007ff02b3b6038 R14: 00007ff02b3b5fa0 R15: 00007ffde19ab698
[  314.402959][T14214]  </TASK>
[  314.404911][T14214] Kernel Offset: disabled
[  314.406684][T14214] Rebooting in 86400 seconds..

VM DIAGNOSIS:
08:32:51  Registers:
info registers vcpu 0

CPU#0
RAX=1ffffffff33bdc05 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=0000000000001611 RDI=0000000000001612 RBP=ffffc9000ed8eef0 RSP=ffffc9000ed8ed18
R8 =0000000000000003 R9 =0000000000000004 R10=dffffc0000000000 R11=ffffffff854efee0
R12=dffffc0000000000 R13=dffffc0000000000 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854eff57 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007ff02c0a76c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b33d22ff8 CR3=000000010e74a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007ff02b387498 00007ff02b387470 XMM03=00007ff02b3874a8 00007ff02b3874a0
XMM04=00007ff02beed100 00007ff02b387460 XMM05=00007ff02b387478 00007ff02b3874c0
XMM06=00007ff02b3874b8 00007ff02b3874b0 XMM07=00007ff02b3874a8 00007ff02b3874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007ff02b212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=6414269623733a00 RBX=ffffffff81968308 RCX=6414269623733a00 RDX=0000000000000001
RSI=ffffffff8d9b6ecd RDI=ffffffff8be33500 RBP=ffffc90000177f20 RSP=ffffc90000177de0
R8 =ffff888136632f9b R9 =1ffff11026cc65f3 R10=dffffc0000000000 R11=ffffed1026cc65f4
R12=ffffffff8fa37e30 R13=0000000000000001 R14=0000000000000001 R15=1ffff110200d7000
RIP=ffffffff8b7943f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b3261fff8 CR3=00000000292fc000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fe884412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
