last executing test programs:

3m30.759965835s ago: executing program 2 (id=91):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@allocspi={0x128, 0x16, 0x1, 0x70bd2b, 0x25dfdbfe, {{{@in=@private=0xa010101, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4e23, 0x0, 0x4e24, 0x0, 0xa, 0x80, 0x20, 0x1d}, {@in6=@local, 0x4d5, 0x33}, @in=@dev={0xac, 0x14, 0x14, 0x10}, {0x8, 0x7b5, 0x0, 0x6, 0x9, 0xfffffffffffffffa, 0xffffffff, 0x3}, {0x2, 0x2, 0x1, 0xfffffffffffffffa}, {0x0, 0x10001, 0xfffffff9}, 0x70bd2a, 0x0, 0x2, 0x2, 0x6, 0x1}, 0x8, 0x74f}, [@XFRMA_IF_ID={0x8, 0x1f, 0x4}, @user_kmaddress={0x2c, 0x13, {@in=@private=0xa010100, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0xa}}]}, 0x128}, 0x1, 0x0, 0x0, 0x10}, 0x400c8c0)
sendmsg$key(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0)

3m30.659053611s ago: executing program 2 (id=92):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$cdc_ncm(0x6, 0xf3, &(0x7f0000000540)=ANY=[@ANYBLOB="12011001020000402505a1a44000010203010902e10002011120050904000001020d000009240600014812987e052400df000d240f0101000000000003000580241a0104146e2413ee518feaf0692c135da9476dc0a5eef1567e69a81e949fcd31f4f7d3c3b4a03d43334ecee80f3f7f40ef9a41d4cc3b43f7aa3d305c6fc23775f803abf2a9fa26b1f5b65555ccd23da8bb42fee32af87080a01fb92dc3d08a95ee561798b7881364c756175786ab8d696ff507240a050702800c241b01040300"], 0x0)
ioctl$EVIOCRMFF(r0, 0x41015500, &(0x7f0000000500))

3m29.936112517s ago: executing program 2 (id=105):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r0, &(0x7f0000000040)={0x24, @short}, 0x8)

3m29.866761893s ago: executing program 2 (id=108):
syz_mount_image$xfs(&(0x7f0000009740), &(0x7f0000009780)='./file1\x00', 0x0, &(0x7f0000000180), 0x1, 0x97ab, &(0x7f0000012f40)="$eJzs3QW4ZXXhcP87wNAloCKKoqJikhIiSgiIhKSCAoK0dCihlIiEoiCgdHd3d3d3d3c3/2eYGcVxgf7e/+99UddazzNz79lnn333+X7O3vveu889Z/G5Fpl9YGD0gaFNNjBiN98x+wIbbj/75XvvsMfJk405/qTDJg+7wcTDLk48aNjHkQYGBkYatpxh08Z65IQTRxoY5Z3pf2usMcYcNM7AwDTDLs467OMMQz9M+Ojw+d4eoRFXdNBfLw7adui/dxpvyJcY8smSN11w9sDAwPjvuv2Qm0z1D3dU2uKzzT3X36z+6jbEavCwz9/9b9Sh/ya8f2BgwnsG+PHx7nkHfQB3acjXHH/7B0Zf+wP42v9xLT7b3POM4D9kWxx52LQZhmzjI26DxkZ8nN+00sy7DRvCdx5vAwNDdnF/t638R7T4bHPNN/De+/mBh8Yc9/S339lvjvXMwMBYzw4MjPXcwMBYzw8MjPXCwMBYL37QLvX/r9lmn3b2Idv78MvD2Ic/lsenx8Xeq76w18DAwGhD5xnrraHHi7EnG35MqKqqqn/vZpt92jng+D/6+x3/t9hytls6/ldVVf3nNs9ss0875Dg+wvF/7Pc7/n/vhhtWG/q7/1lnGHqrtz7YO1FVVVX/o+aaB4//47/f8X+87a7br+N/VVXVf24Lz//O8X/sEY7/E73f8X+1ee+4dNh8w79vePNdi3zn+WPDpr/+rukjv2v6a++aPvhdy3n3/KO+a/or75o++sDAWI8Mm/7G3yaP9cyQ2/zjcsZ66W/Px5l4lHdNf/ld00d91/RXhq3TkOmjvWv6m++af/S/TR97yH+TDfu6r77PUFdVVf3btPC0c80x8K7n2Q+bPPyJ/fi80KOP3vLOD2p9q6qqqqqqqup/3ltPnnbW3/7m+5MD7/rb1b/+Deuw3wsMOuaca675wFb036NB//j7kM0+6HX6/9sQ59EPm2xgYI3FPuhVqQ+g/5i/Va//K+XvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/uLe4/z/X//+f+CeL203bNaZJrnj3kX+dsuJB1YZ9tnNd8y+wCofwLp/AP23nv8fWGXQwMAw3/GHWC4w28KLTjEwMLDIvXdMMv3AX6+bcch1M08w8jt/zDkwMMU7/w+e+D2WPOxdFt55c4eJ/rqMY95Z/jxv7zvyoBFW4l3NcvZ9B668+MvTjfjxC+99P/76/hJLvLTv5MP/lmWkEWYa/T1uPHz5w+/LiM7D1n2KIes+5XqrrzXluhtu9NVVVl92pRVWWmGNaaaZerppp59umq/PNOWKq6y2wlRD/3+PMRv61hUj/ytjNvaIY/bkbO8esxHv24dOOhDH7B/f1ePvFvHOEs+d5aHLho/ZKP/imA3/eiO//5hNtsqwLzTxwOCBZd4ZmkEDAxOPMnhggyEXph5tYGDiwcPmnXjIvN+cYKSBge3/dkcHDXux0aHzDNpsyDz/Zu9bMtOwEdl4+Hwjvs76iCv6z9635Pixd7pjhPct+b/V/9Hx/x+8Zhz014Ea/gYIw+YZ6vUBv8/EP6zvZKO8c5B7r/V9n9fFeSd6fK2+8qOL/W+9Lg6t79jvs77v8zp+77m+U0z99O5DF/W/tr4j7OvmG3rlv7KvG3j/fd3IdPsVrpx0xH3dvO+9in+3HQ8fo9FGmOm99nXbz3vupkOWP/D++7r5Vhn24gF/29eNNDAw8cjD93VDdnyjDh7YfsiFaYZcGG3wwCFDLkz7zoUxBs4ZcuFry6252vKD3nmZgWHLnWrIcmedYNDQDejGA1cebae33x5l2Lq8NNbfr+uwx8dk7z6ezzbBsMEcdtvhyx0y6/DlvrLV0OtGHbbcl/8Hyx1+W1rfic8cet1ow5b7ygjLHfw+yx1+23/YHqYY9HdPVIX9zQf6vka0/Y7+Puv7Pq/DjY+3d9wnX/qh/4XX4R70Xus7yvuv73u9b8h7ru9jlz2+z//W64bT4+yevYc+VkYf9jh783/w+B1+2xH3Y0NfCGTobn/0f2U/Ntk/7Mc2H3mkEQb7Xb3X97nLw/zDtoi/Lm35A15eZfjYDx5huf/s+9x33ZdBsB8bf4Sf5wZtus/AIBrzR1Z7fv23dnz/MR888Pc/Wwwf8+G3fb8xH+1fGfNPvP+Yj/h98nuN+RSfHXr94BHW/91jvtAus944fMxHHWG5/2zMR3v/Y8c/jvnAwGAa8+0nGTpu77c/fa8xH37b4WM+5OvMPMEoA3MODAxMPmzMR/1Xxnzi/53H+Zgw/9DPV/jrpGemX/Arw8d8xDH+Z2M+6v9wzDe556+P88nfue4zIw2MOurABsuut946Uw/9f/jFaYb+z/uiZ5YfOs7vdyx9L6Pht32/7WKUf8Vo/H/JaNA/M5pklPcy+tumNfKBCz/7f7ovGuV/anQO74tOmXvouL3f90XvNebDb0vHwYnedfsRfw59n9fPwvv0zvjMu/Xwn/f+HV4/a/jPu/+Rr581/HeSq4y4k69/tX7/7y5/d/m7y99d/uLe4/z/ZMPP/7899v4fGfZD5+ArZ7xl1g96fT/g/qvP/w/z/bvz/7PeMuOVQ360Gnbd+56fHTrPv+X52RmGfpjw0eHzjXh+cMQV/WfnZ/feeb0r/x+dn/0/avi2+i/8XNz+313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5S/uPc7/TzX8eQAPLrrA94edCB288dRHbvxBr+8H3H/1+f9hvn93/n/jI6feeKSBv173vuf/h87jOP9/3/ybLvXvfP5/+Lba+f/6J+XvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/uLe4/z/rMOfB3D4LHN+bvjzAa7fZt/dP+j1/YD7bz3/3/v/e2v/7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8hc37Pz/wAhvk7hgjwsMzv//Z/ce/gvlj1n8F84fs/gvkj9m8V80f8ziv1j+mMX/B/ljFv8f5o9Z/BfPH7P4L5E/ZvH/Uf6Yxf/H+WMW/yXzxyz+S+WPWfyXzh+z+P8kf8ziv0z+mMV/2fwxi/9P88cs/svlj1n8l88fs/ivkD9m8V8xf8ziv1L+mMV/5fwxi/8q+WMW/5/lj1n8V80fs/ivlj9m8V89f8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+K+XP2bx/3n+mMX/F/ljFv/188cs/hvkj1n8N8wfs/hvlD9m8f9l/pjF/1f5Yxb/jfPHLP6b5I9Z/DfNH7P4b5Y/ZvHfPH/M4v/r/DGL/xb5Yxb/3+SPWfy3zB+z+P82f8ziv1X+mMV/6/wxi/82+WMW/23zxyz+v8sfs/j/Pn/M4r9d/pjF/w/5Yxb/P+aPWfy3zx+z+O+QP2bx/1P+mMV/x/wxi/9O+WMW/53zxyz+f84fs/j/JX/M4r9L/pjFf9f8MYv/bvljFv/d88cs/nvkj1n898wfs/jvlT9m8d87f8ziv0/+mMV/3/wxi/9++WMW//3zxyz+B+SPWfwPzB+z+B+UP2bxPzh/zOJ/SP6Yxf/Q/DGL/2H5Yxb/w/PHLP5H5I9Z/I/MH7P4H5U/ZvE/On/M4n9M/pjF/9j8MYv/cfljFv/j88cs/ifkj1n8T8wfs/iflD9m8T85f8zif0r+mMX/1Pwxi/9p+WMW/9Pzxyz+Z+SPWfzPzB+z+J+VP2bxPzt/zOJ/Tv6Yxf/c/DGL/3n5Yxb/8/PHLP4X5I9Z/C/MH7P4X5Q/ZvG/OH/M4n9J/pjF/9L8MYv/ZfljFv/L88cs/lfkj1n8r8wfs/hflT9m8b86f8zif03+mMX/2vwxi/91+WMW/+vzxyz+N+SPWfxvzB+z+N+UP2bxvzl/zOJ/S/6Yxf/W/DGL/235Yxb/2/PHLP535I9Z/O/MH7P435U/ZvG/O3/M4n9P/pjF/978MYv/ffljFv/788cs/g/kj1n8H8wfs/g/lD9m8X84f8zi/0j+mMX/0fwxi/9j+WMW/8fzxyz+T+SPWfyfzB+z+D+VP2bxfzp/zOL/TP6Yxf/Z/DGL/3P5Yxb/5/PHLP4v5I9Z/F/MH7P4v5Q/ZvF/OX/M4v9K/pjF/9X8MYv/a/ljFv/X88cs/m/kj1n838wfs/i/lT9m8X87f0ziP2ggf8ziPyh/zOI/Uv6YxX/k/DGL/yj5Yxb/wfljFv9R88cs/qPlj1n8R88fs/iPkT9m8R8zf8ziP1b+mMV/7Pwxi/84+WMW/3Hzxyz+4+WPWfzHzx+z+H8of8ziP0H+mMV/wvwxi/9E+WMW/w/nj1n8P5I/ZvH/aP6YxX/i/DGL/8fyxyz+k+SPWfw/nj9m8f9E/pjFf9L8MYv/J/PHLP6fyh+z+E+WP2bx/3T+mMX/M/ljFv/P5o9Z/CfPH7P4fy5/zOL/+fwxi/8X8scs/lPkj1n8v5g/ZvH/Uv6Yxf/L+WMW/6/kj1n8v5o/ZvH/Wv6YxX/K/DGL/1T5Yxb/qfPHLP7T5I9Z/KfNH7P4T5c/ZvH/ev6YxX/6/DGL/wz5Yxb/GfPHLP4z5Y9Z/L+RP2bxnzl/zOL/zfwxi/8s+WMW/2/lj1n8v50/ZvGfNX/M4j9b/pjFf/b8MYv/HPljFv/v5I9Z/OfMH7P4z5U/ZvGfO3/M4v/d/DGL/zz5Yxb/7+WPWfznzR+z+M+XP2bxnz9/zOK/QP6Yxf/7+WMW/wXzxyz+C+WPWfwXzh+z+C+SP2bxXzR/zOK/WP6Yxf8H+WMW/x/mj1n8F88fs/gvkT9m8f9R/pjF/8f5Yxb/JfPHLP5L5Y9Z/JfOH7P4/yR/zOK/TP6YxX/Z/DGL/0/zxyz+y+WPWfyXzx+z+K+QP2bxXzF/zOK/Uv6YxX/l/DGL/yr5Yxb/n+WPWfxXzR+z+K+WP2bxXz1/zOK/Rv6YxX/N/DGL/1r5Yxb/tfPHLP7r5I9Z/NfNH7P4r5c/ZvH/ef6Yxf8X+WMW//Xzxyz+G+SPWfw3zB+z+G+UP2bx/2X+mMX/V/ljFv+N88cs/pvkj1n8N80fs/hvlj9m8d88f8zi/+v8MYv/FvljFv/f5I9Z/LfMH7P4/zZ/zOK/Vf6YxX/r/DGL/zb5Yxb/bfPHLP6/yx+z+P8+f8ziv13+mMX/D/ljFv8/5o9Z/LfPH7P475A/ZvH/U/6YxX/H/DGL/075Yxb/nfPHLP5/zh+z+P8lf8ziv0v+mMV/1/wxi/9u+WMW/93zxyz+e+SPWfz3zB+z+O+VP2bx3zt/zOK/T/6YxX/f/DGL/375Yxb//fPHLP4H5I9Z/A/MH7P4H5Q/ZvE/OH/M4n9I/pjF/9D8MYv/YfljFv/D88cs/kfkj1n8j8wfs/gflT9m8T86f8zif0z+mMX/2Pwxi/9x+WMW/+Pzxyz+J+SPWfxPzB+z+J+UP2bxPzl/zOJ/Sv6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/M/MH7P4n5U/ZvE/O3/M4n9O/pjF/9z8MYv/efljFv/z88cs/hfkj1n8L8wfs/hflD9m8b84f8zif0n+mMX/0vwxi/9l+WMW/8vzxyz+V+SPWfyvzB+z+F+V/7vbfPgnFv+r88cs/tfkj1n8r80fs/hflz9m8b8+f8zif0P+mMX/xvwxi/9N+WMW/5vzxyz+t+SPWfxvzR+z+N+WP2bxvz1/zOJ/R/6Yxf/O/DGL/135Yxb/u/PHLP735I9Z/O/NH7P435c/ZvG/P3/M4v9A/pjF/8H8MYv/Q/ljFv+H88cs/o/kj1n8H80fs/g/lj9m8X88f8zi/0T+mMX/yfwxi/9TA6PmD1n8n277xyz+z+SPWfyfzR+z+D+XP2bxfz5/zOL/Qv6Yxf/F/DGL/0v5Yxb/l/PHLP6v5I9Z/F/NH7P4v5Y/ZvF/PX/M4v9G/pjF/838MYv/W/ljFv+388ck/u98mv8/ZvEflD9m8R8pf8ziP3L+mMV/lPwxi//g/DGL/6j5Yxb/0fLHLP6j549Z/MfIH7P4j5k/ZvEfK3/M4j92/pjFf5z8MYv/uPljFv/x8scs/uPnj1n8P5Q/ZvGfIH/M4j9h/pjFf6L8MYv/h/PHLP4fyR+z+H80f8ziP3H+mMX/Y/ljFv9J8scs/h/PH7P4fyJ/zOI/af6Yxf+T+WMW/0/lj1n8J8sfs/h/On/M4v+Z/DGL/2fzxyz+k+ePWfw/lz9m8f98/pjF/wv5Yxb/KfLHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+H8tf0ziP9pA/pjEf6Sp8scs/lPnj1n8p8kfs/hPmz9m8Z8uf8zi//X8MYv/9PljFv8Z8scs/jPmj1n8Z8ofs/h/I3/M4j9z/pjF/5v5Yxb/WfLHLP7fyh+z+H87f8ziP2v+mMV/tvwxi//s+WMW/znyxyz+38kfs/jPmT9m8Z8rf8ziP3f+mMX/u/ljFv958scs/t/LH7P4z5s/ZvGfL3/M4j9//pjFf4H8MYv/9/PHLP4L5o9Z/BfKH7P4L5w/ZvFfJH/M4r9o/pjFf7H8MYv/D/LHLP4/zB+z+C+eP2bxXyJ/zOL/o/wxi/+P88cs/kvmj1n8l8ofs/gvnT9m8f9J/pjFf5n8MYv/svljFv+f5o9Z/JfLH7P4L58/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9V8scs/j/LH7P4r5o/ZvFfLX/M4r96/pjFf438MYv/mvljFv+18scs/mvnj1n818kfs/ivmz9m8V8vf8zi//P8MYv/L/LHLP7r549Z/DfIH7P4b5g/ZvHfKH/M4v/L/DGL/6/yxyz+G+ePWfw3yR+z+G+aP2bx3yx/zOK/ef6Yxf/X+WMW/y3yxyz+v8kfs/hvmT9m8f9t/pjFf6v8MYv/1vljFv9t8scs/tvmj1n8f5c/ZvH/ff6YxX+7/DGL/x/yxyz+f8wfs/hvnz9m8d8hf8zi/6f8MYv/jvljFv+d8scs/jvnj1n8/5w/ZvH/S/6YxX+X/DGL/675Yxb/3fLHLP67549Z/PfIH7P475k/ZvHfK3/M4r93/pjFf5/8MYv/vvljFv/98scs/vvnj1n8D8gfs/gfmD9m8T8of8zif3D+mMX/kPwxi/+h+WMW/8Pyxyz+h+ePWfyPyB+z+B+ZP2bxPyp/zOJ/dP6Yxf+Y/DGL/7H5Yxb/4/LHLP7H549Z/E/IH7P4n5g/ZvE/KX/M4n9y/pjF/5T8MYv/qfljFv/T8scs/qfnj1n8z8gfs/ifmT9m8T8rf8zif3b+mMX/nPwxi/+5+WMW//Pyxyz+5+ePWfwvyB+z+F+YP2bxvyh/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/K/IH7P4X5k/ZvG/Kn/M4n91/pjF/5r8MYv/tfljFv/r8scs/tfnj1n8b8gfs/jfmD9m8b8pf8zif3P+mMX/lvwxi/+t+WMW/9vyxyz+t+ePWfzvyB+z+N+ZP2bxvyt/zOJ/d/6Yxf+e/DGL/735Yxb/+/LHLP73549Z/B/IH7P4P5g/ZvF/KH/M4v9w/pjF/5H8MYv/o/ljFv/H8scs/o/nj1n8n8gfs/g/mT9m8X8qf8zi/3T+mMX/mfwxi/+z+WMW/+fyxyz+z+ePWfxfyB+z+L+YP2bxfyl/zOL/cv6Yxf+V/DGL/6v5Yxb/1/LHLP6v549Z/N/IH7P4v5k/ZvF/K3/M4v92/pjEf+SB/DGL/6D8MYv/SPljFv+R88cs/qPkj1n8B+ePWfxHzR+z+I+WP2bxHz1/zOI/Rv6YxX/M/DGL/1j5Yxb/sfPHLP7j5I9Z/MfNH7P4j5c/ZvEfP3/M4v+h/DGL/wT5Yxb/CfPHLP4T5Y9Z/D+cP2bx/0j+mMX/o/ljFv+J88cs/h/LH7P4T5I/ZvH/eP6Yxf8T+WMW/0nzxyz+n8wfs/h/Kn/M4j9Z/pjF/9P5Yxb/z+SPWfw/mz9m8Z88f8zi/7n8MYv/5/PHLP5fyB+z+E+RP2bx/2L+mMX/S/ljFv8v549Z/L+SP2bx/2r+mMX/a/ljFv8p88cs/lPlj1n8p84fs/hPkz9m8Z82f8ziP13+mMX/6/ljFv/p88cs/jPkj1n8Z8wfs/jPlD9m8f9G/pjFf+b8MYv/N/PHLP6z5I9Z/L+VP2bx/3b+mMV/1vwxi/9s+WMW/9nzxyz+c+SPWfy/kz9m8Z8zf8ziP1f+mMV/7vwxi/9388cs/vPkj1n8v5c/ZvGfN3/M4j9f/pjFf/78MYv/AvljFv/v549Z/BfMH7P4L5Q/ZvFfOH/M4r9I/pjFf9H8MYv/YvljFv8f5I9Z/H+YP2bxXzx/zOK/RP6Yxf9H+WMW/x/nj1n8l8wfs/gvlT9m8V86f8zi/5P8MYv/MvljFv9l88cs/j/NH7P4L5c/ZvFfPn/M4r9C/pjFf8X8MYv/SvljFv+V88cs/qvkj1n8f5Y/ZvFfNX/M4r9a/pjFf/X8MYv/GvljFv8188cs/mvlj1n8184fs/ivkz9m8V83f8ziv17+mMX/5/ljFv9f5I9Z/NfPH7P4b5A/ZvHfMH/M4r9R/pjF/5f5Yxb/X+WPWfw3zh+z+G+SP2bx3zR/zOK/Wf6YxX/z/DGL/6/zxyz+W+SPWfx/kz9m8d8yf8zi/9v8MYv/VvljFv+t88cs/tvkj1n8t80fs/j/Ln/M4v/7/DGL/3b5Yxb/P+SPWfz/mD9m8d8+f8ziv0P+mMX/T/ljFv8d88cs/jvlj1n8d84fs/j/OX/M4v+X/DGL/y75Yxb/XfPHLP675Y9Z/HfPH7P475E/ZvHfM3/M4r9X/pjFf+/8MYv/PvljFv9988cs/vvlj1n8988fs/gfkD9m8T8wf8zif1D+mMX/4Pwxi/8h+WMW/0Pzxyz+h6n83x7vX53T4n+4yv9fz+J/RP6Yxf/I/DGL/1H5Yxb/o/PHLP7H5I9Z/I/NH7P4H5c/ZvE/Pn/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8T80fs/iflj9m8T89f8zif0b+mMX/zPwxi/9Z+WMW/7Pzxyz+5+SPWfzPzR+z+J+XP2bxPz9/zOJ/Qf6Yxf/C/DGL/0X5Yxb/i/PHLP6X5I9Z/C/NH7P4X5Y/ZvG/PH/M4n9F/pjF/8r8MYv/VfljFv+r88cs/tfkj1n8r80fs/hflz9m8b8+f8zif0P+mMX/xvwxi/9N+WMW/5vzxyz+t+SPWfxvzR+z+N+WP2bxvz1/zOJ/R/6Yxf/O/DGL/135Yxb/u/PHLP735I9Z/O/NH7P435c/ZvG/P3/M4v9A/pjF/8H8MYv/Q/ljFv+H88cs/o/kj1n8H80fs/g/lj9m8X88f8zi/0T+mMX/yfwxi/9T+WMW/6fzxyz+z+SPWfyfzR+z+D+XP2bxfz5/zOL/Qv6Yxf/F/DGL/0v5Yxb/l/PHLP6v5I9Z/F/NH7P4v5Y/ZvF/PX/M4v9G/pjF/838MYv/W/ljFv+388ck/qMM5I9Z/Aflj1n8R8ofs/iPnD9m8R8lf8ziPzh/zOI/av6YxX+0/DGL/+j5Yxb/MfLHLP5j5o9Z/MfKH7P4j50/ZvEfJ3/M4j9u/pjFf7z8MYv/+PljFv8P5Y9Z/CfIH7P4T5g/ZvGfKH/M4v/h/DGL/0fyxyz+H80fs/hPnD9m8f9Y/pjFf5L8MYv/x/PHLP6fyB+z+E+aP2bx/2T+mMX/U/ljFv/J8scs/p/OH7P4fyZ/zOL/2fwxi//k+WMW/8/lj1n8P58/ZvH/Qv6YxX+K/DGL/xfzxyz+X8ofs/h/OX/M4v+V/DGL/1fzxyz+X8sfs/hPmT9m8Z8qf8ziP3X+mMV/mvwxi/+0+WMW/+nyxyz+X88fs/hPnz9m8Z8hf8ziP2P+mMV/pvwxi/838scs/jPnj1n8v5k/ZvGfJX/M4v+t/DGL/7fzxyz+s+aPWfxnyx+z+M+eP2bxnyN/zOL/nfwxi/+c+WMW/7nyxyz+c+ePWfy/mz9m8Z8nf8zi/738MYv/vPljFv/58scs/vPnj1n8F8gfs/h/P3/M4r9g/pjFf6H8MYv/wvljFv9F8scs/ovmj1n8F8sfs/j/IH/M4v/D/DGL/+L5Yxb/JfLHLP4/yh+z+P84f8ziv2T+mMV/qfwxi//S+WMW/5/kj1n8l8kfs/gvmz9m8f9p/pjFf7n8MYv/8vljFv8V8scs/ivmj1n8V8ofs/ivnD9m8V8lf8zi/7P8MYv/qvljFv/V8scs/qvnj1n818gfs/ivmT9m8V8rf8ziv3b+mMV/nfwxi/+6+WMW//Xyxyz+P88fs/j/In/M4r9+/pjFf4P8MYv/hvljFv+N8scs/r/MH7P4/yp/zOK/cf6YxX+T/DGL/6b5Yxb/zfLHLP6b549Z/H+dP2bx3yJ/zOL/m/wxi/+W+WMW/9/mj1n8t8ofs/hvnT9m8d8mf8ziv23+mMX/d/ljFv/f549Z/LfLH7P4/yF/zOL/x/wxi//2+WMW/x3yxyz+f8ofs/jvmD9m8d8pf8ziv3P+mMX/z/ljFv+/5I9Z/HfJH7P475o/ZvHfLX/M4r97/pjFf4/8MYv/nvljFv+98scs/nvnj1n898kfs/jvK/Uf7Z9cb/HfT+r/z7L4758/ZvE/IH/M4n9g/pjF/6D8MYv/wfljFv9D8scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+x+aPWfyPyx+z+B+fP2bxPyF/zOJ/Yv6Yxf+k/DGL/8n5Yxb/U/LHLP6n5o9Z/E/LH7P4n54/ZvE/I3/M4n9m/pjF/6z8MYv/2fljFv9z8scs/ufmj1n8z8sfs/ifnz9m8b8gf8zif2H+mMX/ovwxi//F+WMW/0vyxyz+l+aPWfwvyx+z+F+eP2bxvyJ/zOJ/Zf6Yxf+q/DGL/9X5Yxb/a/LHLP7X5o9Z/K/LH7P4X58/ZvG/IX/M4n9j/pjF/6b8MYv/zfljFv9b8scs/rfmj1n8b8sfs/jfnj9m8b8jf8zif2f+mMX/rvwxi//d+WMW/3vyxyz+9+aPWfzvyx+z+N+fP2bxfyB/zOL/YP6Yxf+h/DGL/8P5Yxb/R/LHLP6P5o9Z/B/LH7P4P54/ZvF/In/M4v9k/pjF/6n8MYv/0/ljFv9n8scs/s/mj1n8n8sfs/g/nz9m8X8hf8zi/2L+mMX/pfwxi//L+WMW/1fyxyz+r+aPWfxfyx+z+L+eP2bxfyN/zOL/Zv6Yxf+t/DGL/9v5YxL/wQP5Yxb/QfljFv+R8scs/iPnj1n8R8kfs/gPzh+z+I+aP2bxHy1/zOI/ev6YxX+M/DGL/5j5Yxb/sfLHLP5j549Z/MfJH7P4j5s/ZvEfL3/M4j9+/pjF/0P5Yxb/CfLHLP4T5o9Z/CfKH7P4fzh/zOL/kfwxi/9H88cs/hPnj1n8P5Y/ZvGfJH/M4v/x/DGL/yfyxyz+k+aPWfw/mT9m8f9U/pjFf7L8MYv/p/PHLP6fyR+z+H82f8ziP3n+mMX/c/ljFv/P549Z/L+QP2bxnyJ/zOL/xfwxi/+X8scs/l/OH7P4fyV/zOL/1fwxi//X8scs/lPmj1n8p8ofs/hPnT9m8Z8mf8ziP23+mMV/uvwxi//X88cs/tPnj1n8Z8gfs/jPmD9m8Z8pf8zi/438MYv/zPljFv9v5o9Z/GfJH7P4fyt/zOL/7fwxi/+s+WMW/9nyxyz+s+ePWfznyB+z+H8nf8ziP2f+mMV/rvwxi//c+WMW/+/mj1n858kfs/h/L3/M4j9v/pjFf778MYv//PljFv8F8scs/t/PH7P4L5g/ZvFfKH/M4r9w/pjFf5H8MYv/ovljFv/F8scs/j/IH7P4/zB/zOK/eP6YxX+J/DGL/4/yxyz+P84fs/gvmT9m8V8qf8ziv3T+mMX/J/ljFv9l8scs/svmj1n8f5o/ZvFfLn/M4r98/pjFf4X8MYv/ivljFv+V8scs/ivnj1n8V8kfs/j/LH/M4r9q/pjFf7X8MYv/6vljFv818scs/mvmj1n818ofs/ivnT9m8V8nf8ziv27+mMV/vfwxi//P88cs/r/IH7P4r58/ZvHfIH/M4r9h/pjFf6P8MYv/L/PHLP6/yh+z+G+cP2bx3yR/zOK/af6YxX+z/DGL/+b5Yxb/X+ePWfy3yB+z+P8mf8ziv2X+mMX/t/ljFv+t8scs/lvnj1n8t8kfs/hvmz9m8f9d/pjF//f5Yxb/7fLHLP5/yB+z+P8xf8ziv33+mMV/h/wxi/+f8scs/jvmj1n8d8ofs/jvnD9m8f9z/pjF/y/5Yxb/XfLHLP675o9Z/HfLH7P4754/ZvHfI3/M4r9n/pjFf6/8MYv/3vljFv998scs/vvmj1n898sfs/jvnz9m8T8gf8zif2D+mMX/oPwxi//B+WMW/0Pyxyz+h+aPWfwPyx+z+B+eP2bxPyJ/zOJ/ZP6Yxf+o/DGL/9H5Yxb/Y/LHLP7H5o9Z/I/LH7P4H58/ZvE/IX/M4n9i/pjF/6T8MYv/yfljFv9T8scs/qfmj1n8T8sfs/ifnj9m8T8jf8zif2b+mMX/rPwxi//Z+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOJ/Yf6Yxf+i/DGL/8X5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/1fljFv9r8scs/tfmj1n8r8sfs/hfnz9m8b8hf8zif2P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOJ/Z/6Yxf+u/DGL/935Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4v9g/pjF/6H8MYv/w/ljFv9H8scs/o/mj1n8H8sfs/g/nj9m8X8if8zi/2T+mMX/qfwxi//T+WMW/2fyxyz+z+aPWfyfyx+z+D+fP2bxfyF/zOL/Yv6Yxf+l/DGL/8v5Yxb/V/LHLP6v5o9Z/F/LH7P4v54/ZvF/I3/M4v9m/pjF/638MYv/2/ljEv9RB/LHLP6D8scs/iPlj1n8R84fs/iPkj9m8R+cP2bxHzV/zOI/Wv6YxX/0/DGL/xj5Yxb/MfPHLP5j5Y9Z/MfOH7P4j5M/ZvEfN3/M4j9e/pjFf/z8MYv/h/LHLP4T5I9Z/CfMH7P4T5Q/ZvH/cP6Yxf8j+WMW/4/mj1n8J84fs/h/LH/M4j9J/pjF/+P5Yxb/T+SPWfwnzR+z+H8yf8zi/6n8MYv/ZPljFv9P549Z/D+TP2bx/2z+mMV/8vwxi//n8scs/p/PH7P4fyF/zOI/Rf6Yxf+L+WMW/y/lj1n8v5w/ZvH/Sv6Yxf+r+WMW/6/lj1n8p8wfs/hPlT9m8Z86f8ziP03+mMV/2vwxi/90+WMW/6/nj1n8p88fs/jPkD9m8Z8xf8ziP1P+mMX/G/ljFv+Z88cs/t/MH7P4z5I/ZvH/Vv6Yxf/b+WMW/1nzxyz+s+WPWfxnzx+z+M+RP2bx/07+mMV/zvwxi/9c+WMW/7nzxyz+380fs/jPkz9m8f9e/pjFf978MYv/fPljFv/588cs/gvkj1n8v58/ZvFfMH/M4r9Q/pjFf+H8MYv/IvljFv9F88cs/ovlj1n8f5A/ZvH/Yf6YxX/x/DGL/xL5Yxb/H+WPWfx/nD9m8V8yf8ziv1T+mMV/6fwxi/9P8scs/svkj73jP9qwC//F/svmj1m2/5/mj1n8l8sfs/gvnz9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/1Xyxyz+P8sfs/ivmj9m8V8tf8ziv3r+mMV/jfwxi/+a+WMW/7Xyxyz+a+ePWfzXyR+z+K+bP2bxXy9/zOL/8/wxi/8v8scs/uvnj1n8N8gfs/hvmD9m8d8of8zi/8v8MYv/r/LHLP4b549Z/DfJH7P4b5o/ZvHfLH/M4r95/pjF/9f5Yxb/LfLHLP6/yR+z+G+ZP2bx/23+mMV/q/wxi//W+WMW/23yxyz+2+aPWfx/lz9m8f99/pjFf7v8MYv/H/LHLP5/zB+z+G+fP2bx3yF/zOL/p/wxi/+O+WMW/53yxyz+O+ePWfz/nD9m8f9L/pjFf5f8MYv/rvljFv/d8scs/rvnj1n898gfs/jvmT9m8d8rf8ziv3f+mMV/n/wxi/+++WMW//3yxyz+++ePWfwPyB+z+B+YP2bxPyh/zOJ/cP6Yxf+Q/DGL/6H5Yxb/w/LHLP6H549Z/I/IH7P4H5k/ZvE/Kn/M4n90/pjF/5j8MYv/sfljFv/j8scs/sfnj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+J+ZP2bxPyt/zOJ/dv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4X5g/ZvG/KH/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+17+8/9v/19fo3zeJ/Xds/ZvG/Pn/M4n9D/pjF/8b8MYv/TfljFv+b88cs/rfkj1n8b80fs/jflj9m8b89f8zif0f+mMX/zvwxi/9d+WMW/7vzxyz+9+SPWfzvzR+z+N+XP2bxvz9/zOL/QP6Yxf/B/DGL/0P5Yxb/h/PHLP6P5I9Z/B/NH7P4P5Y/ZvF/PH/M4v9E/pjF/8n8MYv/U/ljFv+n88cs/s/kj1n8n80fs/g/lz9m8X8+f8zi/0L+mMX/xfwxi/9L+WMW/5fzxyz+r+SPWfxfzR+z+L+WP2bxfz1/zOL/Rv6Yxf/N/DGL/1v5Yxb/t/PHJP6jDeSPWfwH5Y9Z/EfKH7P4j5w/ZvEfJX/M4j84f8ziP2r+mMV/tPwxi//o+WMW/zHyxyz+Y+aPWfzHyh+z+I+dP2bxHyd/zOI/bv6YxX+8/DGL//j5Yxb/D+WPWfwnyB+z+E+YP2bxnyh/zOL/4fwxi/9H8scs/h/NH7P4T5w/ZvH/WP6YxX+S/DGL/8fzxyz+n8gfs/hPmj9m8f9k/pjF/1P5Yxb/yfLHLP6fzh+z+H8mf8zi/9n8MYv/5PljFv/P5Y9Z/D+fP2bx/0L+mMV/ivwxi/8X88cs/l/KH7P4fzl/zOL/lfwxi/9X88cs/l/LH7P4T5k/ZvGfKn/M4j91/pjFf5r8MYv/tPljFv/p8scs/l/PH7P4T58/ZvGfIX/M4j9j/pjFf6b8MYv/N/LHLP4z549Z/L+ZP2bxnyV/zOL/rfwxi/+388cs/rPmj1n8Z8sfs/jPnj9m8Z8jf8zi/52BgYHRP6h1+jfO4j9n2z9m8Z8rf8ziP3f+mMX/u/ljFv958scs/t/LH7P4z5s/ZvGfL3/M4j9//pjFf4H8MYv/9/PHLP4L5o9Z/BfKH7P4L5w/ZvFfJH/M4r9o/pjFf7H8MYv/D/LHLP4/zB+z+C+eP2bxXyJ/zOL/o/wxi/+P88cs/kvmj1n8l8ofs/gvnT9m8f9J/pjFf5n8MYv/svljFv+f5o9Z/JfLH7P4L58/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9V8scs/j/LH7P4r5o/ZvFfLX/M4r96/pjFf438MYv/mvljFv+18scs/mvnj1n818kfs/ivmz9m8V8vf8zi//P8MYv/L/LHLP7r549Z/DfIH7P4b5g/ZvHfKH/M4v/L/DGL/6/yxyz+G+ePWfw3yR+z+G+aP2bx3yx/zOK/ef6Yxf/X+WMW/y3yxyz+v8kfs/hvmT9m8f9t/pjFf6v8MYv/1vljFv9t8scs/tvmj1n8f5c/ZvH/ff6YxX+7/DGL/x/yxyz+f8wfs/hvnz9m8d8hf8zi/6f8MYv/jvljFv+d8scs/jvnj1n8/5w/ZvH/S/6YxX+X/DGL/675Yxb/3fLHLP67549Z/PfIH7P475k/ZvHfK3/M4r93/pjFf5/8MYv/vvljFv/98scs/vvnj1n8D8gfs/gfmD9m8T8of8zif3D+mMX/kPwxi/+h+WMW/8Pyxyz+h+ePWfyPyB+z+B+ZP2bxPyp/zOJ/dP6Yxf+Y/DGL/7H5Yxb/4/LHLP7H549Z/E/IH7P4n5g/ZvE/KX/M4n9y/pjF/5T8MYv/qfljFv/T8scs/qfnj1n8z8gfs/ifmT9m8T8rf8zif3b+mMX/nPwxi/+5+WMW//Pyxyz+5+ePWfwvyB+z+F+YP2bxvyh/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/K/IH7P4X5k/ZvG/Kn/M4n91/pjF/5r8MYv/tfljFv/r8scs/tfnj1n8b/ir/8gfzHr9m2bxv7HtH7P435Q/ZvG/OX/M4n9L/pjF/9b8MYv/bfljFv/b88cs/nfkj1n878wfs/jflT9m8b87f8zif0/+mMX/3vwxi/99+WMW//vzxyz+D+SPWfwfzB+z+D+UP2bxfzh/zOL/SP6Yxf/R/DGL/2P5Yxb/x/PHLP5P5I9Z/J/MH7P4P5U/ZvF/On/M4v9M/pjF/9n8MYv/c/ljFv/n88cs/i/kj1n8X8wfs/i/lD9m8X85f8zi/0r+mMX/1fwxi/9r+WMW/9fzxyz+b+SPWfzfzB+z+L+VP2bxfzt/TOI/+kD+mMV/UP6YxX+k/DGL/8j5Yxb/UfLHLP6D88cs/qPmj1n8R8sfs/iPnj9m8R8jf8ziP2b+mMV/rPwxi//Y+WMW/3Hyxyz+4+aPWfzHyx+z+I+fP2bx/1D+mMV/ArH/25u+93UW/wnF/u+XxX+i/DGL/4fzxyz+H8kfs/h/NH/M4j9x/pjF/2P5Yxb/SfLHLP4fzx+z+H8if8ziP2n+mMX/k/ljFv9P5Y9Z/CfLH7P4fzp/zOL/mfwxi/9n88cs/pPnj1n8P5c/ZvH/fP6Yxf8L+WMW/ynyxyz+X8wfs/h/KX/M4v/l/DGL/1fyxyz+X80fs/h/LX/M4j9l/pjFf6r8MYv/1PljFv9p8scs/tPmj1n8p8sfs/h/PX/M4j99/pjFf4b8MYv/jPljFv+Z8scs/t/IH7P4z5w/ZvH/Zv6YxX+W/DGL/7fyxyz+384fs/jPmj9m8Z8tf8ziP3v+mMV/jvwxi/938scs/nPmj1n858ofs/jPnT9m8f9u/pjFf578MYv/9/LHLP7z5o9Z/OfLH7P4z58/ZvFfIH/M4v/9/DGL/4L5Yxb/hfLHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4v+D/DGL/w/zxyz+i+ePWfyXyB+z+P8of8zi/+P8MYv/kvljFv+l8scs/kvnj1n8f5I/ZvFfJn/M4r9s/pjF/6f5Yxb/5fLHLP7L549Z/FfIH7P4r5g/ZvFfKX/M4r9y/pjFf5X8MYv/z/LHLP6r5o9Z/FfLH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/j/PH/M4v+L/DGL//r5Yxb/DfLHLP4b5o9Z/DfKH7P4/zJ/zOL/q/wxi//G+WMW/03yxyz+m+aPWfw3yx+z+G+eP2bx/3X+mMV/i/wxi/9v8scs/lvmj1n8f5s/ZvHfKn/M4r91/pjFf5v8MYv/tvljFv/f5Y9Z/H+fP2bx3y5/zOL/h/wxi/8f88cs/tvnj1n8d8gfs/j/KX/M4r9j/pjFf6f8MYv/zvljFv8/549Z/P+SP2bx3yV/zOK/a/6YxX+3/DGL/+75Yxb/PfLHLP575o9Z/PfKH7P4750/ZvHfJ3/M4r9v/pjFf7/8MYv//vljFv8D8scs/gfmj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bxPyZ/zOJ/bP6Yxf+4/DGL//H5Yxb/E/LHLP4n5o9Z/E/KH7P4n5w/ZvE/JX/M4n9q/pjF/7T8MYv/6fljFv8z8scs/mfmj1n8z8ofs/ifnT9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+F+aPWfwvyh+z+F+cP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5X5o9Z/K/KH7P4X50/ZvG/Jn/M4n9t/pjF/7r8MYv/9fljFv8b8scs/jfmj1n8b8ofs/jfnD9m8b8lf8zif2v+mMX/tvwxi//t+WMW/zvyxyz+d+aPWfzvyh+z+N+dP2bxvyd/zOJ/b/6Yxf++/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/JH/M4v9o/pjF/7H8MYv/4/ljFv8n8scs/k/mj1n8n8ofs/g/nT9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfyxyz+L+aPWfxfyh+z+L+cP2bxfyV/zOL/av6Yxf+1/DGL/+v5Yxb/N/LHLP5v5o9Z/N/KH7P4v50/JvEfYyB/zOI/KH/M4j9S/pjFf+T8MYv/KPljFv/B+WMW/1Hzxyz+o+WPWfxHzx+z+I+RP2bxHzN/zOI/Vv6YxX/s/DGL/zj5Yxb/cfPHLP7j5Y9Z/MfPH7P4fyh/zOI/Qf6YxX/C/DGL/0T5Yxb/D+ePWfw/kj9m8f9o/pjFf+L8MYv/x/LHLP6T5I9Z/D+eP2bx/0T+mMV/0vwxi/8n88cs/p/KH7P4T5Y/ZvH/dP6Yxf8z+WMW/8/mj1n8J88fs/h/Ln/M4v/5/DGL/xfyxyz+U+SPWfy/mD9m8f9S/pjF/8v5Yxb/r+SPWfy/mj9m8f9a/pjFf8r8MYv/VPljFv+p88cs/tPkj1n8p80fs/hPlz9m8f96/pjFf/r8MYv/DPljFv8Z88cs/jPlj1n8v5E/ZvGfOX/M4v/N/DGL/yz5Yxb/b+WPWfy/nT9m8Z81f8ziP1v+mMV/9vwxi/8c+WMW/+/kj1n858wfs/jPlT9m8Z87f8zi/938MYv/PPljFv/v5Y9Z/OfNH7P4z5c/ZvGfP3/M4r9A/pjF//v5Yxb/BfPHLP4L5Y9Z/BfOH7P4L5I/ZvFfNH/M4r9Y/pjF/wf5Yxb/H+aPWfwXzx+z+C+RP2bx/1H+mMX/x/ljFv8l88cs/kvlj1n8l84fs/j/JH/M4r9M/pjFf9n8MYv/T/PHLP7L5Y9Z/JfPH7P4r5A/ZvFfMX/M4r9S/pjFf+X8MYv/KvljFv+f5Y9Z/FfNH7P4r5Y/ZvFfPX/M4r9G/pjFf838MYv/WvljFv+188cs/uvkj1n8180fs/ivlz9m8f95/pjF/xf5Yxb/9fPHLP4b5I9Z/DfMH7P4b5Q/ZvH/Zf6Yxf9X+WMW/43zxyz+m+SPWfw3zR+z+G+WP2bx3zx/zOL/6/wxi/8W+WMW/9/kj1n8t8wfs/j/Nn/M4r9V/pjFf+v8MYv/NvljFv9t88cs/r/LH7P4/z5/zOK/Xf6Yxf8P+WMW/z/mj1n8t88fs/jvkD9m8f9T/pjFf8f8MYv/TvljFv+d88cs/n/OH7P4/yV/zOK/S/6YxX/X/DGL/275Yxb/3fPHLP575I9Z/PfMH7P475U/ZvHfO3/M4r9P/pjFf9/8MYv/fvljFv/988cs/gfkj1n8D8wfs/gflD9m8T84f8zif0j+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4n9K/pjF/9T8MYv/afljFv/T88cs/mfkj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+F+SPWfwvzB+z+F+UP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4X5U/ZvG/On/M4n9N/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5Yxb/1/PHLP5v5I9Z/N/MH7P4v5U/ZvF/O39M4j/mQP6YxX9Q/pjFf6T8MYv/yPljFv9R8scs/oPzxyz+o+aPWfxHyx+z+I+eP2bxHyN/zOI/Zv6YxX+s/DGL/9j5Yxb/cfLHLP7j5o9Z/MfLH7P4j58/ZvH/UP6YxX+C/DGL/4T5Yxb/ifLHLP4fzh+z+H8kf8zi/9H8MYv/xPljFv+P5Y9Z/CfJH7P4fzx/zOL/ifwxi/+k+WMW/0/mj1n8P5U/ZvGfLH/M4v/p/DGL/2fyxyz+n80fs/hPnj9m8f9c/pjF//P5Yxb/L+SPWfynyB+z+H8xf8zi/6X8MYv/l/PHLP5fyR+z+H81f8zi/7X8MYv/lPljFv+p8scs/lPnj1n8p8kfs/hPmz9m8Z8uf8zi//X8MYv/9PljFv8Z8scs/jPmj1n8Z8ofs/h/I3/M4j9z/pjF/5v5Yxb/WfLHLP7fyh+z+H87f8ziP2v+mMV/tvwxi//s+WMW/znyxyz+38kfs/jPmT9m8Z8rf8ziP3f+mMX/u/ljFv958scs/t/LH7P4z5s/ZvGfL3/M4j9//pjFf4H8MYv/9/PHLP4L5o9Z/BfKH7P4L5w/ZvFfJH/M4r9o/pjFf7H8MYv/D/LHLP4/zB+z+C+eP2bxXyJ/zOL/o/wxi/+P88cs/kvmj1n8l8ofs/gvnT9m8f9J/pjFf5n8MYv/svljFv+f5o9Z/JfLH7P4L58/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9V8scs/j/LH7P4r5o/ZvFfLX/M4r96/pjFf438MYv/mvljFv+18scs/mvnj1n818kfs/ivmz9m8V8vf8zi//P8MYv/L/LHLP7r549Z/DeQ+Y/2L85n8d9Q5v+vZvHfKH/M4v/L/DGL/6/yxyz+G+ePWfw3yR+z+G+aP2bx3yx/zOK/ef6Yxf/X+WMW/y3yxyz+v8kfs/hvmT9m8f9t/pjFf6v8MYv/1vljFv9t8scs/tvmj1n8f5c/ZvH/ff6YxX+7/DGL/x/yxyz+f8wfs/hvnz9m8d8hf8zi/6f8MYv/jvljFv+d8scs/jvnj1n8/5w/ZvH/S/6YxX+X/DGL/675Yxb/3fLHLP67549Z/PfIH7P475k/ZvHfK3/M4r93/pjFf5/8MYv/vvljFv/98scs/vvnj1n8D8gfs/gfmD9m8T8of8zif3D+mMX/kPwxi/+h+WMW/8Pyxyz+h+ePWfyPyB+z+B+ZP2bxPyp/zOJ/dP6Yxf+Y/DGL/7H5Yxb/4/LHLP7H549Z/E/IH7P4n5g/ZvE/KX/M4n9y/pjF/5T8MYv/qfljFv/T8scs/qfnj1n8z8gfs/ifmT9m8T8rf8zif3b+mMX/nPwxi/+5+WMW//Pyxyz+5+ePWfwvyB+z+F+YP2bxvyh/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/K/IH7P4X5k/ZvG/Kn/M4n91/pjF/5r8MYv/tfljFv/r8scs/tfnj1n8b8gfs/jfmD9m8b8pf8zif3P+mMX/lvwxi/+t+WMW/9vyxyz+t+ePWfzvyB+z+N+ZP2bxvyt/zOJ/d/6Yxf+e/DGL/735Yxb/+/LHLP73549Z/B/IH7P4P5g/ZvF/KH/M4v9w/pjF/5H8MYv/o/ljFv/H8scs/o/nj1n8n8gfs/g/mT9m8X8qf8zi/3T+mMX/mfwxi/+z+WMW/+fyxyz+z+ePWfxfyB+z+L+YP2bxfyl/zOL/cv6Yxf+V/DGL/6v5Yxb/1/LHLP6v549Z/N/IH7P4v5k/ZvF/K3/M4v92/pjEf6yB/DGL/6D8MYv/SPljFv+R88cs/qPkj1n8B+ePWfxHzR+z+I+WP2bxHz1/zOI/Rv6YxX/M/DGL/1j5Yxb/sfPHLP7j5I9Z/MfNH7P4j5c/ZvEfP3/M4v+h/DGL/wT5Yxb/CfPHLP4T5Y9Z/D+cP2bx/0j+mMX/o/ljFv+J88cs/h/LH7P4T5I/ZvH/eP6Yxf8T+WMW/0nzxyz+n8wfs/h/Kn/M4j9Z/pjF/9P5Yxb/z+SPWfw/mz9m8Z88f8zi/7n8MYv/5/PHLP5fyB+z+E+RP2bx/2L+mMX/S/ljFv8v549Z/L+SP2bx/2r+mMX/a/ljFv8p88cs/lPlj1n8p84fs/hPkz9m8Z82f8ziP13+mMX/6/ljFv/p88cs/jPkj1n8Z8wfs/jPlD9m8f9G/pjFf+b8MYv/N/PHLP6z5I9Z/L+VP2bx/3b+mMV/1vwxi/9s+WMW/9nzxyz+c+SPWfy/kz9m8Z8zf8ziP1f+mMV/7vwxi/9388cs/vPkj1n8v5c/ZvGfN3/M4j9f/pjFf/78MYv/AvljFv/v549Z/BfMH7P4L5Q/ZvFfOH/M4r9I/pjFf9H8MYv/YvljFv8f5I9Z/H+YP2bxXzx/zOK/RP6Yxf9H+WMW/x/nj1n8l8wfs/gvlT9m8V86f8zi/5P8MYv/MvljFv9l88cs/j/NH7P4L5c/ZvFfPn/M4r9C/pjFf8X8MYv/SvljFv+V88cs/qvkj1n8f5Y/ZvFfNX/M4r9a/pjFf/X8MYv/GvljFv8188cs/mvlj1n8184fs/ivkz9m8V83f8ziv17+mMX/5/ljFv9f5I9Z/NfPH7P4b5A/ZvHfMH/M4r9R/pjF/5f5Yxb/X+WPWfw3zh+z+G+SP2bx3zR/zOK/Wf6YxX/z/DGL/6/zxyz+W+SPWfx/kz9m8d8yf8zi/9v8MYv/VvljFv+t88cs/tvkj1n8t80fs/j/Ln/M4v/7/DGL/3b5Yxb/P+SPWfz/mD9m8d8+f8ziv0P+mMX/T/ljFv8d88cs/jvlj1n8d84fs/j/OX/M4v+X/DGL/y75Yxb/XfPHLP675Y9Z/HfPH7P475E/ZvHfM3/M4r9X/pjFf+/8MYv/PvljFv9988cs/vvlj1n8988fs/gfkD9m8T8wf8zif1D+mMX/4Pwxi/8h+WMW/0Pzxyz+h+WPWfwPzx+z+B+RP2bxPzJ/zOJ/VP6Yxf/o/DGL/zH5Yxb/Y/PHLP7H5Y9Z/I/PH7P4n5A/ZvE/MX/M4n9S/pjF/+T8MYv/KfljFv9T88cs/qflj1n8T88fs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F+QP2bxvzB/zOJ/Uf6Yxf/i/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4X5E/ZvG/Mn/M4n9V/pjF/+r8MYv/NfljFv9r88cs/tflj1n8r88fs/jfkD9m8b8xf8zif1P+mMX/5vwxi/8t+WMW/1vzxyz+t+WPWfxvzx+z+N+RP2bxvzN/zOJ/V/6Yxf/u/DGL/z35Yxb/e/PHLP735Y9Z/O/PH7P4P5A/ZvF/MH/M4v9Q/pjF/+H8MYv/I/ljFv9H88cs/o/lj1n8H88fs/g/kT9m8X8yf8zi/1T+mMX/6fwxi/8z+WMW/2fzxyz+z+WPWfyfzx+z+L+QP2bxfzF/zOL/Uv6Yxf/l/DGL/yv5Yxb/V/PHLP6v5Y9Z/F/PH7P4v5E/ZvF/M3/M4v9W/pjF/+38MYn/2AP5Yxb/QfljFv+R8scs/iPnj1n8R8kfs/gPzh+z+I+aP2bxHy1/zOI/ev6YxX+M/DGL/5j5Yxb/sfLHLP5j549Z/MfJH7P4j5s/ZvEfL3/M4j9+/pjF/0P5Yxb/CfLHLP4T5o9Z/CfKH7P4fzh/zOL/kff0f+vtt9/+f7Nq/45Z/D/a9o9Z/CfOH7P4fyx/zOI/Sf6Yxf/j+WMW/0/kj1n8J80fs/h/Mn/M4v+p/DGL/2T5Yxb/T+ePWfw/kz9m8f9s/pjFf/L8MYv/5/LHLP6fzx+z+H8hf8ziP0X+mMX/i/ljFv8v5Y9Z/L+cP2bx/0r+mMX/q/ljFv+v5Y9Z/KfMH7P4T5U/ZvGfOn/M4j9N/pjFf9r8MYv/dPljFv+v549Z/KfPH7P4z5A/ZvGfMX/M4j9T/pjF/xv5Yxb/mfPHLP7fzB+z+M+SP2bx/1b+mMX/2/ljFv9Z88cs/rPlj1n8Z88fs/jPkT9m8f9O/pjFf878MYv/XPljFv+588cs/t/NH7P4z5M/ZvH/Xv6YxX/e/DGL/3z5Yxb/+fPHLP4L5I9Z/L+fP2bxXzB/zOK/UP6YxX/h/DGL/yL5Yxb/RfPHLP6L5Y9Z/H+QP2bx/2H+mMV/8fwxi/8S+WMW/x/lj1n8f5w/ZvFfMn/M4r9U/pjFf+n8MYv/T/LHLP7L5I9Z/JfNH7P4/zR/zOK/XP6YxX/5/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4r5I/ZvH/Wf6YxX/V/DGL/2r5Yxb/1fPHLP5r5I9Z/NfMH7P4r5U/ZvFfO3/M4r9O/pjFf938MYv/evljFv+f549Z/H+RP2bxXz9/zOK/Qf6YxX/D/DGL/0b5Yxb/X+aPWfx/lT9m8d84f8ziv0n+mMV/0/wxi/9m+WMW/83zxyz+v84fs/hvkT9m8f9N/pjFf8v8MYv/b/PHLP5b5Y9Z/LfOH7P4b5M/ZvHfNn/M4v+7/DGL/+/zxyz+2+WPWfz/kD9m8f9j/pjFf/v8MYv/DvljFv8/5Y9Z/HfMH7P475Q/ZvHfOX/M4v/n/DGL/1/yxyz+u+SP/Vf7j/7XqWPvmj/2X+3/t6lj75Y/ZvHfPX/M4r9H/pjFf8/8MYv/XvljFv+988cs/vvkj1n8980fs/jvlz9m8d8/f2yo/9sDAwP/3f4H5I9Ztv8D88cs/gflj1n8D84fs/gfkj9m8T80f8zif1j+mMX/8Pwxi/8R+WMW/yPzxyz+R+WPWfyPzh+z+B+TP2bxPzZ/zOJ/XP6Yxf/4/DGL/wn5Yxb/E/PHLP4n5Y9Z/E/OH7P4n5I/ZvE/NX/M4n9a/pjF//T8MYv/GfljFv8z88cs/mflj1n8z84fs/ifkz9m8T83f8zif17+mMX//Pwxi/8F+WMW/wvzxyz+F+WPWfwvzh+z+F+SP2bxvzR/zOJ/Wf6Yxf/y/DGL/xX5Yxb/K/PHLP5X5Y9Z/K/OH7P4X5M/ZvG/Nn/M4n9d/pjF//r8MYv/DfljFv8b88cs/jflj1n8b84fs/jfkj9m8b81f8zif1v+mMX/9vwxi/8d+WMW/zvzxyz+d+WPWfzvzh+z+N+TP2bxvzd/zOJ/X/6Yxf/+/DGL/wP5Yxb/B/Mf0qARx8Di/1D+mMX/4fwxi/8j+WMW/0fzxyz+j+WPWfwfzx+z+D+RP2bxfzJ/zOL/VP6Yxf/p/DGL/zP5Yxb/Z/PHLP7P5Y9Z/J/PH7P4v5A/ZvF/MX/M4v9S/pjF/+X8MYv/K/ljFv9X88cs/q/lj1n8X88fs/i/kT9m8X8zf8zi/1b+mMX/7fwxif84A/ljFv9B+WMW/5Hyxyz+I+ePWfxHyR+z+A/OH7P4j5o/ZvEfLX/M4j96/pjFf4z8MYv/mPljFv+x8scs/mPnj1n8x8kfs/iPmz9m8R8vf8ziP37+mMX/Q/ljFv8J8scs/hPmj1n8J8ofs/h/OH/M4v+R/DGL/0fzxyz+E+ePWfw/lj9m8Z8kf8zi//H8MYv/J/LHLP6T5o9Z/D+ZP2bx/1T+mMV/svwxi/+n88cs/p/JH7P4fzZ/zOI/ef6Yxf9z+WMW/8/nj1n8v5A/ZvGfIn/M4v/F/DGL/5fyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+U+aPWfynyh+z+E+dP2bxnyZ/zOI/bf6YxX+6/DGL/9fzxyz+0+ePWfxnyB+z+M+YP2bxnyl/zOL/jfwxi//M+WMW/2/mj1n8Z8kfs/h/K3/M4v/t/DGL/6z5Yxb/2fLHLP6z549Z/OfIH7P4fyd/zOI/Z/6YxX+u/DGL/9z5Yxb/7+aPWfznyR+z+H8vf8ziP2/+mMV/vvwxi//8+WMW/wXyxyz+388fs/gvmD9m8V8of8ziv3D+mMV/kfwxi/+i+WMW/8Xyxyz+P8gfs/j/MH/M4r94/pjFf4n8MYv/j/LHLP4/zh+z+C+ZP2bxXyp/zOK/dP6Yxf8n+WMW/2Xyxyz+y+aPWfx/mj9m8V8uf8ziv3z+mMV/hfwxi/+K+WMW/5Xyxyz+K+ePWfxXyR+z+P8sf8ziv2r+mMV/tfwxi//q+WMW/zXyxyz+a+aPWfzXyh+z+K+dP2bxXyd/zOK/bv6YxX+9/DGL/8/zxyz+v8gfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi/8v88cs/r/KH7P4b5w/ZvHfJH/M4r9p/pjFf7P8MYv/5vljFv9f549Z/LfIH7P4/yZ/zOK/Zf6Yxf+3+WMW/63yxyz+W+ePWfy3yR+z+G+bP2bx/13+mMX/9/ljFv/t8scs/n/IH7P4/zF/zOK/ff6YxX+H/DGL/5/yxyz+O+aPWfx3yh+z+O+cP2bx/3P+mMX/L/ljFv9d8scs/rvmj1n8d8sfs/jvnj9m8d8jf8ziv2f+mMV/r/wxi//e+WMW/33yxyz+++aPWfz3yx+z+O+fP2bxPyB/zOJ/YP6Yxf+g/DGL/8H5Yxb/Q/LHLP6H5o9Z/A/LH7P4H54/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv9j8scs/sfmj1n8j8sfs/gfnz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/1Pyxyz+p+aPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvG/IH/M4n9h/pjF/6L8MYv/xfljFv9L8scs/pfmj1n8L8sfs/hfnj9m8b8if8zif2X+mMX/qvwxi//V+WMW/2vyxyz+1+aPWfyvyx+z+F+fP2bxvyF/zOJ/Y/6Yxf+m/DGL/835Yxb/W/LHLP635o9Z/G/LH7P4354/ZvG/I3/M4n9n/pjF/678MYv/3fljFv978scs/vfmj1n878sfs/jfnz9m8X8gf8zi/2D+mMX/ofwxi//D+WMW/0fyxyz+j+aPWfwfyx+z+D+eP2bxfyJ/zOL/ZP6Yxf+p/DGL/9P5Yxb/Z/LHLP7P5o9Z/J/LH7P4P58/ZvF/IX/M4v9i/pjF/6X8MYv/y/ljFv9X8scs/q/mj1n8X8sfs/i/nj9m8X8jf8zi/2b+mMX/rfwxi//b+WMS/3EH8scs/oPyxyz+I+WPWfxHzh+z+I+SP2bxH5w/ZvEfNX/M4j9a/pjFf/T8MYv/GPljFv8x88cs/mPlj1n8x84fs/iPkz9m8R83f8ziP17+mMV//Pwxi/+H8scs/hPkj1n8J8wfs/hPlD9m8f9w/pjF/yP5Yxb/j+aPWfwnzh+z+H8sf8ziP0n+mMX/4/ljFv9P5I9Z/CfNH7P4fzJ/zOL/qfwxi/9k+WMW/0/nj1n8P5M/ZvH/bP6YxX/y/DGL/+fyxyz+n88fs/h/IX/M4j9F/pjF/4v5Yxb/L+WPWfy/nD9m8f9K/pjF/6v5Yxb/r+U/tBEGweI/Zf6YxX+q/DGL/9T5Yxb/afLHLP7T5o9Z/KfLH7P4fz1/zOI/ff6YxX+G/DGL/4z5Yxb/mfLHLP7fyB+z+M+cP2bx/2b+mMV/lvwxi/+38scs/t/OH7P4z5o/ZvGfLX/M4j97/pjFf478MYv/d/LHLP5z5o9Z/OfKH7P4z50/ZvH/bv6YxX+e/DGL//fyxyz+8+aPWfznyx+z+M+fP2bxXyB/zOL//fwxi/+C+WMW/4Xyxyz+C+ePWfwXyR+z+C+aP2bxXyx/zOL/g/wxi/8P88cs/ovnj1n8l8gfs/j/KH/M4v/j/DGL/5L5Yxb/pfLHLP5L549Z/H+SP2bxXyZ/zOK/bP6Yxf+n+WMW/+Xyxyz+y+ePWfxXyB+z+K+YP2bxXyl/zOK/cv6YxX+V/DGL/8/yxyz+q+aPWfxXyx+z+K+eP2bxXyN/zOK/Zv6YxX+t/DGL/9r5Yxb/dfLHLP7r5o9Z/NfLH7P4/zx/zOL/i/wxi//6+WMW/w3yxyz+G+aPWfw3yh+z+P8yf8zi/6v8MYv/xvljFv9N8scs/pvmj1n8N8sfs/hvnj9m8f91/pjFf4v8MYv/b/LHLP5b5o9Z/H+bP2bx3yp/zOK/df6YxX+b/DGL/7b5Yxb/3+WPWfx/nz9m8d8uf8zi/4f8MYv/H/PHLP7b549Z/HfIH7P4/yl/zOK/Y/6YxX+n/DGL/875Yxb/P+ePWfz/kj9m8d8lf8ziv2v+mMV/t/wxi//u+WMW/z3yxyz+e+aPWfz3yh+z+O+dP2bx3yd/zOK/b/6YxX+//DGL//75Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/hfmj1n8L8ofs/hfnD9m8b8kf8zif2n+mMX/svwxi//l+WMW/yvyxyz+V+aPWfyvyh+z+F+dP2bxvyZ/zOJ/bf6Yxf+6/DGL//X5Yxb/G/LHLP435o9Z/G/KH7P435w/ZvG/JX/M4n9r/pjF/7b8MYv/7fljFv878scs/nfmj1n878ofs/jfnT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+D+aPWfwfyh+z+D+cP2bxfyR/zOL/aP6Yxf+x/DGL/+P5Yxb/J/LHLP5P5o9Z/J/KH7P4P50/ZvF/Jn/M4v9s/pjF/7n8MYv/8/ljFv8X8scs/i/mj1n8X8of+y/2H/xu/5fzx/6L/f9u+38lf8zi/2r+mMX/tfwxi//r+WMW/zfyxyz+b+aPWfzfyh+z+L+dPybxH28gf8ziPyh/zOI/Uv6YxX/k/DGL/yj5Yxb/wfljFv9R88cs/qPlj1n8R88fs/iPkT9m8R8zf8ziP1b+mMV/7Pwxi/84+WMW/3Hzxyz+4+WPWfzHzx/7/9ijpyxAEAMIgJNk4rVt27Zt27Zt27Zt27Zt29b/vj7BdtUVquV/SP9Ry/9Q/qOW/6H9Ry3/w/iPWv6H9R+1/A/nP2r5H95/1PI/gv+o5X9E/1HL/0j+o5b/kf1HLf+j+I9a/kf1H7X8j+Y/avkf3X/U8j+G/6jlf0z/Ucv/WP6jlv+x/Uct/+P4j1r+x/UftfyP5z9q+R/ff9TyP4H/qOV/Qv9Ry/9E/qOW/4n9Ry3/k/iPWv4n9R+1/E/mP2r5n9x/1PI/hf+o5X9K/1HL/1T+o5b/qf1HLf/T+I9a/qf1H7X8T+c/avmf3n/U8j+D/6jlf0b/Ucv/TP6jlv+Z/Uct/7P4j1r+Z/UftfzP5j9q+Z/df9TyP4f/qOV/Tv9Ry/9c/qOW/7n9Ry3/8/iPWv7n9R+1/M/nP2r5n99/1PK/gP+o5X9B/1HL/0L+o5b/hf1HLf+L+I9a/hf1H7X8L+Y/avlf3H/U8r+E/6jlf0n/Ucv/Uv6jlv+l/Uct/8v4j1r+l/Uftfwv5z9q+V/ef9Tyv4L/qOV/Rf9Ry/9K/qOW/5X9Ry3/q/iPWv5X9R+1/K/mP2r5X91/1PK/hv+o5X9N/1HL/1r+o5b/tf1HLf/r+I9a/tf1H7X8r+c/avlf33/U8r+B/6jlf0P/Ucv/Rv6jlv+N/Uct/5v4j1r+N/Uftfxv5j9q+d/cf9Tyv4X/qOV/S/9Ry/9W/qOW/639Ry3/2/iPWv639R+1/G/nP2r5395/1PK/g/+o5X9H/1HL/07+o5b/nf1HLf+7+I9a/nf1H7X87+Y/avnf3X/U8r+H/6jlf0//Ucv/Xv6jlv+9/Uct//v4j1r+9/Uftfzv5z9q+d/ff9Tyf4D/qOX/QP9Ry/9B/qOW/4P9Ry3/h/iPWv4P9R+1/B/mP2r5P9x/1PJ/hP+o5f9I/1HL/1H+o5b/o/1HLf/H+I9a/o/1H7X8H+c/avk/3n/U8n+C/6jl/0T/Ucv/Sf6jlv+T/Uct/6f4j1r+T/Uftfyf5j9q+T/df9Tyf4b/qOX/TP9Ry/9Z/qOW/7P9Ry3/5/iPWv7P9R+1/J/nP2r5P99/1PJ/gf+o5f9C/1HL/0X+o5b/i/1HLf+X+I9a/i/1H7X8X+Y/avm/3H/U8n+F/6jl/0r/Ucv/Vf6jlv+r/Uct/9f4j1r+r/Uftfxf5z9q+b/ef9Tyf4P/qOX/Rv9Ry/9N/qOW/5v9Ry3/t/iPWv5v9R+1/N/mP2r5v91/1PJ/h/+o5f9O/1HL/13+o5b/u/1HLf/3+I9a/u/1H7X83+c/avm/33/U8v+A/6jl/0H/Ucv/Q/6jlv+H/Uct/4/4j1r+H/Uftfw/5j9q+X/cf9Ty/4T/qOX/Sf9Ry/9T/qOW/6f9Ry3/z/iPWv6f9R+1/D/nP2r5f95/1PL/gv+o5f9F/1HL/0v+o5b/l/1HLf+v+I9a/l/1H7X8v+Y/avl/3X/U8v+G/6jl/03/Ucv/W/6jlv+3/Uct/+/4j1r+3/Uftfy/5z9q+X/ff9Ty/4H/qOX/Q/9Ry/9H/qOW/4/9/9nAAUX/n/iPWv4/9R+1/H/mP2r5/9x/1PL/hf+o5f9L/1HL/1f+o5b/r/1HLf/f+I9a/r/1H7X8f+c/avn/3n/U8v+D/6jl/0f/Ucv/T/6jlv+f/Uct/7/4j1r+f/Uftfz/5j9q+f/df1TyP8QA/1HL/9/8Ry3/f/cftfz/w3/U8j/Qf9Ty/0//Ucv/v/xHLf//9h+1/P/Hf9Ty/1//Ucv///xHLf//9x+1/A/iP2r5H9R/1PI/mP+o5X9w/9Ff7h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAP9u42Nq+y8OP46dru6c/+3ZzDa8hgsOkmrmztymSw+VAfC6bqWAyYQLawMiqFuYfgBmo1KDEYw2QkiKjb1E0gMWa8GCYgrCQqcSoaJ6IhDkFdxNQwkRGNS83d9i7tvbZZr3pde7HP50V7n1N+p9uS784pWzMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIafO2W25Y29HRtskLL7zwYuDFqf6dCUjttehP9Y8EAAAAAAAAAAAAAAAYSY5vJzrVP0cAAAAAADjdtLS+q7u6asip6sEHc37e1vu+6dUrr9/z/OMry+/7P3z5MJecMPigp6en56Xmrpn9h5OKoih9tun9x5Mrx6Xrd3Zdvr3vKBS/fba5ddv25oM7v/L1h+dOnT6ntvdsbbHmuvaOtiUTiiJU1xZbSwcNVUURJtYW20sHjaWDSbXF/aWDpb0HU4oDpYMLr93Qsa504oRPDaedltbPFtVDii2G/G4wuP/Ork27yu9HuWT5ajVFf/91zT/cW/GxshH6L18/VFX2P+afIDCisfV/+8Ly+1EuecL9/9H2ulXDfWzk/svXDxP0D+kM8/w/pNHe5/09+2eM8Pw/d5hLDux/+peVXaX+b/rlC/X9p2pO5vm/9Pn6jkJ1Zf8Thjz/l57ja8rP/5OKItSO85cDTistrZ/rHu3+X9n90P5rzqrYVA3u/+iqPdWl/g/f9cD7+0/VnlT/A9cPNaPc/6s+c2DojxUYm5bW3T0V9/8x9F8sGOaSA/3P333sqlL/Z+w8sm/Qx8bSf21l/4u33PiJxZu33VLffuPa9W3r225qbGxoWrqsqfGi5Yt7Hwn63o7zVwVOD+O7/xdTKzZVRdE2sF/04WUvlfo/eO4//tZ/avIY+5846v3/Ofd/GNb5E4qJE4uta7ds2dTQ97Z82Nj3tu8/G6b/E7/+H7H/eeX/D1j+urv0BfnA/jfv/OpHSv3fO2nVA/2nJo6x/0mj9d/52ucFIozz/r+uYjOk//ZXv7Ou1P+fXjl+qP/UWL/+nzxq/7vc/2E8Wlor/sLP/1ip/9X/OjzcnxOchDDFn/9BOjn63zrtF9+MW4ep+od0cvS/dHNb5F+2Df+nf0gnR/+/2lF1JG4dztA/pJOj/691P7gxbh2m6R/SydH//tmPPBW3Dv+vf0gnR//H10+/Km4d6vQP6eTo/7Iv7V0dtw7T9Q/p5Oi/6pVpT8Stwwz9Qzo5+q+vOvtTcevwOv1DOjn6v67z4Rfj1mGm/iGdHP1/fuevI79PJ7xe/5BOjv6f+uPWHXHrMEv/kE6O/l+Y1V4ftw5n6h/SydH//Tc88UjcOrxB/5BOjv6f/tYHj8WtQ9A/pJOj/288e2RN3DrM1j+kk6P/fQuP/SFuHc7SP6STo/9/f/TqD8Stwxv1D+nk6D/sX/7duHU4W/+QTo7+r3jyroa4dZijf0gnR/+dK267M24dztE/pJOj/6bmhbPj1uFc/UM6Ofqf8ee/3x23DnP1D+nk6P9j97238t/9PknhPP1DOjn6v3nD6kfj1uF8/UM6OfpfOaPngrh1mKd/SCdH/4eP3vejuHWYr39IJ0f/d9+55Iq4dXiT/iGdHP3/4NbzuuPW4c36h3Ry9P9y7R23xq3DAv1DOjn6//LPapbFrcNC/UM6Ofr/8UPf3xW3Dm/RP6STo/8X3/fYOXHrcIH+IZ0c/e++eNYX49bhrfqHdHL0/+5nNq6PW4dF+od0cvQ/ee/vj8atQ73+IZ0c/c9fdfBDcetwof4hnRz9b1i05ndx67BY/5BOjv6fOfD0obh1WKJ/SCdH/zse+3Rz3Do06B/SydH/45d1/CduHRr1D+nk6P+fTT/5eNw6LNU/pJOj/zMPffsLcevQpH9IJ0f/Vz84eWbcOlykf0gnR/8br5n9vbh1WKZ/SCdH/5fMfejSuHV4m/4hnRz9v+evK26OW4eL9Q/p5Oi/7p57notbh+X6h3Ry9D/v2tuviVuHS/QP6eTo//o59U/GrcOl+od0cvR/x/GWBXHrsEL/kE6O/rtue35f3Dqs1D+kk6P/7k++XBe3Dm/XP6STo/+9U668N24d3qF/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sgMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOJABAAAAEOZvnUf7AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgpwAAAP//isTMqw==")
mount(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380)='devtmpfs\x00', 0x4000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00')

3m29.399532973s ago: executing program 2 (id=114):
socket$kcm(0xa, 0x3, 0x3a)
r0 = socket$kcm(0x10, 0x2, 0x4)
socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000140081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0)

3m29.065953101s ago: executing program 2 (id=119):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x34, r1, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x1c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x5, 0x1, 0x4}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x2001}, 0x4080)

3m28.807926514s ago: executing program 32 (id=119):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x34, r1, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x1c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x5, 0x1, 0x4}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x2001}, 0x4080)

1m49.245568688s ago: executing program 1 (id=1464):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001340)=@newtaction={0x84, 0x30, 0x12f, 0x0, 0x0, {}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x20000000, 0x0, 0x0, 0x10, {0x7, 0x0, 0xba6d, 0x0, 0x0, 0x7}}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x1}}}}]}]}, 0x84}}, 0x0)

1m47.942297078s ago: executing program 1 (id=1468):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000f40)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c03406910927c6b0b55b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfe79578e51bc53099e90f4580d760551b5b342f7cbdb9cd38bdb2209c676b2ac2deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f132020000002cbe7bc04b82d2789cb1b2b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c41146dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a42b359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780c70014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e506d1387b63112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece08ac772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2ef0ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a3f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099bdae7ed04935c2c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adeb988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ffa3c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe4a3ced846891180604b6dd2499d16d7d9158ffffff069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb0814040000007874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dbae3428d2129ecfce1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296c6a298c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f050000000000000026049fe86e09623524f390bf79b441b75fc790c58e273cd905deb28c13c1ed1c0d9cae846b03008cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc48f97496079654f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b4749c28eb5167e9936ed327fb237a56224e49d9ea956d1798571b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecf743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be182724d95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd0403a099f32468f1561f058960d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b656dc0e32384f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bbe3e8ef76f57a2d0e69115d33394e86e4b83c0f3c2a34635f3eee4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cd082027c641ec4355eb4acff90756d1a1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8cc3fe28bc3586844f5fecb92aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a5906002fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128ab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0afd9ae134400f70b5e6aefb7eee403502732df858a2ea033b6c91c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80ffb8f386bb79f5589829b6b0679b5d65a00000000000000e6ff00000000000000000000faff0000bab50bc8508a9644d3e7c328b0ff22035c8073f8c1f0e3da7339fc81d4ab3ef2857ef70a81d8a1628da28c942571880e22df7cabae56d5ff5e483c9c1f5a258b8f1f34cc300312f76a374a6e9b3f9dbd7f538a80b00f97e47895b3201c5126feca0888956a7d768198d9c2109ac508a47ebb99c539ef45af7d87b308117a9e321a3861bc42cf41942c31268a4020221d7b1622585094eddd83c7f4acdd7f5c23d8b730bf03118261edada8b8487a3b1b7548a4687a91f12bf70bb1df3bfe7d4b92ad6fcbf401efd6eb004cf20016ad8d1dad136dd856ffca238b39482811f9c8524bf182f1956a3d044423927df28880bbd11c06407220df8e1d1d483d947d990dc175803d765ca14a915a0040b641959ad3e776b4bb4852fea12983dc18b7404914a6137dc4a78f1e0d331c60a9019c21698cd18753491df962f496f2395563e9c3d7b1228d0e488cf7e50a29541aa757f2e2ee9ff4433d65db0de5a123d569e39dce481156cbec584c9a32a8e3b032fa003192c891d83119bc950abac9147b9fcb0acd9a207b5ceb7e8ed1d91c000000000000000000000000000000141258373281153fa27e586ea82650f070d8851ac9e7ac07b37a6479d4017b5b5af3ff4c91235df4f657d77e386a329aec4d766369c86b62b01ceb028c6fcf206883633cb143016b9f5351a45a8cb4ea110ba700000000000000883416b6eff6a793c71deb7d780c4f51d86ece127c0714144916f397d398ad2fe72b710b932c15c2369cb5d2d2f6ae420672c4a626195a891ac51825077fbc286aa3866bbf18a4a8b836ea8c90af0d5f0aff55b50bc18c27875ed2628b91224b7fa9fd10ccd7c1b1a92bac529df981a6d30100e68555553625c0e91a51000000000000000000fe030f85b294f3ea1fce314a9dcefbe3b64e83c35c5e95734786ca78315793cc0e6e776d2ec07c55cd89541ec25e074e840287011cab538d79e1569df321282071d49a4dc5fb2d7da1d05249d0e153fd04aca2", @ANYRES8], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x16, 0x0, 0xffffffffffffffff, 0xffffffffffffffc9}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x4e, 0x0, &(0x7f0000000000)="06ff03076844268cb89e14f008004ee0ffff00febabec41177fb86dd1402e000030c62079f4b4d2f87e5feca6aab055013f2325f1a3901050b038da1880b25181aa59d943be30043d50ea5a6b868", 0x0, 0x2, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

1m47.941615699s ago: executing program 1 (id=1470):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000180)={0x1, 0xffffffff})

1m47.8453147s ago: executing program 1 (id=1473):
r0 = syz_open_dev$cec(&(0x7f0000000d00), 0x0, 0xc2b02)
ioctl$CEC_ADAP_G_LOG_ADDRS(r0, 0x805c6103, &(0x7f0000000300))
r1 = syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000140)='./file1\x00', 0x1000c01, &(0x7f0000000040)=ANY=[], 0x5, 0x811, &(0x7f0000002380)="$eJzs3U1sHHcVAPA3rp04jkirgkoUpekkKVIiUndtty5WD2W7HjvT2rvW7holqlAbNU6J4vRTVWmEaHNpASEhThxLOVa99AZCAokDcEKiBy4ckCr1hAoCCYEAyWhnd+O1Y6/z5Vi0v5/Vndn/vJl5/9npvJ3NzmwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJFUpkulsSTm8uriqXRzlel6bb7P9O7yfrlm0Ge9EUnrvxgejv3tpv1fWJ18T+vhSBxsPzsYw63BcFzae89dj35+cKA7f5+EbtThzScN9T5JIt5sJXXhzPLy0svbkMht9L2fd0aGexp3RfTZvv9aaT3OZtW8Ucvny7NZmjdq6dTkZOnBkzONdCafyxqnG81sPq3Us3KzVk+PVY6nY1NTE2k2erq2WJ2dLs9l3cZHHhgvlSbTJ0YXsnK9Uas++MRoo3Iyn5vLq7NFzHjptWjFPNLaEZ/Mm2kzK8+n6bnzy0sTW/WuFTS2pmX3mo4dvP+uj1/96O/nl1o75GYLSTo75vjY2Pj42OTDUw8/UioNjpfG1zaU1okrETEQ0YrYlp2WnbV3g7bBzh5z1YSIlTtvzcEbbtJAp/7HXORRjcU4FWmkMVA8rv4NRSWmox61mG89/8PQuulpdA6Q3fr/pQf/8rt+6+2t/90qv3918oEo6v+h9rNDm9X/q7K4/r+xO681svp+O5vetlfi9bgUF+JMLMdyLMXLN5LDrvVL3ca/gVu7vNnIohp5NKIWecxHuWhJOy1pTMVkTEYpno6TMRN7Io2ZyGMusmjE6WhEM7Jij6pEPbIoRzNqUY80jkUljrdenZiKqZiINLIYjdNRi8WoxmxMR7lYyrk4X2z3iXV53fPtZ3723O8/fqc1fiVorE9HktabuVbQ3/oEXVXur6P+dyPU/0+b4c4x61rjb+nxG27GSlH/B699hv/8ZDvTAQAAALZBUnz6nkTEUNxbjM3kc9lTO50WAAAAcAsVX9s72BoMtcbujaR1/l/aIPLD254bAAAAcGskxTV2SUSMxH3tse7lUht9CAAAAAD8Hyr+/f9QazAS8UbR4PwfAAAAPmW+s9k99j/a1bnHbmNhd/KLv0a9PpRcXrkyX/niHe2RzuBrV6Y0Zw4k+zoLKQaTg5f2JhExWMkOJt27X/53d3v4SfF4YPUGhJvd6z8pElg4dX9ysbxRAtE/geJZfD8Ot2MOn20Pz3antNcyMpPPZaOV2tyjY0nnw5Hmq8+f/2YU3f9udX5fEufOLy+NPvvC8tkil8utpVy+2Ln7cdKdK6J9QUWfXFY6WyDu3bjHQ8WFGJ31jrTXW+rt/0B79oH+/U961/lWHGnHHBlpD0fW9n+4tc6x0UfHolzeN9DMTjVfXenpfSeLsXbP31zT8+t4Fd6Ko+2Yo8eOtgcbZDG+Jovnr85ivHf7X9u2uOYs3jn8xql//LqWZBNbZTFxk1kA7JRzxV1/VqvQnqIK/XulrVXQ1tXdPd05r+cod271XUZ3/p5aNxhXVff0Rqr7W3GsHXOs/X5i8MAGdaW0wRH9xfMv/qZzRH/ovR/9+OuHfvvBurp+HVm8F8fbMZ1B3P2rTWpsfeXO5BtPra2q77bmeHfT9TbmxpO4o7URix8fiksPnL945rml55aeHx+fmCw9VCo9PB5DxVuFzmCTTFUegM+2Pr+x0yq9yQffuhK62a/wJA9tcVZ995WvFIzGs/FCLMfZOFFcbRAR92281JGeryGc2OKsdaTnF15ObHFuuRo7vj5299Ek9kbEBrETPVvsiz8sBv/cphcEAG6DI1vU4aT7DuG1z3XmWBdxR5Kc2OK8e20tP94+d+2eHcfmtXwjX9nm7QEAnwVZ/ZNkpPl2Uq/nC0+PTU2NlZsns7ReqzyZ1vPp2SzNq82sXjlZrs5m6UK91qxVuh8dT2eNtLG4sFCrN9OZWj1dqDXyU8Uvv6edn35vZPPlajOvNBbmsnIjSyu1arNcaabTeaOSLiw+Ppc3Tmb1YubGQlbJZ/JKuZnXqmmjtlivZKNp2siynsB8Oqs285k8G0rzarpQz+fL9csRMbc4n6XTWaNSzxeatfYCu+vKqzO1+nyx2NEi7Zd6u//nndjmALDTXnn90oUzy8tLL9/YyB+vJXin+wgArLVBld6zowkBAAAAAAAAAAAAAABXufpyvVbrmpbh6H+R31Dc8OWDr+yOm7n68NM38uX32y/LzS/wvpduZjl7YnnXasuuzs6y89vnukeeeeyxC6styWDv5n38jf0n/5RFt3d9lrPx/ykbXer69r6IXT/9Qbvlq5sEJ4O3uKcfRsQNzL6S9Im5/cciAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjK/wIAAP//BPFR5w==")
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
futex_waitv(0x0, 0x0, 0x0, 0x0, 0x1)
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x800)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r3 = epoll_create1(0x0)
clock_gettime(0x0, &(0x7f0000000100)={<r4=>0x0, <r5=>0x0})
ioctl$VIDIOC_QUERYBUF_DMABUF(r2, 0xc0585609, &(0x7f0000000280)={0x0, 0x2, 0x4, 0x8, 0x2, {r4, r5/1000+10000}, {0x4, 0xc, 0x5, 0x1, 0x6, 0xff, "0be8c911"}, 0x90e5344, 0x4, {<r6=>0xffffffffffffffff}, 0xe, 0x0, r1})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r6, &(0x7f0000000040))
r7 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
getsockopt$netrom_NETROM_N2(r7, 0x103, 0x3, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r2, &(0x7f0000000c40)={0x8000203d})
pipe2$9p(&(0x7f0000000240)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r9, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r10 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r10)
ptrace(0x19, r10)
r11 = dup(r9)
read$FUSE(r11, &(0x7f0000004c00)={0x2020, 0x0, <r12=>0x0, 0x0, 0x0, <r13=>0x0}, 0x2020)
write$FUSE_BMAP(r11, &(0x7f0000000000)={0x18, 0x0, r12, {0xfffffffffffffffc}}, 0x18)
write$FUSE_DIRENTPLUS(r11, &(0x7f0000000440)=ANY=[@ANYBLOB="b0"], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r8, @ANYBLOB=',wfdno=', @ANYRESHEX=r11, @ANYBLOB=',directio,access=user,cache=mmap,vession=9p2000,cache=none,version=9p2000.u,obj_type=trans=fd,,\x00'])
newfstatat(0xffffffffffffff9c, &(0x7f0000000e80)='./file1\x00', &(0x7f0000000f00), 0x800)
r14 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x200, 0x20, 0xa}, 0x18)
kcmp(r13, r10, 0x0, r9, r14)

1m47.770300493s ago: executing program 1 (id=1475):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x0)
epoll_create1(0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x94)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r2, 0x0, 0xb, &(0x7f00000000c0)=0x3, 0x4)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x4000, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
sendmsg$WG_CMD_GET_DEVICE(r0, 0x0, 0x8041)
socket(0x1, 0x80802, 0x0)
epoll_create1(0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r3], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

1m47.419175548s ago: executing program 1 (id=1484):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2c, 0x1, 0x1, 0x301, 0x0, 0x0, {0x3, 0x0, 0x1}, [@CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x1}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x3ff}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x3000}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4840}, 0x4000000)

1m47.2873718s ago: executing program 33 (id=1484):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2c, 0x1, 0x1, 0x301, 0x0, 0x0, {0x3, 0x0, 0x1}, [@CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x1}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x3ff}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x3000}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4840}, 0x4000000)

10.872543114s ago: executing program 3 (id=2945):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
fstatfs(r0, &(0x7f0000000140)=""/166)

10.795986892s ago: executing program 3 (id=2946):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r0, &(0x7f0000000100)=@in4={0x21, 0x1, 0x2, 0x10, {0x2d, 0x4e20, @broadcast}}, 0x24)

10.72292324s ago: executing program 3 (id=2947):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@ipmr_delroute={0x24, 0x19, 0x1, 0x70bd2b, 0x25dfdbff, {0x80, 0x20, 0x90, 0x0, 0x0, 0x4, 0x0, 0x5, 0x5100}, [@RTA_DST={0x8, 0x1, @private=0xa010100}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040810}, 0x4000004)

10.722544352s ago: executing program 3 (id=2948):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f00000002c0)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000e00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x31)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x18)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = open(&(0x7f00000003c0)='.\x00', 0x100, 0x97)
getdents(r1, &(0x7f0000001fc0)=""/184, 0xb8)

10.558582619s ago: executing program 3 (id=2949):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x2, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r1=>0x0}, &(0x7f0000000100)=0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000a80)={r1, 0x9, 0x6}, 0x8)

10.422058768s ago: executing program 3 (id=2950):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x2000002, &(0x7f0000000200)={[{@volume={'volume', 0x3d, 0x3e}}, {@gid}, {@adinicb}, {@rootdir={'rootdir', 0x3d, 0x4}}, {@fileset}, {}, {@gid={'gid', 0x3d, 0xee01}}, {@adinicb}, {@longad}]}, 0x5, 0xc32, &(0x7f0000000e00)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=")
lchown(&(0x7f00000001c0)='./file2\x00', 0x0, 0x0)

10.259255015s ago: executing program 34 (id=2950):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x2000002, &(0x7f0000000200)={[{@volume={'volume', 0x3d, 0x3e}}, {@gid}, {@adinicb}, {@rootdir={'rootdir', 0x3d, 0x4}}, {@fileset}, {}, {@gid={'gid', 0x3d, 0xee01}}, {@adinicb}, {@longad}]}, 0x5, 0xc32, &(0x7f0000000e00)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=")
lchown(&(0x7f00000001c0)='./file2\x00', 0x0, 0x0)

1.912300604s ago: executing program 5 (id=3039):
openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0xc00, 0x0)
r0 = syz_io_uring_setup(0x6d0d, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r0, 0x48e9, 0x0, 0x2, 0x0, 0x0)

1.83928126s ago: executing program 5 (id=3040):
unshare(0xa040600)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
fcntl$setpipe(r0, 0x408, 0x0)

1.839166911s ago: executing program 5 (id=3041):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000001040), 0x6)
write$bt_hci(r0, &(0x7f0000000000)={0x1, @le_set_event_mask={{0x2001, 0x8}, {"d148dafeb1f515ef"}}}, 0xc)

1.773685149s ago: executing program 5 (id=3042):
r0 = socket$nl_route(0x10, 0x3, 0x0)
connect$netlink(r0, &(0x7f0000000280)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
sendmsg$nl_route(r0, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000021000f0000f901000000000002"], 0x1c}}, 0x0)

1.773463419s ago: executing program 5 (id=3043):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x6, 0x7ff00003}]})
llistxattr(0x0, 0x0, 0x0)

1.602570831s ago: executing program 5 (id=3044):
syz_read_part_table(0x1058, &(0x7f0000002780)="$eJzsz7uNwkAYhdHrnX1ocxIyUhJqMEVQAY04owZaIKIMWqAFAioADTLGogPk4JzozidN8Iep2O6SlCQ1v6902R9rLcNuy3N0w6skp+X778847udb7bXJX9J9jb3JbLWeJ83imvw3ffpONofPnAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0/YIAAD//yOzEzU=")
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0xe90, 0x30, 0x25, 0x70bd2b, 0x0, {}, [{0xe7c, 0x1, [@m_pedit={0xe78, 0x1, 0x0, 0x0, {{0xa}, {0xe4c, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x28, 0x5, 0x0, 0x1, [{0x24, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}, @TCA_PEDIT_PARMS={0xe20, 0x2, {{{0x24, 0x9, 0x4, 0x200, 0x8}, 0x1, 0x8}, [{0x6, 0x80000000, 0x5, 0x6495, 0xef1, 0x400}, {0x6, 0x6, 0x7fff, 0x7fffffff, 0x1, 0xffffdb16}, {0x9, 0x2, 0x5d, 0xb, 0x8001, 0x8}, {0x80000000, 0x3, 0x7, 0x7ff, 0x6, 0x48000000}, {0x440e, 0x1ff, 0x2, 0x0, 0x40, 0x5}, {0x5, 0x7, 0x1, 0x6, 0x401, 0x401}, {0xcf, 0x2, 0x5, 0xb037, 0x7, 0x101}, {0xa933, 0x80000000, 0x4, 0x58cc, 0x1ff, 0x1}, {0x7, 0x7, 0x7, 0xfdaecfe, 0x8, 0x44}, {0x7, 0x8, 0x800, 0x5, 0x9, 0x5}, {0x4, 0x5, 0x3ff, 0xff, 0x2, 0x7f}, {0x21d6, 0xd7, 0xffffffff, 0x1, 0x6, 0xffffff80}, {0x5, 0x6, 0x7fff, 0x7, 0x3, 0xe00}, {0x10, 0x7eb9, 0x8, 0x7fff, 0x9}, {0x80000001, 0x5, 0x4, 0x8, 0x1b7, 0x1}, {0x1, 0xc0, 0x6, 0x73, 0x9, 0x400}, {0x6, 0x1, 0x3ff, 0x2, 0x2, 0xfffffff8}, {0xd, 0x4, 0x827a, 0x2e7f, 0xfd9, 0xff}, {0x2, 0xffff7f0a, 0x6, 0x400, 0x3683, 0x3}, {0x8, 0x9, 0x78, 0x2, 0x705cdee5, 0xff}, {0x7ff, 0x7, 0x4, 0x400, 0x3, 0x9}, {0x0, 0x10000, 0x9, 0x2, 0x4, 0x94d0}, {0x100, 0x9, 0x9, 0x609, 0xc, 0x1ff}, {0x45, 0x7, 0x7f, 0x4576, 0x7, 0x81}, {0x2, 0xb, 0x9, 0x2, 0x10, 0x1000}, {0x0, 0x10000, 0x1, 0x0, 0x2, 0x9}, {0xfef4, 0xd13, 0x3, 0x2, 0x9, 0x4}, {0x9, 0xb0, 0x9, 0x1, 0x4, 0x9}, {0x0, 0x140000, 0x4, 0x81, 0x4, 0x7f}, {0x7, 0x8, 0x8, 0x1, 0x10000, 0x3c97}, {0xe00, 0x8001, 0x7ff, 0x7fffffff, 0x4, 0x9}, {0xc1df, 0x7, 0x499, 0x1000, 0x8, 0x100}, {0x100, 0x3, 0x1ff, 0x6, 0x1, 0x6}, {0x3262, 0x474a, 0x10, 0x1b, 0x8, 0x7fff}, {0xffffffff, 0xe6, 0x0, 0xfff, 0x2, 0x8}, {0xfffffffe, 0xae7d, 0xbd15, 0x10, 0x5, 0x8}, {0x9, 0x8001, 0x6, 0x1ff, 0x2, 0x1000}, {0x9, 0x1, 0x9, 0x5, 0x75, 0x4}, {0x5, 0x10200000, 0x1, 0x10001, 0x3fb4, 0xb5e}, {0x9, 0xbca9, 0x10001, 0x9, 0x8000, 0x8}, {0x200, 0x5, 0x8, 0x0, 0x4}, {0x8, 0x8, 0x4, 0x3, 0x7, 0x681e96f2}, {0x414, 0x5, 0x401, 0x3, 0xe, 0x37}, {0xb1e, 0x5, 0xfffffff6, 0x7, 0xd, 0x8}, {0x4, 0x929, 0x6b3d, 0x27e020c9, 0x3, 0x800000}, {0x8, 0x700, 0x2, 0x4, 0x4, 0x4}, {0x3, 0x6, 0x9d, 0x4, 0xd, 0x56d0}, {0x9, 0x77eb, 0x5, 0x6, 0x7fffffff, 0x35}, {0xecea, 0x80000001, 0x2, 0x4, 0x3fb, 0x7}, {0xcb9, 0x3, 0x41f8, 0x8, 0x7, 0x7}, {0xc, 0x3d7b, 0x6, 0x8, 0x3, 0x2}, {0x2, 0x800, 0xe04, 0x0, 0x10, 0x3}, {0x7, 0x6, 0x7fff, 0x9, 0x3, 0xc217}, {0x6, 0x38a8, 0x7, 0x9, 0xd, 0x4}, {0x9, 0x8, 0x2, 0x5, 0x95, 0x7}, {0x200, 0x5, 0x1, 0x3}, {0x401, 0x8000, 0x2522, 0x8, 0x9, 0x1}, {0x9, 0x6, 0x7ff, 0xfffffffb, 0x8, 0x3}, {0x1, 0x2, 0x8f, 0xf3800000, 0x80000000, 0x9}, {0x1, 0x4, 0x9, 0x8, 0x1, 0x2}, {0x10, 0x8, 0xfed, 0x1, 0xcd9, 0xff}, {0x2, 0x6, 0x7, 0x7f, 0xffff, 0xd}, {0xa9f, 0x7, 0x8, 0x8, 0x0, 0x5}, {0x8, 0x2, 0x9, 0x4, 0x2000, 0x9}, {0x100, 0x2, 0x6, 0x40}, {0x0, 0x6, 0x5, 0x1, 0x40, 0x5}, {0x2, 0x1, 0x6, 0x7, 0x1, 0xffffffff}, {0x7, 0x81, 0x8, 0x8, 0xfff, 0x81}, {0x8, 0xf, 0xb, 0x80000000, 0x5, 0x2}, {0x5, 0x0, 0x0, 0x6, 0xa, 0x2}, {0x8, 0x101, 0x400, 0x5, 0x2, 0xf67d}, {0x8, 0x0, 0x6, 0x200000, 0x5, 0x9c66}, {0x800, 0x0, 0x9, 0x7, 0x6, 0x62}, {0x4, 0x7, 0x4, 0xb, 0x8, 0x8}, {0x9, 0x9, 0x1, 0xfff, 0xfffffffa, 0x5}, {0x5, 0x1000, 0x81, 0x80000001, 0x0, 0x80000000}, {0xe, 0x4, 0xff, 0xb757, 0x6, 0x669}, {0x2b, 0x5, 0x6, 0x0, 0x8, 0xe0000}, {0x6, 0xa, 0x8, 0xdc, 0x5, 0xe}, {0xfffffffc, 0x101, 0x6, 0x2, 0xcea3, 0x7fffffff}, {0x816, 0x80, 0xfffff37a, 0x8, 0x2, 0x7}, {0xe7a, 0x9, 0x52, 0x7, 0x100, 0x6}, {0x2, 0x845, 0x76fe, 0x1000, 0x7, 0x4}, {0x7, 0x6, 0x9, 0xfffffff8, 0x1, 0xa479}, {0x738, 0x36, 0x400, 0xd, 0x400}, {0x7, 0x767c, 0x0, 0x81, 0x4, 0x65ec}, {0x6, 0x62d5ed5b, 0xffff, 0x4, 0x6, 0x3ff}, {0x4, 0x7, 0x5, 0xc5c, 0x6, 0x9}, {0x0, 0xbbb, 0xe0d, 0x2, 0x2, 0x3}, {0x3, 0x0, 0x1, 0x1a3, 0x1, 0x6}, {0x7, 0x3, 0x5, 0x7, 0x4, 0x2}, {0x7f, 0x1, 0x4, 0x0, 0xffffffff, 0x6}, {0x7, 0x5d, 0x9, 0x2f1bd1fc, 0x3, 0x2}, {0x1, 0x1, 0x8, 0x4bf, 0xfffffffc, 0xfffffffe}, {0x4, 0x40, 0x2, 0x7f, 0x1, 0xffff}, {0x2, 0x8, 0x1, 0x0, 0x2, 0x3}, {0x0, 0x80000001, 0x6, 0x701, 0x3, 0x5}, {0x9, 0x0, 0x0, 0x3c1, 0xf, 0x2}, {0x4, 0x10, 0x1, 0x1, 0x452, 0x800}, {0x5308, 0x8, 0x9, 0x6, 0xf, 0x4}, {0xb9, 0x0, 0xcde4, 0x9be4, 0x80, 0x8}, {0x7, 0xa, 0x0, 0x7, 0x2, 0x7fffffff}, {0xd6d4, 0x1549, 0xffffffff, 0x0, 0xffffffc0, 0x2}, {0x7, 0x72f0, 0x10, 0x4, 0x1}, {0x5, 0x1, 0x4, 0x58cd, 0x2, 0x9a}, {0x6, 0x8000, 0x6, 0x7, 0x3f1, 0x2}, {0x2, 0xff1, 0x6441, 0x2, 0xb7f, 0xc3}, {0xfffffffc, 0x90, 0x0, 0x0, 0x31b1, 0x8}, {0x800, 0x5, 0x100, 0x0, 0xa, 0x5}, {0x4, 0xac, 0x1, 0x8001, 0x1000, 0x5}, {0x33a9, 0x0, 0xfffffff8, 0x39, 0x400, 0x6}, {0x7, 0x480000, 0x800, 0x1, 0x1, 0x400}, {0x1, 0x7, 0xf, 0xfffffffa, 0x4, 0x6}, {0x101, 0x3, 0x7, 0x47fb, 0x7ffffff7, 0x18b7}, {0xffff7fff, 0x1, 0x3, 0x75bd, 0x7f, 0x36a5}, {0x4, 0x600000, 0x4, 0x9, 0x5c5, 0xe98}, {0x6, 0xc, 0xfff, 0x5, 0x8000}, {0x6, 0xfffffffd, 0x9, 0x3c80, 0xe7, 0x10}, {0x5, 0x6, 0x5f, 0x8, 0xe, 0x2}, {0x7, 0x1, 0x5, 0x6, 0x7f}, {0x7, 0xb5cb, 0xffffffff, 0x0, 0x1ff, 0x180}, {0x8, 0x401, 0x31, 0x6, 0x4, 0x4}, {0xbe1, 0x4d1, 0x7, 0x7f, 0x7, 0xfffffff8}, {0x0, 0x3, 0x8, 0x4, 0x9014, 0x800}, {0x83, 0x7, 0x9, 0xc6, 0xfffffff7, 0x6}, {0x7f, 0x1, 0x380, 0x3, 0x0, 0x8}, {0x80000001, 0x5, 0x5, 0x9, 0x5, 0x3}, {0x4, 0x78, 0x1, 0x68, 0x5d6a, 0x3}], [{}, {0x7, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x7}, {}, {0x2, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x5}, {0x1, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x2, 0x1}, {0x1, 0x1}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x1}, {0x5, 0x1}, {0x1}, {0x3, 0x1}, {0x1}, {0x3}, {0x473fa55f353b9f8f, 0x1}, {0x4}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x2}, {0x2, 0x1}, {0x3, 0x1}, {0x2}, {0x3, 0x1}, {0x5, 0x1}, {0x2}, {0x2}, {0x1}, {0x3}, {0x2, 0x1}, {0x5}, {0x3}, {0x1}, {0x5, 0x1}, {0x5, 0xdfb49ec46723bfa7}, {0x5, 0x1}, {0x1}, {}, {0x4, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x2, 0x1}, {0x1}, {0x7}, {0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x3}, {0x5, 0x1}, {0x4}, {0x2}, {0x2, 0x1}, {}, {0x6}, {0x5}, {0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x1}, {0x1}, {0x4, 0x1}, {0x3}, {0x2}, {0x1, 0x2}, {0x3}, {0x2, 0x1}, {0x7}, {0x4, 0x1}, {0x2, 0x1}, {0x3}, {}, {0x5}, {0x3}, {0x3}, {0x2}, {0x3}, {}, {0x1}, {0x2}, {0x4, 0x1}, {0x3}, {0x2, 0x1}, {0x0, 0x1}, {0x2}, {0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x3}, {0x3}, {0x2}, {0x1}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x1}, {0x4}, {0x3, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x3}, {}, {0x4, 0x1}, {0x3}, {}, {0x5}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe90}}, 0x0)
r1 = add_key(&(0x7f0000000000)='trusted\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="50c95b0115a4d2f19b9a40345a8f1d998998ab7f0db5677d36505b665310e8120d9ce9d397cff3dbb3f2a236fc0c84d843f0aa0dee91287183daee800f537f3174ecb256411b7e9c64f4d80451e487cd110780bde63c516f439be88d4e80b2e9cf31e287215d5bb0f75592c32846ef44e41d0ecf0200000000000000ccdfd1480500ce7f78c1773058933c3386e9cefa0d24e6c9144b7841f51135c2d015fa30c4bb19ddeec5181ada31a44f1767e251ca80b46ef846bfa8a1f9f4af72a1b9dabf", 0xc1, 0xfffffffffffffffd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
r2 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)={0x140, r4, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0xf4, 0x8, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "eff93d58460ea431f2cb4a6894ddb2834088d7445bf5afdd0619ce173f1db717"}]}, {0xa4, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x9, 0x7, @empty, 0x3}}, @WGPEER_A_ALLOWEDIPS={0x5c, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}]}, {0x4}]}]}]}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x140}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0x86, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e7d, 0x2c2e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x20, 0xc, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x2000, 0x3, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xff}}}}}]}}]}}, 0x0)
syz_usb_control_io(r6, 0x0, 0x0)
syz_usb_control_io$hid(r6, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x6, {[@main, @global=@item_4={0x3, 0x1, 0xb, "d026aa4a"}]}}, 0x0}, 0x0)
r7 = openat$null(0xffffffffffffff9c, &(0x7f0000000200), 0x180, 0x0)
setsockopt$WPAN_WANTACK(r7, 0x0, 0x0, &(0x7f00000011c0)=0x1, 0x4)
signalfd(r7, &(0x7f0000001200)={[0x48]}, 0x8)
r8 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ftruncate(r9, 0xde34)
write(r9, &(0x7f0000000840)="1400", 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x9, 0x12, r9, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001280), r7)
sendmsg$NL80211_CMD_NEW_KEY(r9, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000001380)={&(0x7f00000012c0)={0xa4, r10, 0x200, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xa7e3, 0x1c}}}}, [@NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0x1}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "563b26ff29"}]}, @NL80211_ATTR_KEY_SEQ={0x8, 0xa, "fd4cc2a5"}, @NL80211_ATTR_KEY_SEQ={0x13, 0xa, "e53fb2a40ab39fe73c22a757468f2a"}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x1c, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "2494addfa1bf61605ca1cca5e5"}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x5}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20008040}, 0x8014)
keyctl$unlink(0x9, r1, r8)

652.268265ms ago: executing program 4 (id=3053):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000000)=ANY=[@ANYBLOB="640000001900010000000000000000001d01090050000f80490700000000000000c18424783f3bb6a3d7a36227948e622b761acd509d61b4512bb4e36cdf07c9bc8e0d78b418a01238b454c5a4b856dfec1aae4c0b07fbb38f8040d0fa916a0826"], 0x64}}, 0x0)

652.092123ms ago: executing program 4 (id=3054):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="2508007a0000000000000700000008000300", @ANYRES32=r2, @ANYBLOB="1400060064756d6d7930000000000000000000001400040076657468315f746f5f626f016400000005005300010000000800050004"], 0x54}}, 0x0)

566.441813ms ago: executing program 4 (id=3055):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff00000000017c0000040042800c0001800600060090390000100002800c000300080018"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

566.287747ms ago: executing program 4 (id=3056):
r0 = fanotify_init(0x10, 0x101000)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r0, 0x455, 0x8000008, r1, 0x0)
fanotify_mark(r0, 0x7e, 0x800003a, r1, 0x0)

491.825623ms ago: executing program 4 (id=3057):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x8, 0x4, 0x4, 0x8}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

491.529108ms ago: executing program 4 (id=3058):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406a0545000000000000010902"], 0x0)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffd06}}]}}, 0x0)
syz_usb_disconnect(r0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4000000)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100002aafee08f00a5167"], 0x0)

149.396739ms ago: executing program 0 (id=3068):
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3, 0x80, 0xc2, 0x0, 0x0, 0x2}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x66, 0x0, 0x0, 0x2f, 0x0, @rand_addr=0x64010101, @broadcast}, @time_exceeded={0x80, 0x0, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfc, 0x0, 0x3, @loopback, @loopback}}}}}}, 0x0)

149.203493ms ago: executing program 0 (id=3069):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa101, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0x4e04, 0x10, 0x732, 0xbe03, 0xd, "febbad541a00"})
write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0xffffffff, 0xdd69, 0x0, 0x0, "0062ba7d82000000000000000000f7fffeff00"})
r1 = syz_open_pts(r0, 0x8182)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000140)=0x16)

64.063914ms ago: executing program 0 (id=3070):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x7b, &(0x7f0000000000)=@assoc_value, &(0x7f0000000080)=0x8)

63.929533ms ago: executing program 0 (id=3071):
unshare(0x26020480)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x54, 0x0, 0x0)

97.436µs ago: executing program 0 (id=3072):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x8c, 0x200)
ioctl(r0, 0xffff454b, 0x0)

0s ago: executing program 0 (id=3073):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000380)=@newsa={0x14c, 0x10, 0x1, 0x0, 0x0, {{@in=@private=0xa010100, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x4e23, 0x0, 0x2, 0x0, 0x0, 0x87}, {@in=@empty, 0x0, 0x6c}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, {0x200000000, 0x0, 0x7, 0x0, 0x3000000000, 0x0, 0xfffffffffffffff}, {0x0, 0x4}, {}, 0x70bd2a, 0x0, 0xa, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @XFRMA_SET_MARK={0x8, 0x1d, 0x8}, @mark={0xc, 0x15, {0x35075c, 0x2}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x1}, 0x10)

kernel console output (not intermixed with test programs):

sing dummy_hcd
[  187.963586][T10249] netlink: 'syz.3.1754': attribute type 21 has an invalid length.
[  187.992482][T10251] loop3: detected capacity change from 0 to 256
[  188.098869][ T5906] usb 5-1: Using ep0 maxpacket: 32
[  188.103628][ T5906] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  188.106332][ T5906] usb 5-1: config 0 has no interface number 0
[  188.108382][ T5906] usb 5-1: config 0 interface 184 has no altsetting 0
[  188.113665][ T5906] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  188.117141][ T5906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.119696][ T5906] usb 5-1: Product: syz
[  188.122149][ T5906] usb 5-1: Manufacturer: syz
[  188.124085][ T5906] usb 5-1: SerialNumber: syz
[  188.139664][ T5906] usb 5-1: config 0 descriptor??
[  188.148526][ T5906] smsc75xx v1.0.0
[  188.243797][T10259] loop3: detected capacity change from 0 to 128
[  188.366978][T10267] raw_sendmsg: syz.3.1763 forgot to set AF_INET. Fix it!
[  188.395650][T10269] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1764'.
[  188.490066][T10273] netlink: 176 bytes leftover after parsing attributes in process `syz.3.1766'.
[  188.780915][T10277] loop3: detected capacity change from 0 to 32768
[  188.795438][T10277] find_entry called with index = 0
[  188.797132][ T5906] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  188.802257][ T5906] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  188.815124][ T5906] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  188.818926][ T5906] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71
[  188.826835][ T5906] usb 5-1: USB disconnect, device number 6
[  188.908920][T10279] overlayfs: failed to clone upperpath
[  189.036634][T10289] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1775'.
[  189.624171][T10324] pim6reg1: entered promiscuous mode
[  189.627030][T10324] pim6reg1: entered allmulticast mode
[  189.702234][T10329] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1792'.
[  189.812384][T10335] netlink: 495 bytes leftover after parsing attributes in process `syz.4.1795'.
[  189.843148][T10333] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  189.848141][ T5849] IPVS: starting estimator thread 0...
[  189.948450][T10337] IPVS: using max 89 ests per chain, 213600 per kthread
[  190.111923][T10346] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  190.154226][T10346] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  190.428095][T10350] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1801'.
[  191.202787][T10352] loop4: detected capacity change from 0 to 32768
[  191.220391][T10352] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  191.255995][T10352] XFS (loop4): Ending clean mount
[  191.304100][ T9585] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  191.393647][T10366] loop3: detected capacity change from 0 to 32768
[  191.406175][T10366] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  191.491986][ T6222] ocfs2: Unmounting device (7,3) on (node local)
[  191.629506][T10374] netlink: 766 bytes leftover after parsing attributes in process `syz.3.1807'.
[  191.692611][T10384] loop3: detected capacity change from 0 to 256
[  191.695034][T10384] exfat: Unknown parameter 'x09Z6IOky"IrIH$I$%$I&$$!$b'-$9$		I7t:}gk5Yk'
[  191.798703][T10390] loop3: detected capacity change from 0 to 512
[  191.802960][T10390] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  191.815162][T10390] EXT4-fs (loop3): 1 truncate cleaned up
[  191.820612][T10390] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  191.858284][ T6222] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.104101][T10396] loop3: detected capacity change from 0 to 32768
[  192.106905][T10396] XFS: noikeep mount option is deprecated.
[  192.115189][T10396] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  192.144964][T10396] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  192.153574][T10396] XFS (loop3): Starting recovery (logdev: internal)
[  192.166329][T10396] XFS (loop3): Ending recovery (logdev: internal)
[  192.196177][T10413] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1822'.
[  192.199284][T10396] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8
[  192.211677][T10396] XFS (loop3): Unmount and run xfs_repair
[  192.223389][T10396] XFS (loop3): Internal error ltbno + ltlen > bno at line 2104 of file fs/xfs/libxfs/xfs_alloc.c.  Caller xfs_free_ag_extent+0x1098/0x1760
[  192.228564][T10396] CPU: 1 UID: 0 PID: 10396 Comm: syz.3.1817 Not tainted syzkaller #0 PREEMPT(full) 
[  192.228576][T10396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  192.228581][T10396] Call Trace:
[  192.228585][T10396]  <TASK>
[  192.228589][T10396]  dump_stack_lvl+0x189/0x250
[  192.228601][T10396]  ? __pfx__xfs_alert_tag+0x10/0x10
[  192.228611][T10396]  ? __pfx_dump_stack_lvl+0x10/0x10
[  192.228621][T10396]  ? xfs_alloc_get_rec+0x2df/0x410
[  192.228630][T10396]  ? rcu_is_watching+0x15/0xb0
[  192.228641][T10396]  xfs_corruption_error+0x122/0x170
[  192.228650][T10396]  ? xfs_free_ag_extent+0x1098/0x1760
[  192.228660][T10396]  xfs_free_ag_extent+0x1260/0x1760
[  192.228667][T10396]  ? xfs_free_ag_extent+0x1098/0x1760
[  192.228681][T10396]  ? __pfx_xfs_free_ag_extent+0x10/0x10
[  192.228689][T10396]  ? xfs_setattr_size+0x981/0xee0
[  192.228702][T10396]  __xfs_free_extent+0x2f1/0x470
[  192.228713][T10396]  ? __pfx___xfs_free_extent+0x10/0x10
[  192.228732][T10396]  ? rcu_is_watching+0x15/0xb0
[  192.228741][T10396]  xfs_extent_free_finish_item+0x28b/0x670
[  192.228753][T10396]  ? __pfx_xfs_extent_free_finish_item+0x10/0x10
[  192.228762][T10396]  ? rcu_is_watching+0x15/0xb0
[  192.228770][T10396]  ? __pfx_xfs_extent_free_finish_item+0x10/0x10
[  192.228777][T10396]  xfs_defer_finish_one+0x5c8/0xcf0
[  192.228792][T10396]  ? __pfx_xfs_defer_finish_one+0x10/0x10
[  192.228804][T10396]  xfs_defer_finish_noroll+0x910/0x12d0
[  192.228812][T10396]  ? xfs_defer_finish+0x1c/0x180
[  192.228820][T10396]  ? __pfx_xfs_defer_finish_noroll+0x10/0x10
[  192.228833][T10396]  xfs_defer_finish+0x1c/0x180
[  192.228841][T10396]  xfs_bunmapi_range+0xc4/0x140
[  192.228851][T10396]  xfs_itruncate_extents_flags+0x306/0x990
[  192.228864][T10396]  ? __pfx_xfs_itruncate_extents_flags+0x10/0x10
[  192.228876][T10396]  ? xfs_trans_log_inode+0x12c/0x1a0
[  192.228884][T10396]  xfs_setattr_size+0x981/0xee0
[  192.228896][T10396]  ? __pfx_xfs_setattr_size+0x10/0x10
[  192.228906][T10396]  ? rcu_is_watching+0x15/0xb0
[  192.228914][T10396]  ? xfs_vn_setattr_size+0x15c/0x180
[  192.228924][T10396]  xfs_vn_setattr+0x258/0x300
[  192.228933][T10396]  ? evm_inode_setattr+0x1b6/0x7d0
[  192.228941][T10396]  ? __pfx_xfs_vn_setattr+0x10/0x10
[  192.228951][T10396]  ? try_break_deleg+0x79/0x130
[  192.228960][T10396]  ? __pfx_xfs_vn_setattr+0x10/0x10
[  192.228969][T10396]  notify_change+0xb36/0xe40
[  192.228981][T10396]  do_truncate+0x1a4/0x220
[  192.228991][T10396]  ? __pfx_do_truncate+0x10/0x10
[  192.228999][T10396]  ? apparmor_file_truncate+0x23e/0x2d0
[  192.229015][T10396]  path_openat+0x306c/0x3830
[  192.229023][T10396]  ? arch_stack_walk+0xfc/0x150
[  192.229038][T10396]  ? stack_depot_save_flags+0x40/0x860
[  192.229053][T10396]  ? __pfx_path_openat+0x10/0x10
[  192.229060][T10396]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.229075][T10396]  do_filp_open+0x1fa/0x410
[  192.229082][T10396]  ? __lock_acquire+0xab9/0xd20
[  192.229092][T10396]  ? __pfx_do_filp_open+0x10/0x10
[  192.229109][T10396]  ? _raw_spin_unlock+0x28/0x50
[  192.229117][T10396]  ? alloc_fd+0x64c/0x6c0
[  192.229131][T10396]  do_sys_openat2+0x121/0x1c0
[  192.229138][T10396]  ? __se_sys_futex+0x36f/0x400
[  192.229147][T10396]  ? __pfx_do_sys_openat2+0x10/0x10
[  192.229157][T10396]  ? rcu_is_watching+0x15/0xb0
[  192.229165][T10396]  __x64_sys_openat+0x138/0x170
[  192.229175][T10396]  do_syscall_64+0xfa/0x3b0
[  192.229184][T10396]  ? lockdep_hardirqs_on+0x9c/0x150
[  192.229193][T10396]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.229200][T10396]  ? exc_page_fault+0x9f/0xf0
[  192.229211][T10396]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.229218][T10396] RIP: 0033:0x7f02ad38ebe9
[  192.229226][T10396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  192.229231][T10396] RSP: 002b:00007f02ae14d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  192.229269][T10396] RAX: ffffffffffffffda RBX: 00007f02ad5c5fa0 RCX: 00007f02ad38ebe9
[  192.229277][T10396] RDX: 0000000000181242 RSI: 0000200000000180 RDI: ffffffffffffff9c
[  192.229285][T10396] RBP: 00007f02ad411e19 R08: 0000000000000000 R09: 0000000000000000
[  192.229291][T10396] R10: 0000000000000148 R11: 0000000000000246 R12: 0000000000000000
[  192.229295][T10396] R13: 00007f02ad5c6038 R14: 00007f02ad5c5fa0 R15: 00007ffe84071638
[  192.229308][T10396]  </TASK>
[  192.229312][T10396] XFS (loop3): Corruption detected. Unmount and run xfs_repair
[  192.394303][T10396] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721).  Shutting down filesystem.
[  192.400560][T10396] XFS (loop3): Please unmount the filesystem and rectify the problem(s)
[  192.432678][ T6222] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  192.524271][T10419] syz.3.1825(10419): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  192.557021][    T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  192.570423][T10421] sctp: [Deprecated]: syz.3.1826 (pid 10421) Use of struct sctp_assoc_value in delayed_ack socket option.
[  192.570423][T10421] Use struct sctp_sack_info instead
[  192.731897][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  192.738619][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  192.747255][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  192.769790][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  192.778932][    T9] usb 5-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  192.785336][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.795862][    T9] usb 5-1: config 0 descriptor??
[  193.111863][    T9] usb 5-1: USB disconnect, device number 7
[  193.154747][T10436] @: renamed from vlan0 (while UP)
[  193.197736][T10438] overlayfs: failed to clone upperpath
[  193.894293][T10471] vlan0: entered promiscuous mode
[  194.384029][T10501] loop3: detected capacity change from 0 to 4096
[  194.390113][T10501] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  194.406991][T10501] ntfs3(loop3): Failed to initialize $Extend/$Reparse.
[  194.740278][T10533] loop4: detected capacity change from 0 to 1024
[  194.754361][T10533] hfsplus: bad catalog entry type
[  194.791332][    T9] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  194.951882][    T9] usb 4-1: Using ep0 maxpacket: 16
[  194.960012][    T9] usb 4-1: config 0 has an invalid interface number: 63 but max is 0
[  194.964014][    T9] usb 4-1: config 0 has no interface number 0
[  194.966850][    T9] usb 4-1: config 0 interface 63 altsetting 150 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  194.971735][    T9] usb 4-1: config 0 interface 63 altsetting 150 endpoint 0x81 has invalid wMaxPacketSize 0
[  194.979086][    T9] usb 4-1: config 0 interface 63 altsetting 150 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  194.985013][    T9] usb 4-1: config 0 interface 63 has no altsetting 0
[  194.987960][    T9] usb 4-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00
[  194.993020][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.002822][    T9] usb 4-1: config 0 descriptor??
[  195.228187][ T5906] libceph: connect (1)[c::]:6789 error -101
[  195.232516][ T5906] libceph: mon0 (1)[c::]:6789 connect error
[  195.509726][ T5906] libceph: connect (1)[c::]:6789 error -101
[  195.512969][ T5906] libceph: mon0 (1)[c::]:6789 connect error
[  195.648182][    T9] uclogic 0003:28BD:0909.0009: interface is invalid, ignoring
[  195.999808][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[  196.003011][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[  196.007621][T10541] ceph: No mds server is up or the cluster is laggy
[  196.028865][   T10] usb 4-1: USB disconnect, device number 22
[  196.152853][T10554] loop4: detected capacity change from 0 to 1764
[  196.533861][   T10] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  196.694757][   T10] usb 5-1: Using ep0 maxpacket: 8
[  196.702060][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[  196.709164][   T10] usb 5-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice=2b.cd
[  196.719282][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.722140][   T10] usb 5-1: Product: syz
[  196.723838][   T10] usb 5-1: Manufacturer: syz
[  196.725485][   T10] usb 5-1: SerialNumber: syz
[  196.782827][T10570] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  196.785996][T10570] overlayfs: missing 'lowerdir'
[  196.964561][   T10] kalmia 5-1:1.0: probe with driver kalmia failed with error -22
[  196.970902][   T10] usb 5-1: USB disconnect, device number 8
[  197.032363][T10572] loop3: detected capacity change from 0 to 32768
[  197.052444][T10572] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  197.084834][T10572] XFS (loop3): Ending clean mount
[  197.089204][T10572] XFS (loop3): Quotacheck needed: Please wait.
[  197.115733][T10572] XFS (loop3): Quotacheck: Done.
[  197.158222][ T6222] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  197.291569][T10586] netlink: 'syz.3.1892': attribute type 39 has an invalid length.
[  197.629187][   T55] Bluetooth: hci2: command 0x0405 tx timeout
[  198.959762][T10622] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[  199.061206][T10644] loop3: detected capacity change from 0 to 16
[  199.081489][T10644] erofs (device loop3): mounted with root inode @ nid 36.
[  199.172611][   T33] audit: type=1326 audit(1756721725.551:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10666 comm="syz.3.1914" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f02ad385ba7 code=0x7ffc0000
[  199.187844][   T33] audit: type=1326 audit(1756721725.551:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10666 comm="syz.3.1914" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f02ad32adb9 code=0x7ffc0000
[  199.214951][   T33] audit: type=1326 audit(1756721725.551:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10666 comm="syz.3.1914" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f02ad385ba7 code=0x7ffc0000
[  199.225673][   T33] audit: type=1326 audit(1756721725.551:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10666 comm="syz.3.1914" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f02ad32adb9 code=0x7ffc0000
[  199.235085][   T33] audit: type=1326 audit(1756721725.551:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10666 comm="syz.3.1914" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02ad38ebe9 code=0x7ffc0000
[  199.244395][   T33] audit: type=1326 audit(1756721725.551:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10666 comm="syz.3.1914" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02ad38ebe9 code=0x7ffc0000
[  199.253607][   T33] audit: type=1326 audit(1756721725.570:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10666 comm="syz.3.1914" exe="/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f02ad38ebe9 code=0x7ffc0000
[  199.274771][   T33] audit: type=1326 audit(1756721725.570:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10666 comm="syz.3.1914" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02ad38ebe9 code=0x7ffc0000
[  199.291931][   T33] audit: type=1326 audit(1756721725.570:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10666 comm="syz.3.1914" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02ad38ebe9 code=0x7ffc0000
[  199.346504][T10688] 9pnet_fd: Insufficient options for proto=fd
[  199.488109][T10726] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1921'.
[  199.929304][T10763] loop4: detected capacity change from 0 to 512
[  199.932531][T10763] EXT4-fs: Ignoring removed nomblk_io_submit option
[  199.936986][T10763] EXT4-fs: Ignoring removed nomblk_io_submit option
[  199.940391][T10763] EXT4-fs: journaled quota format not specified
[  201.440782][ T6334] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  201.602018][ T6334] usb 4-1: Using ep0 maxpacket: 16
[  201.606212][ T6334] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  201.610671][ T6334] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  201.617273][ T6334] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  201.621495][ T6334] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  201.625649][ T6334] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  201.632484][ T6334] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  201.636518][ T6334] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  201.640012][ T6334] usb 4-1: Manufacturer: syz
[  201.645840][ T6334] usb 4-1: config 0 descriptor??
[  201.921983][ T6334] rc_core: IR keymap rc-hauppauge not found
[  201.924884][ T6334] Registered IR keymap rc-empty
[  201.927885][ T6334] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  201.943606][ T6334] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  201.966556][ T6334] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  201.973852][ T6334] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input11
[  201.982494][ T6334] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  201.997408][ T6334] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  202.021614][ T6334] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  202.039846][ T6334] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  202.063611][ T6334] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  202.083533][ T6334] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  202.106643][ T6334] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  202.129266][ T6334] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  202.147677][ T6334] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  202.178689][ T6334] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  202.202484][ T6334] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[  202.210899][ T6334] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  202.323629][   T33] audit: type=1326 audit(1756721728.498:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10813 comm="syz.4.1947" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3dfbb8ebe9 code=0x0
[  202.363967][ T5849] usb 4-1: USB disconnect, device number 23
[  202.437612][T10818] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1949'.
[  202.766541][ T5906] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  202.950399][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  202.954118][ T5906] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  202.957870][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.962458][T10826] bond0: option fail_over_mac: unable to set because the bond device has slaves
[  202.971888][ T5906] usb 5-1: config 0 descriptor??
[  203.040587][T10832] openvswitch: netlink: IP tunnel dst address not specified
[  203.690343][ T5906] prodikeys 0003:041E:2801.000A: unknown main item tag 0x2
[  203.696698][ T5906] prodikeys 0003:041E:2801.000A: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.4-1/input0
[  203.905701][ T5906] usb 5-1: USB disconnect, device number 9
[  204.205458][T10859] loop3: detected capacity change from 0 to 4096
[  204.209113][T10859] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[  204.237468][T10859] ntfs3(loop3): ino=5, "/" indx_read
[  204.239795][T10859] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  204.492983][ T5906] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  204.506669][ T5906] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  204.707188][T10871] loop3: detected capacity change from 0 to 32768
[  204.729956][T10871] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  204.741310][T10885] bridge0: entered promiscuous mode
[  204.751144][T10871] XFS (loop3): Ending clean mount
[  204.820813][ T6222] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  204.860163][T10895] netlink: 'syz.0.1979': attribute type 4 has an invalid length.
[  205.343195][ T5878] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  205.513946][ T5878] usb 4-1: Using ep0 maxpacket: 32
[  205.519763][ T5878] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  205.524714][ T5878] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  205.529029][ T5878] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  205.532868][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.538415][ T5878] usb 4-1: config 0 descriptor??
[  205.680350][   T55] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  205.684837][   T55] CPU: 1 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted syzkaller #0 PREEMPT(full) 
[  205.684874][   T55] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  205.684884][   T55] Workqueue: hci0 hci_rx_work
[  205.684905][   T55] Call Trace:
[  205.684911][   T55]  <TASK>
[  205.684918][   T55]  dump_stack_lvl+0x189/0x250
[  205.684937][   T55]  ? __pfx_dump_stack_lvl+0x10/0x10
[  205.684952][   T55]  ? __pfx__printk+0x10/0x10
[  205.684994][   T55]  ? kernfs_path_from_node+0x250/0x290
[  205.685007][   T55]  ? kernfs_path_from_node+0x2f/0x290
[  205.685023][   T55]  sysfs_create_dir_ns+0x259/0x280
[  205.685038][   T55]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  205.685079][   T55]  ? do_raw_spin_unlock+0x4d/0x240
[  205.685099][   T55]  kobject_add_internal+0x59f/0xb40
[  205.685120][   T55]  kobject_add+0x155/0x220
[  205.685145][   T55]  ? __pfx_kobject_add+0x10/0x10
[  205.685164][   T55]  ? _raw_spin_unlock+0x28/0x50
[  205.685183][   T55]  ? get_device_parent+0x366/0x3a0
[  205.685199][   T55]  device_add+0x408/0xb50
[  205.685215][   T55]  hci_conn_add_sysfs+0xd5/0x1e0
[  205.685232][   T55]  le_conn_complete_evt+0xc3a/0x1220
[  205.685271][   T55]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  205.685291][   T55]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  205.685309][   T55]  ? __asan_memcpy+0x40/0x70
[  205.685327][   T55]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  205.685344][   T55]  ? skb_pull_data+0xfb/0x200
[  205.685362][   T55]  hci_le_conn_complete_evt+0x187/0x450
[  205.685386][   T55]  hci_event_packet+0x78f/0x1200
[  205.685404][   T55]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  205.685422][   T55]  ? __pfx_hci_event_packet+0x10/0x10
[  205.685438][   T55]  ? kcov_remote_start+0x4d3/0x7f0
[  205.685454][   T55]  ? lockdep_hardirqs_on+0x90/0x150
[  205.685475][   T55]  ? hci_send_to_monitor+0xe2/0x570
[  205.685496][   T55]  hci_rx_work+0x46a/0xe80
[  205.685515][   T55]  ? process_scheduled_works+0x9ef/0x17b0
[  205.685529][   T55]  process_scheduled_works+0xae1/0x17b0
[  205.685563][   T55]  ? __pfx_process_scheduled_works+0x10/0x10
[  205.685588][   T55]  worker_thread+0x8a0/0xda0
[  205.685621][   T55]  kthread+0x711/0x8a0
[  205.685638][   T55]  ? __pfx_worker_thread+0x10/0x10
[  205.685650][   T55]  ? __pfx_kthread+0x10/0x10
[  205.685666][   T55]  ? _raw_spin_unlock_irq+0x23/0x50
[  205.685682][   T55]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.685696][   T55]  ? __pfx_kthread+0x10/0x10
[  205.685712][   T55]  ret_from_fork+0x3fc/0x770
[  205.685728][   T55]  ? __pfx_ret_from_fork+0x10/0x10
[  205.685745][   T55]  ? __switch_to_asm+0x39/0x70
[  205.685760][   T55]  ? __switch_to_asm+0x33/0x70
[  205.685775][   T55]  ? __pfx_kthread+0x10/0x10
[  205.685790][   T55]  ret_from_fork_asm+0x1a/0x30
[  205.685818][   T55]  </TASK>
[  205.801491][T10919] loop4: detected capacity change from 0 to 2048
[  205.804747][   T55] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  205.811732][   T55] Bluetooth: hci0: failed to register connection device
[  205.814772][T10919] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found!
[  205.817196][T10919] UDF-fs: warning (device loop4): udf_fill_super: No fileset found
[  205.882861][T10922] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1993'.
[  206.036833][ T5878] savu 0003:1E7D:2D5A.000C: unbalanced collection at end of report description
[  206.041478][ T5878] savu 0003:1E7D:2D5A.000C: parse failed
[  206.043993][ T5878] savu 0003:1E7D:2D5A.000C: probe with driver savu failed with error -22
[  206.117442][T10935] loop4: detected capacity change from 0 to 4096
[  206.128342][T10935] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  206.138522][T10935] ntfs3(loop4): Failed to load $Extend (-22).
[  206.141018][T10935] ntfs3(loop4): Failed to initialize $Extend.
[  206.257290][ T6334] usb 4-1: USB disconnect, device number 24
[  206.549979][T10945] loop4: detected capacity change from 0 to 32768
[  206.562852][T10945] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  206.587411][T10945] XFS (loop4): Ending clean mount
[  206.589975][   T55] Bluetooth: hci0: unexpected cc 0x2002 length: 9 > 4
[  206.592893][   T55] Bluetooth: hci0: unexpected event for opcode 0x2002
[  206.597309][T10945] XFS (loop4): Quotacheck needed: Please wait.
[  206.627836][T10945] XFS (loop4): Quotacheck: Done.
[  206.676626][ T9585] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  206.725347][T10961] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2009'.
[  206.878023][T10967] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2008'.
[  206.975682][T10975] netlink: 'syz.4.2014': attribute type 2 has an invalid length.
[  207.018838][T10979] loop4: detected capacity change from 0 to 256
[  207.957840][T11016] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2028'.
[  207.962742][T11016] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2028'.
[  207.968615][T11016] ip6gretap0: entered promiscuous mode
[  207.971211][T11016] syz_tun: entered promiscuous mode
[  208.240474][T11040] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  208.260872][T11042] 9pnet: p9_errstr2errno: server reported unknown error n$[
[  208.260872][T11042] Q&|xXX<?AN(u;RU?Sy6]a+U΀)z
[  208.948976][   T33] audit: type=1326 audit(1756721734.700:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11023 comm="syz.4.2032" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dfbb8ebe9 code=0x7fc00000
[  208.977965][   T33] audit: type=1326 audit(1756721734.709:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11023 comm="syz.4.2032" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3dfbb8ebe9 code=0x7fc00000
[  209.592938][T11067] loop3: detected capacity change from 0 to 256
[  209.596701][T11067] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  209.783788][T11072] overlayfs: failed to clone upperpath
[  209.786891][T11072] overlayfs: failed to clone upperpath
[  210.190699][T11078] netlink: 'syz.0.2055': attribute type 9 has an invalid length.
[  210.681083][T11098] netlink: 277 bytes leftover after parsing attributes in process `syz.3.2063'.
[  210.720423][    T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  210.881064][    T9] usb 5-1: Using ep0 maxpacket: 16
[  210.894393][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  210.906006][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  210.909763][    T9] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[  210.916038][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.922253][    T9] usb 5-1: config 0 descriptor??
[  211.401130][    T9] corsair 0003:1B1C:1B02.000D: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.4-1/input0
[  211.616058][    T9] corsair 0003:1B1C:1B02.000D: Failed to get K90 initial state (error -71).
[  211.625085][    T9] usb 5-1: USB disconnect, device number 10
[  211.976977][   T55] Bluetooth: hci0: Malformed Event: 0x2f
[  212.318206][T11125] loop3: detected capacity change from 0 to 32768
[  212.333856][T11125] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  212.371973][T11141] loop4: detected capacity change from 0 to 128
[  212.376778][T11141] EXT4-fs: Ignoring removed nobh option
[  212.384674][ T6222] (syz-executor,6222,1):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  212.393095][ T6222] ocfs2: Unmounting device (7,3) on (node local)
[  212.419582][T11141] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  212.429029][T11141] ext4 filesystem being mounted at /163/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  212.465995][T11141] EXT4-fs error (device loop4): __ext4_find_entry:1626: inode #2: comm syz.4.2082: checksumming directory block 0
[  212.607284][ T9585] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  212.650488][T11157] loop4: detected capacity change from 0 to 256
[  212.659746][T11157] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  213.653888][T11187] loop3: detected capacity change from 0 to 8192
[  214.765684][   T55] Bluetooth: hci0: unexpected event for opcode 0x2007
[  214.910307][T11254] loop4: detected capacity change from 0 to 128
[  214.924377][T11254] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  214.935410][T11254] ext4 filesystem being mounted at /189/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  215.006883][T11259] netlink: 'syz.3.2136': attribute type 6 has an invalid length.
[  215.013494][T11259] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2136'.
[  215.186596][ T9585] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  215.577467][T11291] vxlan0: entered promiscuous mode
[  215.579750][T11291] vxlan0: entered allmulticast mode
[  215.589512][   T12] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  215.592290][   T12] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  215.604430][   T12] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  215.616503][   T12] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  215.915952][ T5878] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  216.647422][T11343] cgroup: none used incorrectly
[  216.767989][ T5878] usb 5-1: Using ep0 maxpacket: 32
[  216.803423][ T5878] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  216.806778][ T5878] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  216.810226][ T5878] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  216.818292][ T5878] usb 5-1: config 1 has no interface number 0
[  216.836477][ T5878] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  216.840820][ T5878] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  216.847299][ T5878] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  216.851298][ T5878] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.862964][ T5878] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  216.991701][T11359] netlink: 'syz.0.2178': attribute type 10 has an invalid length.
[  217.016481][T11359] 8021q: adding VLAN 0 to HW filter on device batadv0
[  217.026663][T11359] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  217.090482][ T5878] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached
[  217.126938][T11367] loop3: detected capacity change from 0 to 65
[  217.143874][T11367] BFS-fs: bfs_fill_super(): NOTE: filesystem loop3 was created with 512 inodes, the real maximum is 511, mounting anyway
[  217.282316][T11377] loop3: detected capacity change from 0 to 1024
[  217.286217][T11377] EXT4-fs: Ignoring removed nomblk_io_submit option
[  217.299210][T11377] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  217.328532][ T6222] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.516868][T11394] capability: warning: `syz.3.2195' uses 32-bit capabilities (legacy support in use)
[  217.538195][ T5878] usb 5-1: USB disconnect, device number 11
[  217.542475][ T5878] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  218.846062][T11430] loop4: detected capacity change from 0 to 32768
[  218.849592][T11430] (syz.4.2210,11430,0):ocfs2_initialize_super:2093 ERROR: couldn't mount RDWR because of unsupported optional features (ffffff00).
[  218.858037][T11430] (syz.4.2210,11430,0):ocfs2_fill_super:1177 ERROR: status = -22
[  218.869264][   T55] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  218.872966][   T55] CPU: 1 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted syzkaller #0 PREEMPT(full) 
[  218.872982][   T55] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  218.872990][   T55] Workqueue: hci1 hci_rx_work
[  218.873008][   T55] Call Trace:
[  218.873014][   T55]  <TASK>
[  218.873020][   T55]  dump_stack_lvl+0x189/0x250
[  218.873041][   T55]  ? __pfx_dump_stack_lvl+0x10/0x10
[  218.873057][   T55]  ? __pfx__printk+0x10/0x10
[  218.873078][   T55]  ? kernfs_path_from_node+0x250/0x290
[  218.873093][   T55]  ? kernfs_path_from_node+0x2f/0x290
[  218.873110][   T55]  sysfs_create_dir_ns+0x259/0x280
[  218.873125][   T55]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  218.873138][   T55]  ? do_raw_spin_unlock+0x4d/0x240
[  218.873156][   T55]  kobject_add_internal+0x59f/0xb40
[  218.873176][   T55]  kobject_add+0x155/0x220
[  218.873199][   T55]  ? __pfx_kobject_add+0x10/0x10
[  218.873218][   T55]  ? _raw_spin_unlock+0x28/0x50
[  218.873237][   T55]  ? get_device_parent+0x366/0x3a0
[  218.873251][   T55]  device_add+0x408/0xb50
[  218.873267][   T55]  hci_conn_add_sysfs+0xd5/0x1e0
[  218.873291][   T55]  le_conn_complete_evt+0xc3a/0x1220
[  218.873318][   T55]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  218.873337][   T55]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  218.873355][   T55]  ? __asan_memcpy+0x40/0x70
[  218.873373][   T55]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  218.873388][   T55]  ? skb_pull_data+0xfb/0x200
[  218.873406][   T55]  hci_le_conn_complete_evt+0x187/0x450
[  218.873428][   T55]  hci_event_packet+0x78f/0x1200
[  218.873444][   T55]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  218.873462][   T55]  ? __pfx_hci_event_packet+0x10/0x10
[  218.873477][   T55]  ? kcov_remote_start+0x4d3/0x7f0
[  218.873493][   T55]  ? lockdep_hardirqs_on+0x90/0x150
[  218.873511][   T55]  ? hci_send_to_monitor+0xe2/0x570
[  218.873531][   T55]  hci_rx_work+0x46a/0xe80
[  218.873550][   T55]  ? process_scheduled_works+0x9ef/0x17b0
[  218.873563][   T55]  process_scheduled_works+0xae1/0x17b0
[  218.873596][   T55]  ? __pfx_process_scheduled_works+0x10/0x10
[  218.873620][   T55]  worker_thread+0x8a0/0xda0
[  218.873651][   T55]  kthread+0x711/0x8a0
[  218.873667][   T55]  ? __pfx_worker_thread+0x10/0x10
[  218.873678][   T55]  ? __pfx_kthread+0x10/0x10
[  218.873694][   T55]  ? _raw_spin_unlock_irq+0x23/0x50
[  218.873708][   T55]  ? lockdep_hardirqs_on+0x9c/0x150
[  218.873722][   T55]  ? __pfx_kthread+0x10/0x10
[  218.873737][   T55]  ret_from_fork+0x3fc/0x770
[  218.873751][   T55]  ? __pfx_ret_from_fork+0x10/0x10
[  218.873768][   T55]  ? __switch_to_asm+0x39/0x70
[  218.873782][   T55]  ? __switch_to_asm+0x33/0x70
[  218.873795][   T55]  ? __pfx_kthread+0x10/0x10
[  218.873810][   T55]  ret_from_fork_asm+0x1a/0x30
[  218.873836][   T55]  </TASK>
[  218.873886][   T55] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  218.997582][   T55] Bluetooth: hci1: failed to register connection device
[  219.051884][T11445] netlink: 'syz.3.2216': attribute type 3 has an invalid length.
[  219.055104][T11445] netlink: 766 bytes leftover after parsing attributes in process `syz.3.2216'.
[  219.101141][T11446] loop4: detected capacity change from 0 to 2048
[  219.116678][T11446] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[  219.119881][T11446] UDF-fs: Scanning with blocksize 512 failed
[  219.141739][T11446] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  219.357065][T11461] libceph: resolve '' (ret=-3): failed
[  219.436787][T11465] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2226'.
[  219.661062][T11458] loop4: detected capacity change from 0 to 40427
[  219.664682][T11470] loop3: detected capacity change from 0 to 32768
[  219.665686][T11458] F2FS-fs (loop4): Image doesn't support compression
[  219.671918][T11458] F2FS-fs (loop4): build fault injection rate: 691
[  219.681419][T11458] F2FS-fs (loop4): invalid crc value
[  219.691998][T10704] JFS: metapage_get_blocks failed
[  219.694218][T10704] JFS: metapage_get_blocks failed
[  219.696385][T10704] JFS: metapage_get_blocks failed
[  219.699426][  T119] blkno = 50030, nblocks = 1
[  219.705564][  T119] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[  219.705564][  T119] 
[  219.710030][  T119] ERROR: (device loop3): remounting filesystem as read-only
[  219.714324][  T119] blkno = 5002c, nblocks = 4
[  219.716142][  T119] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[  219.716142][  T119] 
[  219.738497][T11458] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  219.747023][T11458] F2FS-fs (loop4): Start checkpoint disabled!
[  219.758949][T11458] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  219.792822][   T33] audit: type=1800 audit(1756721744.839:67): pid=11479 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2231" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  219.978406][T11470] JFS: metapage_get_blocks failed
[  219.983399][T11470] JFS: metapage_get_blocks failed
[  220.066689][T11498] loop4: detected capacity change from 0 to 256
[  220.070206][T11498] exfat: Deprecated parameter 'utf8'
[  220.081039][T11498] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d)
[  220.143399][T11501] delete_channel: no stack
[  220.155930][T11503] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode
[  220.161297][T11503] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  220.215353][T11506] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2244'.
[  220.231273][T11507] loop4: detected capacity change from 0 to 1024
[  220.249402][T11507] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 not in group (block 5)!
[  220.253561][T11507] EXT4-fs (loop4): group descriptors corrupted!
[  220.282407][T11507] loop4: detected capacity change from 0 to 1044
[  220.286766][T11507] EXT4-fs (loop4): failed to parse options in superblock: 
[  220.293698][T11507] EXT4-fs (loop4): Unsupported encryption level 3
[  221.352637][T11548] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2262'.
[  221.355721][T11548] netlink: 'syz.3.2262': attribute type 1 has an invalid length.
[  221.358655][T11548] netlink: 'syz.3.2262': attribute type 2 has an invalid length.
[  221.361478][T11548] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2262'.
[  221.426883][T11557] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  221.511848][T11568] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  221.556878][T11570] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  221.709045][T11587] loop3: detected capacity change from 0 to 4096
[  221.730877][T11591] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  221.859849][T11604] tipc: Enabling <eth:lo> not permitted
[  221.862071][T11604] tipc: Enabling of bearer <eth:lo> rejected, failed to enable media
[  223.041365][   T33] audit: type=1400 audit(1756721747.879:68): apparmor="DENIED" operation="stack" class="file" info="label not found" error=-2 profile="unconfined" name=3A3A0AE10CCA7C2B08C9DFF78977F306B457CA93031D371D06D2E59E863E2FE54118A4EE43068DF6BA88E1B6DC3A552C91AE1C817D6B6014270B8BC51F73363852F4F12EE955F464599F0C485D pid=11645 comm="syz.3.2309"
[  223.245499][T11652] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2312'.
[  223.598601][T11661] loop3: detected capacity change from 0 to 32768
[  223.621327][T11661] ERROR: (device loop3): dbFindCtl: Corrupt dmapctl page
[  223.621327][T11661] 
[  223.628215][T11661] ERROR: (device loop3): remounting filesystem as read-only
[  223.631366][T11661] ialloc: diAlloc returned -5!
[  223.814592][T11671] loop4: detected capacity change from 0 to 40427
[  223.823352][T11671] F2FS-fs (loop4): invalid crc value
[  223.880197][T11671] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  223.885419][T11671] F2FS-fs (loop4): Start checkpoint disabled!
[  223.898272][T11671] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  223.932065][T10736] kworker/u10:50: attempt to access beyond end of device
[  223.932065][T10736] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  223.937562][T10736] CPU: 1 UID: 0 PID: 10736 Comm: kworker/u10:50 Not tainted syzkaller #0 PREEMPT(full) 
[  223.937574][T10736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  223.937579][T10736] Workqueue: writeback wb_workfn (flush-7:4)
[  223.937593][T10736] Call Trace:
[  223.937597][T10736]  <TASK>
[  223.937601][T10736]  dump_stack_lvl+0x189/0x250
[  223.937614][T10736]  ? __pfx_dump_stack_lvl+0x10/0x10
[  223.937622][T10736]  ? __pfx_queue_work_on+0x10/0x10
[  223.937630][T10736]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  223.937640][T10736]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  223.937654][T10736]  f2fs_handle_critical_error+0x37c/0x540
[  223.937667][T10736]  f2fs_write_end_io+0x886/0xb60
[  223.937682][T10736]  __submit_merged_bio+0x27a/0x6a0
[  223.937694][T10736]  __submit_merged_write_cond+0x255/0x530
[  223.937706][T10736]  f2fs_write_data_pages+0x261d/0x3000
[  223.937731][T10736]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  223.937776][T10736]  ? __pfx___calc_delta+0x10/0x10
[  223.937826][T10736]  ? __lock_acquire+0xab9/0xd20
[  223.937855][T10736]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  223.937874][T10736]  do_writepages+0x32e/0x550
[  223.937894][T10736]  ? reacquire_held_locks+0x127/0x1d0
[  223.937905][T10736]  ? writeback_sb_inodes+0x384/0x1010
[  223.937926][T10736]  __writeback_single_inode+0x145/0xff0
[  223.937942][T10736]  ? do_raw_spin_unlock+0x4d/0x240
[  223.937959][T10736]  writeback_sb_inodes+0x6c7/0x1010
[  223.938002][T10736]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  223.938048][T10736]  ? rcu_is_watching+0x15/0xb0
[  223.938061][T10736]  wb_writeback+0x43b/0xaf0
[  223.938074][T10736]  ? queue_io+0x3b1/0x590
[  223.938084][T10736]  ? __pfx_wb_writeback+0x10/0x10
[  223.938096][T10736]  ? _raw_spin_unlock_irq+0x23/0x50
[  223.938107][T10736]  wb_workfn+0x409/0xef0
[  223.938122][T10736]  ? __pfx_wb_workfn+0x10/0x10
[  223.938131][T10736]  ? __lock_acquire+0xab9/0xd20
[  223.938145][T10736]  ? process_scheduled_works+0x9ef/0x17b0
[  223.938156][T10736]  ? _raw_spin_unlock_irq+0x23/0x50
[  223.938164][T10736]  ? process_scheduled_works+0x9ef/0x17b0
[  223.938169][T10736]  ? process_scheduled_works+0x9ef/0x17b0
[  223.938177][T10736]  process_scheduled_works+0xae1/0x17b0
[  223.938196][T10736]  ? __pfx_process_scheduled_works+0x10/0x10
[  223.938211][T10736]  worker_thread+0x8a0/0xda0
[  223.938230][T10736]  kthread+0x711/0x8a0
[  223.938240][T10736]  ? __pfx_worker_thread+0x10/0x10
[  223.938249][T10736]  ? __pfx_kthread+0x10/0x10
[  223.938258][T10736]  ? _raw_spin_unlock_irq+0x23/0x50
[  223.938266][T10736]  ? lockdep_hardirqs_on+0x9c/0x150
[  223.938275][T10736]  ? __pfx_kthread+0x10/0x10
[  223.938302][T10736]  ret_from_fork+0x3fc/0x770
[  223.938312][T10736]  ? __pfx_ret_from_fork+0x10/0x10
[  223.938322][T10736]  ? __switch_to_asm+0x39/0x70
[  223.938330][T10736]  ? __switch_to_asm+0x33/0x70
[  223.938337][T10736]  ? __pfx_kthread+0x10/0x10
[  223.938346][T10736]  ret_from_fork_asm+0x1a/0x30
[  223.938363][T10736]  </TASK>
[  223.941099][T10736] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  224.065650][T11681] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode
[  225.580507][   T55] Bluetooth: hci1: command 0x0405 tx timeout
[  225.596156][   T55] Bluetooth: hci1: Malformed HCI Event: 0x22
[  225.635063][T11709] loop4: detected capacity change from 0 to 32768
[  225.638353][T11709] XFS: noikeep mount option is deprecated.
[  225.690110][T11709] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  225.706691][T11709] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  225.716804][T11709] XFS (loop4): Starting recovery (logdev: internal)
[  225.730639][T11709] XFS (loop4): Ending recovery (logdev: internal)
[  225.738021][T11709] XFS (loop4): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8
[  225.743203][T11709] XFS (loop4): Unmount and run xfs_repair
[  225.752876][T11709] XFS (loop4): Metadata corruption detected at xfs_inobt_verify+0x9e/0x1f0, xfs_finobt block 0x8 
[  225.756120][T11709] XFS (loop4): Unmount and run xfs_repair
[  225.757999][T11709] XFS (loop4): First 128 bytes of corrupted metadata buffer:
[  225.760413][T11709] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff  AB3B............
[  225.763447][T11709] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10  ................
[  225.766452][T11709] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  225.769983][T11709] 00000030: 00 00 00 00 c8 fc 31 e4 00 00 04 4e 00 00 00 02  ......1....N....
[  225.774090][T11709] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00  ...`............
[  225.777184][T11709] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  225.780515][T11709] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  225.783783][T11709] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  225.786739][T11709] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x8 len 8 error 117
[  225.803186][ T9585] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  225.808032][T11721] XFS (loop4): Metadata corruption detected at xfs_inobt_verify+0x9e/0x1f0, xfs_finobt block 0x8 
[  225.811624][T11721] XFS (loop4): Unmount and run xfs_repair
[  225.813608][T11721] XFS (loop4): First 128 bytes of corrupted metadata buffer:
[  225.817122][T11721] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff  AB3B............
[  225.820471][T11721] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10  ................
[  225.823523][T11721] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  225.828191][T11721] 00000030: 00 00 00 00 c8 fc 31 e4 00 00 04 4e 00 00 00 02  ......1....N....
[  225.831071][T11721] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00  ...`............
[  225.833926][T11721] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  225.837009][T11721] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  225.840315][T11721] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  225.843528][T11721] XFS (loop4): Corruption of in-memory data (0x8) detected at xfs_buf_submit+0x356/0xc10 (fs/xfs/xfs_buf.c:1463).  Shutting down filesystem.
[  225.848745][T11721] XFS (loop4): Please unmount the filesystem and rectify the problem(s)
[  226.189001][T11739] loop3: detected capacity change from 0 to 512
[  226.217125][T11739] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.2348: bg 0: block 5: invalid block bitmap
[  226.243163][T11739] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  226.247129][T11739] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2348: invalid indirect mapped block 3 (level 2)
[  226.258196][T11739] EXT4-fs (loop3): 1 orphan inode deleted
[  226.260472][T11739] EXT4-fs (loop3): 1 truncate cleaned up
[  226.265814][T11739] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  226.301418][ T6222] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.394816][T11735] loop4: detected capacity change from 0 to 32768
[  226.399719][T11735] OCFS2: ERROR (device loop4): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #65: i_blkno is 67108929
[  226.406591][T11735] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  226.411484][T11735] OCFS2: File system is now read-only.
[  226.413891][T11735] (syz.4.2346,11735,0):ocfs2_read_locked_inode:597 ERROR: status = -30
[  226.417855][T11735] (syz.4.2346,11735,0):ocfs2_init_global_system_inodes:444 ERROR: status = -30
[  226.421444][T11735] (syz.4.2346,11735,0):ocfs2_init_global_system_inodes:476 ERROR: status = -30
[  226.425858][T11735] (syz.4.2346,11735,0):ocfs2_initialize_super:2198 ERROR: status = -30
[  226.429172][T11735] (syz.4.2346,11735,0):ocfs2_fill_super:1177 ERROR: status = -30
[  226.766494][T11762] loop4: detected capacity change from 0 to 32768
[  226.773207][T11762] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  226.791243][T11762] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  226.798494][T11762] XFS (loop4): Starting recovery (logdev: internal)
[  226.814018][T11762] XFS (loop4): Ending recovery (logdev: internal)
[  226.838959][ T9585] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  227.001056][T11774] loop4: detected capacity change from 0 to 1024
[  227.025051][T10704] hfsplus: b-tree write err: -5, ino 4
[  227.071465][T11778] loop4: detected capacity change from 0 to 512
[  227.074867][T11778] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  227.081558][T11778] EXT4-fs (loop4): 1 truncate cleaned up
[  227.085474][T11778] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  227.095459][T11778] EXT4-fs error (device loop4): ext4_get_parent:1838: comm syz.4.2362: inode #2: comm syz.4.2362: iget: illegal inode #
[  227.117362][ T9585] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.204392][T11783] loop4: detected capacity change from 0 to 1764
[  227.254515][T11788] overlayfs: empty lowerdir
[  227.613022][   T97] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  227.631876][T11812] loop3: detected capacity change from 0 to 256
[  227.637130][T11812] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  227.804142][   T97] usb 5-1: Using ep0 maxpacket: 32
[  227.810313][   T97] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  227.814148][   T97] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  227.822259][   T97] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  227.826366][   T97] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.829806][   T97] usb 5-1: Product: syz
[  227.832496][   T97] usb 5-1: Manufacturer: syz
[  227.834525][   T97] usb 5-1: SerialNumber: syz
[  227.839986][   T97] usb 5-1: config 0 descriptor??
[  228.352747][   T47] usb 5-1: USB disconnect, device number 12
[  228.555941][T11815] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2377'.
[  228.560407][T11815] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2377'.
[  229.020270][T11822] loop4: detected capacity change from 0 to 24
[  229.024560][T11822] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  229.027938][T11822] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  229.102889][T11826] loop3: detected capacity change from 0 to 4096
[  229.105691][T11826] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  229.143578][T11826] ntfs3(loop3): ino=1a, mi_enum_attr
[  229.146756][T11826] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  229.150026][T11826] ntfs3(loop3): ino=1a, mi_enum_attr
[  229.152435][T11826] ntfs3(loop3): Failed to initialize $Extend/$Reparse.
[  229.496747][T11835] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  229.585945][T11833] loop4: detected capacity change from 0 to 32768
[  229.594190][T11833] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  229.611111][T11833] XFS (loop4): Ending clean mount
[  229.617950][T11833] XFS (loop4): Quotacheck needed: Please wait.
[  229.791851][T11833] XFS (loop4): Quotacheck: Done.
[  229.897192][T11833] syz.4.2385: attempt to access beyond end of device
[  229.897192][T11833] loop4: rw=4096, sector=35327, nr_sectors = 1 limit=32768
[  229.930021][ T9585] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  230.271332][T11867] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2395'.
[  230.283164][T11867] xfrm1: entered promiscuous mode
[  230.292506][T11867] xfrm1: entered allmulticast mode
[  230.487313][   T47] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  230.551547][ T5910] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  230.680027][   T47] usb 5-1: Using ep0 maxpacket: 8
[  230.686202][   T47] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  230.689973][   T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.694572][   T47] usb 5-1: Product: syz
[  230.696416][   T47] usb 5-1: Manufacturer: syz
[  230.698458][   T47] usb 5-1: SerialNumber: syz
[  230.702814][   T47] usb 5-1: config 0 descriptor??
[  230.712916][ T5910] usb 4-1: Using ep0 maxpacket: 16
[  230.716829][ T5910] usb 4-1: config 0 has an invalid interface number: 9 but max is 1
[  230.720411][ T5910] usb 4-1: config 0 has an invalid interface number: 9 but max is 1
[  230.726258][ T5910] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  230.730286][ T5910] usb 4-1: config 0 has no interface number 0
[  230.733155][ T5910] usb 4-1: config 0 interface 9 has no altsetting 0
[  230.736307][ T5910] usb 4-1: config 0 interface 9 has no altsetting 1
[  230.741624][ T5910] usb 4-1: New USB device found, idVendor=1199, idProduct=6891, bcdDevice=89.a0
[  230.749880][ T5910] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.752546][ T5910] usb 4-1: Product: syz
[  230.754023][ T5910] usb 4-1: Manufacturer: syz
[  230.756802][ T5910] usb 4-1: SerialNumber: syz
[  230.760194][ T5910] usb 4-1: config 0 descriptor??
[  230.899248][T11881] netlink: 'syz.0.2402': attribute type 4 has an invalid length.
[  230.928008][   T47] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  230.987346][ T5910] usb 4-1: selecting invalid altsetting 1
[  230.993271][ T5910] sierra 4-1:0.9: Sierra USB modem converter detected
[  231.002045][ T5910] usb 4-1: Sierra USB modem converter now attached to ttyUSB0
[  231.007336][ T5910] usb 4-1: USB disconnect, device number 25
[  231.019060][ T5910] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  231.024194][ T5910] sierra 4-1:0.9: device disconnected
[  231.673053][T11888] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  231.681719][T11888] batman_adv: batadv0: Removing interface: batadv_slave_0
[  231.686972][T11888] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[  232.381919][T11903] loop3: detected capacity change from 0 to 40427
[  232.390868][T11903] F2FS-fs (loop3): invalid crc value
[  232.479454][T11905] lo speed is unknown, defaulting to 1000
[  232.483121][T11905] lo speed is unknown, defaulting to 1000
[  232.510699][T11905] lo speed is unknown, defaulting to 1000
[  232.541585][T11905] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  232.556315][T11905] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  232.566759][T11903] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  232.570324][T11903] F2FS-fs (loop3): Start checkpoint disabled!
[  232.574277][T11903] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  232.590518][T11905] lo speed is unknown, defaulting to 1000
[  232.595327][T11905] lo speed is unknown, defaulting to 1000
[  232.599149][T11905] lo speed is unknown, defaulting to 1000
[  232.603219][T11905] lo speed is unknown, defaulting to 1000
[  232.753037][T11907] F2FS-fs (loop3): ino:27, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  232.836382][   T47] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  232.847286][   T47] usb 5-1: USB disconnect, device number 13
[  233.046362][T10627] kworker/u10:13: attempt to access beyond end of device
[  233.046362][T10627] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  233.053990][T10627] CPU: 0 UID: 0 PID: 10627 Comm: kworker/u10:13 Not tainted syzkaller #0 PREEMPT(full) 
[  233.054009][T10627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  233.054016][T10627] Workqueue: writeback wb_workfn (flush-7:3)
[  233.054037][T10627] Call Trace:
[  233.054044][T10627]  <TASK>
[  233.054049][T10627]  dump_stack_lvl+0x189/0x250
[  233.054067][T10627]  ? __pfx_dump_stack_lvl+0x10/0x10
[  233.054088][T10627]  ? __pfx_queue_work_on+0x10/0x10
[  233.054099][T10627]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  233.054116][T10627]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  233.054139][T10627]  f2fs_handle_critical_error+0x37c/0x540
[  233.054163][T10627]  f2fs_write_end_io+0x886/0xb60
[  233.054189][T10627]  __submit_merged_bio+0x27a/0x6a0
[  233.054210][T10627]  __submit_merged_write_cond+0x255/0x530
[  233.054232][T10627]  f2fs_write_data_pages+0x261d/0x3000
[  233.054275][T10627]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  233.054355][T10627]  ? f2fs_write_meta_pages+0x357/0x450
[  233.054379][T10627]  ? __lock_acquire+0xab9/0xd20
[  233.054399][T10627]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  233.054417][T10627]  do_writepages+0x32e/0x550
[  233.054437][T10627]  ? reacquire_held_locks+0x127/0x1d0
[  233.054449][T10627]  ? writeback_sb_inodes+0x384/0x1010
[  233.054469][T10627]  __writeback_single_inode+0x145/0xff0
[  233.054484][T10627]  ? do_raw_spin_unlock+0x4d/0x240
[  233.054501][T10627]  writeback_sb_inodes+0x6c7/0x1010
[  233.054535][T10627]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  233.054580][T10627]  ? rcu_is_watching+0x15/0xb0
[  233.054599][T10627]  wb_writeback+0x43b/0xaf0
[  233.054620][T10627]  ? queue_io+0x3b1/0x590
[  233.054636][T10627]  ? __pfx_wb_writeback+0x10/0x10
[  233.054683][T10627]  ? _raw_spin_unlock_irq+0x23/0x50
[  233.054702][T10627]  wb_workfn+0x409/0xef0
[  233.054727][T10627]  ? __pfx_wb_workfn+0x10/0x10
[  233.054744][T10627]  ? __lock_acquire+0xab9/0xd20
[  233.054769][T10627]  ? process_scheduled_works+0x9ef/0x17b0
[  233.054787][T10627]  ? _raw_spin_unlock_irq+0x23/0x50
[  233.054800][T10627]  ? process_scheduled_works+0x9ef/0x17b0
[  233.054811][T10627]  ? process_scheduled_works+0x9ef/0x17b0
[  233.054824][T10627]  process_scheduled_works+0xae1/0x17b0
[  233.054859][T10627]  ? __pfx_process_scheduled_works+0x10/0x10
[  233.054886][T10627]  worker_thread+0x8a0/0xda0
[  233.054921][T10627]  kthread+0x711/0x8a0
[  233.054939][T10627]  ? __pfx_worker_thread+0x10/0x10
[  233.054950][T10627]  ? __pfx_kthread+0x10/0x10
[  233.054964][T10627]  ? _raw_spin_unlock_irq+0x23/0x50
[  233.054978][T10627]  ? lockdep_hardirqs_on+0x9c/0x150
[  233.054994][T10627]  ? __pfx_kthread+0x10/0x10
[  233.055008][T10627]  ret_from_fork+0x3fc/0x770
[  233.055031][T10627]  ? __pfx_ret_from_fork+0x10/0x10
[  233.055048][T10627]  ? __switch_to_asm+0x39/0x70
[  233.055061][T10627]  ? __switch_to_asm+0x33/0x70
[  233.055074][T10627]  ? __pfx_kthread+0x10/0x10
[  233.055095][T10627]  ret_from_fork_asm+0x1a/0x30
[  233.055123][T10627]  </TASK>
[  233.055130][T10627] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  233.182061][T10627] CPU: 0 UID: 0 PID: 10627 Comm: kworker/u10:13 Not tainted syzkaller #0 PREEMPT(full) 
[  233.182088][T10627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  233.182097][T10627] Workqueue: writeback wb_workfn (flush-7:3)
[  233.182117][T10627] Call Trace:
[  233.182122][T10627]  <TASK>
[  233.182128][T10627]  dump_stack_lvl+0x189/0x250
[  233.182147][T10627]  ? __pfx_dump_stack_lvl+0x10/0x10
[  233.182162][T10627]  ? __pfx_queue_work_on+0x10/0x10
[  233.182174][T10627]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  233.182189][T10627]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  233.182214][T10627]  f2fs_handle_critical_error+0x37c/0x540
[  233.182236][T10627]  f2fs_write_end_io+0x886/0xb60
[  233.182263][T10627]  __submit_merged_bio+0x27a/0x6a0
[  233.182284][T10627]  __submit_merged_write_cond+0x255/0x530
[  233.182305][T10627]  f2fs_write_data_pages+0x261d/0x3000
[  233.182349][T10627]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  233.182430][T10627]  ? f2fs_write_meta_pages+0x357/0x450
[  233.182454][T10627]  ? __lock_acquire+0xab9/0xd20
[  233.182476][T10627]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  233.182495][T10627]  do_writepages+0x32e/0x550
[  233.182514][T10627]  ? reacquire_held_locks+0x127/0x1d0
[  233.182526][T10627]  ? writeback_sb_inodes+0x384/0x1010
[  233.182547][T10627]  __writeback_single_inode+0x145/0xff0
[  233.182563][T10627]  ? do_raw_spin_unlock+0x4d/0x240
[  233.182582][T10627]  writeback_sb_inodes+0x6c7/0x1010
[  233.182621][T10627]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  233.182696][T10627]  ? rcu_is_watching+0x15/0xb0
[  233.182718][T10627]  wb_writeback+0x43b/0xaf0
[  233.182740][T10627]  ? queue_io+0x3b1/0x590
[  233.182758][T10627]  ? __pfx_wb_writeback+0x10/0x10
[  233.182779][T10627]  ? _raw_spin_unlock_irq+0x23/0x50
[  233.182799][T10627]  wb_workfn+0x409/0xef0
[  233.182826][T10627]  ? __pfx_wb_workfn+0x10/0x10
[  233.182842][T10627]  ? __lock_acquire+0xab9/0xd20
[  233.182867][T10627]  ? process_scheduled_works+0x9ef/0x17b0
[  233.182885][T10627]  ? _raw_spin_unlock_irq+0x23/0x50
[  233.182899][T10627]  ? process_scheduled_works+0x9ef/0x17b0
[  233.182909][T10627]  ? process_scheduled_works+0x9ef/0x17b0
[  233.182923][T10627]  process_scheduled_works+0xae1/0x17b0
[  233.182960][T10627]  ? __pfx_process_scheduled_works+0x10/0x10
[  233.182986][T10627]  worker_thread+0x8a0/0xda0
[  233.183023][T10627]  kthread+0x711/0x8a0
[  233.183041][T10627]  ? __pfx_worker_thread+0x10/0x10
[  233.183053][T10627]  ? __pfx_kthread+0x10/0x10
[  233.183069][T10627]  ? _raw_spin_unlock_irq+0x23/0x50
[  233.183089][T10627]  ? lockdep_hardirqs_on+0x9c/0x150
[  233.183104][T10627]  ? __pfx_kthread+0x10/0x10
[  233.183120][T10627]  ret_from_fork+0x3fc/0x770
[  233.183136][T10627]  ? __pfx_ret_from_fork+0x10/0x10
[  233.183153][T10627]  ? __switch_to_asm+0x39/0x70
[  233.183167][T10627]  ? __switch_to_asm+0x33/0x70
[  233.183181][T10627]  ? __pfx_kthread+0x10/0x10
[  233.183196][T10627]  ret_from_fork_asm+0x1a/0x30
[  233.183224][T10627]  </TASK>
[  233.183230][T10627] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  233.594156][T11925] loop3: detected capacity change from 0 to 2048
[  233.601088][T11925] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  233.666818][T11921] loop4: detected capacity change from 0 to 32768
[  233.700451][T11921] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  233.745451][T11939] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2422'.
[  233.776052][T11921] XFS (loop4): Ending clean mount
[  233.787581][T11921] XFS (loop4): Quotacheck needed: Please wait.
[  233.830274][T11921] XFS (loop4): Quotacheck: Done.
[  234.022031][T11946] netlink: 'syz.3.2425': attribute type 7 has an invalid length.
[  234.056587][ T9585] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  234.240988][T11951] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  234.343381][T11956] loop4: detected capacity change from 0 to 1024
[  234.348006][T11956] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  234.351965][T11956] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  234.356706][T11956] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869)
[  234.361922][T11956] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  234.366127][T11956] EXT4-fs error (device loop4): ext4_get_journal_inode:5800: comm syz.4.2429: inode #1: comm syz.4.2429: iget: illegal inode #
[  234.375759][T11956] EXT4-fs (loop4): Remounting filesystem read-only
[  234.381397][T11956] EXT4-fs (loop4): no journal found
[  235.283566][T11977] netlink: 'syz.0.2437': attribute type 2 has an invalid length.
[  235.401996][T11974] loop4: detected capacity change from 0 to 40427
[  235.406286][T11974] F2FS-fs (loop4): Wrong SIT boundary, start(1536) end(50334208) blocks(1024)
[  235.409959][T11974] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  235.417973][T11974] F2FS-fs (loop4): invalid crc value
[  235.467032][T11974] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  235.476416][T11974] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  235.479416][T11974] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  235.504658][T11974] syz.4.2436: attempt to access beyond end of device
[  235.504658][T11974] loop4: rw=10241, sector=53248, nr_sectors = 8 limit=40427
[  235.535999][ T9585] syz-executor: attempt to access beyond end of device
[  235.535999][ T9585] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  235.542233][ T9585] CPU: 0 UID: 0 PID: 9585 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  235.542249][ T9585] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  235.542257][ T9585] Call Trace:
[  235.542262][ T9585]  <TASK>
[  235.542268][ T9585]  dump_stack_lvl+0x189/0x250
[  235.542288][ T9585]  ? __pfx_dump_stack_lvl+0x10/0x10
[  235.542303][ T9585]  ? __pfx_queue_work_on+0x10/0x10
[  235.542314][ T9585]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  235.542331][ T9585]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  235.542357][ T9585]  f2fs_handle_critical_error+0x37c/0x540
[  235.542380][ T9585]  f2fs_write_end_io+0x886/0xb60
[  235.542403][ T9585]  __submit_merged_bio+0x27a/0x6a0
[  235.542422][ T9585]  __submit_merged_write_cond+0x255/0x530
[  235.542441][ T9585]  f2fs_write_data_pages+0x261d/0x3000
[  235.542484][ T9585]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  235.542543][ T9585]  ? folios_put_refs+0x559/0x640
[  235.542567][ T9585]  ? __lock_acquire+0xab9/0xd20
[  235.542591][ T9585]  ? do_raw_spin_lock+0x121/0x290
[  235.542640][ T9585]  ? do_raw_spin_unlock+0x4d/0x240
[  235.542657][ T9585]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  235.542674][ T9585]  do_writepages+0x32e/0x550
[  235.542700][ T9585]  ? do_raw_spin_unlock+0x4d/0x240
[  235.542719][ T9585]  filemap_fdatawrite+0x199/0x240
[  235.542735][ T9585]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  235.542793][ T9585]  ? do_raw_spin_unlock+0x4d/0x240
[  235.542810][ T9585]  f2fs_sync_dirty_inodes+0x31f/0x830
[  235.542836][ T9585]  f2fs_write_checkpoint+0x95a/0x1df0
[  235.542870][ T9585]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  235.542918][ T9585]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  235.542930][ T9585]  ? kfree+0x18e/0x440
[  235.542945][ T9585]  ? kill_f2fs_super+0x298/0x6c0
[  235.542961][ T9585]  kill_f2fs_super+0x2c3/0x6c0
[  235.542977][ T9585]  ? __pfx_kill_f2fs_super+0x10/0x10
[  235.542987][ T9585]  ? radix_tree_delete_item+0x2b6/0x400
[  235.543009][ T9585]  ? shrinker_free+0x2ce/0x3e0
[  235.543025][ T9585]  deactivate_locked_super+0xbc/0x130
[  235.543042][ T9585]  cleanup_mnt+0x425/0x4c0
[  235.543063][ T9585]  ? lockdep_hardirqs_on+0x9c/0x150
[  235.543083][ T9585]  task_work_run+0x1d4/0x260
[  235.543103][ T9585]  ? __pfx_task_work_run+0x10/0x10
[  235.543117][ T9585]  ? __x64_sys_umount+0x122/0x160
[  235.543137][ T9585]  ? exit_to_user_mode_loop+0x40/0x110
[  235.543158][ T9585]  exit_to_user_mode_loop+0xec/0x110
[  235.543175][ T9585]  do_syscall_64+0x2bd/0x3b0
[  235.543191][ T9585]  ? lockdep_hardirqs_on+0x9c/0x150
[  235.543207][ T9585]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.543219][ T9585]  ? exc_page_fault+0x9f/0xf0
[  235.543237][ T9585]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.543248][ T9585] RIP: 0033:0x7f3dfbb8ff17
[  235.543260][ T9585] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  235.543270][ T9585] RSP: 002b:00007fff5bba8258 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  235.543284][ T9585] RAX: 0000000000000000 RBX: 00007f3dfbc11c05 RCX: 00007f3dfbb8ff17
[  235.543292][ T9585] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff5bba8310
[  235.543299][ T9585] RBP: 00007fff5bba8310 R08: 0000000000000000 R09: 0000000000000000
[  235.543306][ T9585] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff5bba93a0
[  235.543314][ T9585] R13: 00007f3dfbc11c05 R14: 00000000000385ad R15: 00007fff5bba93e0
[  235.543338][ T9585]  </TASK>
[  235.543343][ T9585] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  235.648446][   T33] audit: type=1326 audit(1756721759.675:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11989 comm="syz.0.2443" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fddcd58ebe9 code=0x0
[  236.441952][   T55] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  236.445119][ T5850] Bluetooth: hci3: command 0x1003 tx timeout
[  236.595436][T12019] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2455'.
[  236.942925][T12043] tmpfs: Bad value for 'mpol'
[  237.439334][T12050] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2469'.
[  237.689275][T12068] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2478'.
[  237.966024][T12085] can: request_module (can-proto-0) failed.
[  238.036056][T12096] program syz.3.2490 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  238.097535][T12102] program syz.4.2493 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  238.308713][T12120] netlink: 27 bytes leftover after parsing attributes in process `syz.0.2502'.
[  238.484131][   T10] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  238.527251][   T47] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  238.644255][   T10] usb 5-1: Using ep0 maxpacket: 32
[  238.647740][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  238.653169][   T10] usb 5-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  238.657272][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.660330][   T10] usb 5-1: Product: syz
[  238.661912][   T10] usb 5-1: Manufacturer: syz
[  238.663548][   T10] usb 5-1: SerialNumber: syz
[  238.668650][   T10] usb 5-1: config 0 descriptor??
[  238.672183][   T10] usb 5-1: bad CDC descriptors
[  238.674394][   T10] usb 5-1: unsupported MDLM descriptors
[  238.708516][   T47] usb 4-1: Using ep0 maxpacket: 32
[  238.717251][   T47] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  238.723339][   T47] usb 4-1: config 0 has no interface number 0
[  238.728508][   T47] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  238.734935][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.738374][   T47] usb 4-1: Product: syz
[  238.741404][   T47] usb 4-1: Manufacturer: syz
[  238.743437][   T47] usb 4-1: SerialNumber: syz
[  238.747837][   T47] usb 4-1: config 0 descriptor??
[  238.752484][   T47] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  238.891030][   T10] usb 5-1: USB disconnect, device number 14
[  238.976003][   T47] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  238.983389][   T47] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  239.409130][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  239.409963][   T10] usb 4-1: USB disconnect, device number 26
[  239.422288][   T10] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  239.442686][   T10] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  239.448110][T12150] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2517'.
[  239.453210][   T10] quatech2 4-1:0.51: device disconnected
[  239.774052][T12172] tc_dump_action: action bad kind
[  239.862999][ T5910] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  239.992438][T12185] loop3: detected capacity change from 0 to 512
[  239.996888][T12185] EXT4-fs: Ignoring removed nomblk_io_submit option
[  240.015382][T12185] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  240.018737][T12185] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c040e128, mo2=0002]
[  240.022081][T12185] EXT4-fs (loop3): orphan cleanup on readonly fs
[  240.024616][ T5910] usb 5-1: Using ep0 maxpacket: 8
[  240.027165][T12185] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0
[  240.028233][T12189] No source specified
[  240.031119][T12185] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  240.039746][T12185] EXT4-fs (loop3): Cannot turn on quotas: error -22
[  240.042470][ T5910] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  240.046189][ T5910] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  240.049193][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.056091][T12185] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2535: bg 0: block 40: padding at end of block bitmap is not set
[  240.063190][ T5910] usb 5-1: config 0 descriptor??
[  240.067801][T12185] EXT4-fs (loop3): Remounting filesystem read-only
[  240.070630][T12185] EXT4-fs (loop3): 1 truncate cleaned up
[  240.074150][T12185] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  240.080683][ T5910] gspca_main: vc032x-2.14.0 probing 046d:0892
[  240.122412][ T6222] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.456120][T12220] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  240.750301][   T10] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  240.913711][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  240.918352][   T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  240.928174][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  240.937214][   T10] usb 4-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  240.942169][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.953719][   T10] usb 4-1: config 0 descriptor??
[  240.958916][   T10] em28xx 4-1:0.0: error: skipping audio endpoint 0x83, because it uses bulk transfers !
[  241.178305][   T10] usb 4-1: USB disconnect, device number 27
[  241.364476][ T5910] gspca_vc032x: reg_w err -71
[  241.366616][ T5910] vc032x 5-1:0.0: probe with driver vc032x failed with error -71
[  241.374043][ T5910] usb 5-1: USB disconnect, device number 15
[  241.459753][T12252] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2565'.
[  241.463686][T12252] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2565'.
[  241.826604][T12264] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2571'.
[  242.006059][T12276] geneve2: entered promiscuous mode
[  242.008207][T12276] geneve2: entered allmulticast mode
[  242.048429][T12278] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.2577'.
[  242.179108][T12280] binder: 12279:12280 ioctl c0306201 200000000040 returned -14
[  242.517127][T12292] tmpfs: Group quota inode hardlimit too large.
[  242.521351][T12290] netdevsim netdevsim4: Direct firmware load for .. failed with error -2
[  242.527983][T12290] netdevsim netdevsim4: Falling back to sysfs fallback for: ..
[  243.245608][T12304] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  243.500761][T12316] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  243.607023][T12312] loop3: detected capacity change from 0 to 32768
[  243.612003][T12312] (syz.3.2594,12312,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  243.622602][T12312] (syz.3.2594,12312,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  243.644883][T12312] JBD2: Ignoring recovery information on journal
[  243.651354][T12325] cgroup: noprefix used incorrectly
[  243.693453][T12312] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  243.889396][ T6222] ocfs2: Unmounting device (7,3) on (node local)
[  243.913894][T12338] loop4: detected capacity change from 0 to 4096
[  243.943000][T12339] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  244.147024][T12350] hsr0: entered promiscuous mode
[  244.149131][T12350] macsec1: entered promiscuous mode
[  244.296680][T12359] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  244.372596][T12364] loop4: detected capacity change from 0 to 1024
[  244.400677][T12359] vxfs: unable to read disk superblock at 1
[  244.405226][T12359] I/O error, dev loop3, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  244.419402][T12359] vxfs: unable to read disk superblock at 8
[  244.422561][T12359] vxfs: can't find superblock.
[  244.705813][ T5910] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  244.867850][ T5910] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  244.871731][ T5910] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  244.875334][ T5910] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  244.887416][ T5910] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  244.891598][ T5910] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  244.895280][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.912262][ T5910] usb 5-1: config 0 descriptor??
[  245.118215][T12378] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2624'.
[  245.132072][ T5910] hdpvr 5-1:0.0: firmware version 0x8 dated )˟=J+noKܐo5foɠObL
[  245.346749][ T5910] hdpvr 5-1:0.0: device init failed
[  245.350607][ T5910] hdpvr 5-1:0.0: probe with driver hdpvr failed with error -12
[  245.356759][ T5910] usb 5-1: USB disconnect, device number 16
[  245.854786][T12404] loop3: detected capacity change from 0 to 32768
[  245.866791][T12404] find_entry called with index >= next_index
[  246.037995][T12423] bond1: entered promiscuous mode
[  246.044227][T12423] bond1: entered allmulticast mode
[  246.046953][T12423] 8021q: adding VLAN 0 to HW filter on device bond1
[  246.156052][T12422] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.160538][T12422] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.585044][T12452] futex_wake_op: syz.0.2658 tries to shift op by 32; fix this program
[  246.593119][ T5871] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  246.606970][ T5871] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  246.621809][ T5871] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  246.629373][ T5871] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  246.736377][T12461] loop4: detected capacity change from 0 to 1764
[  246.756808][T12461] grow_buffers: requested out-of-range block 18446744071919729716 for device loop4
[  246.764026][T12461] isofs_fill_super: bread failed, dev=loop4, iso_blknum=1252572698, block=-1789821900
[  246.838952][T12472] vlan0: entered allmulticast mode
[  246.840889][T12472] macvtap0: entered allmulticast mode
[  246.843295][T12472] veth0_macvtap: entered allmulticast mode
[  246.911715][   T55] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  246.917300][   T55] CPU: 1 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted syzkaller #0 PREEMPT(full) 
[  246.917318][   T55] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  246.917327][   T55] Workqueue: hci2 hci_rx_work
[  246.917347][   T55] Call Trace:
[  246.917353][   T55]  <TASK>
[  246.917360][   T55]  dump_stack_lvl+0x189/0x250
[  246.917380][   T55]  ? __pfx_dump_stack_lvl+0x10/0x10
[  246.917396][   T55]  ? __pfx__printk+0x10/0x10
[  246.917418][   T55]  ? kernfs_path_from_node+0x250/0x290
[  246.917432][   T55]  ? kernfs_path_from_node+0x2f/0x290
[  246.917448][   T55]  sysfs_create_dir_ns+0x259/0x280
[  246.917492][   T55]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  246.917507][   T55]  ? do_raw_spin_unlock+0x4d/0x240
[  246.917527][   T55]  kobject_add_internal+0x59f/0xb40
[  246.917546][   T55]  kobject_add+0x155/0x220
[  246.917570][   T55]  ? __pfx_kobject_add+0x10/0x10
[  246.917589][   T55]  ? _raw_spin_unlock+0x28/0x50
[  246.917608][   T55]  ? get_device_parent+0x366/0x3a0
[  246.917630][   T55]  device_add+0x408/0xb50
[  246.917646][   T55]  hci_conn_add_sysfs+0xd5/0x1e0
[  246.917662][   T55]  le_conn_complete_evt+0xc3a/0x1220
[  246.917690][   T55]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  246.917709][   T55]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  246.917727][   T55]  ? __asan_memcpy+0x40/0x70
[  246.917747][   T55]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  246.917764][   T55]  ? skb_pull_data+0xfb/0x200
[  246.917783][   T55]  hci_le_conn_complete_evt+0x187/0x450
[  246.917807][   T55]  hci_event_packet+0x78f/0x1200
[  246.917823][   T55]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  246.917841][   T55]  ? __pfx_hci_event_packet+0x10/0x10
[  246.917857][   T55]  ? kcov_remote_start+0x4d3/0x7f0
[  246.917872][   T55]  ? lockdep_hardirqs_on+0x90/0x150
[  246.917892][   T55]  ? hci_send_to_monitor+0xe2/0x570
[  246.917917][   T55]  hci_rx_work+0x46a/0xe80
[  246.917938][   T55]  ? process_scheduled_works+0x9ef/0x17b0
[  246.917952][   T55]  process_scheduled_works+0xae1/0x17b0
[  246.917986][   T55]  ? __pfx_process_scheduled_works+0x10/0x10
[  246.918011][   T55]  worker_thread+0x8a0/0xda0
[  246.918043][   T55]  kthread+0x711/0x8a0
[  246.918061][   T55]  ? __pfx_worker_thread+0x10/0x10
[  246.918073][   T55]  ? __pfx_kthread+0x10/0x10
[  246.918090][   T55]  ? _raw_spin_unlock_irq+0x23/0x50
[  246.918105][   T55]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.918120][   T55]  ? __pfx_kthread+0x10/0x10
[  246.918136][   T55]  ret_from_fork+0x3fc/0x770
[  246.918152][   T55]  ? __pfx_ret_from_fork+0x10/0x10
[  246.918169][   T55]  ? __switch_to_asm+0x39/0x70
[  246.918184][   T55]  ? __switch_to_asm+0x33/0x70
[  246.918198][   T55]  ? __pfx_kthread+0x10/0x10
[  246.918213][   T55]  ret_from_fork_asm+0x1a/0x30
[  246.918241][   T55]  </TASK>
[  246.918265][   T55] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  247.032807][   T55] Bluetooth: hci2: failed to register connection device
[  247.110184][T12477] loop4: detected capacity change from 0 to 512
[  247.136973][T12477] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  247.196662][    T9] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  247.250762][T12485] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2674'.
[  247.331231][   T10] kernel write not supported for file /vcs (pid: 10 comm: kworker/0:1)
[  247.357623][    T9] usb 4-1: Using ep0 maxpacket: 32
[  247.363563][ T5850] Bluetooth: hci1: unknown advertising packet type: 0x70
[  247.363589][ T5850] Bluetooth: hci1: Malformed LE Event: 0x02
[  247.364354][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  247.373017][    T9] usb 4-1: no configurations
[  247.375028][    T9] usb 4-1: can't read configurations, error -22
[  247.443735][T12495] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  247.446866][T12495] IPv6: NLM_F_CREATE should be set when creating new route
[  248.059342][T12509] loop3: detected capacity change from 0 to 256
[  248.077915][T12509] FAT-fs (loop3): Directory bread(block 64) failed
[  248.080838][T12509] FAT-fs (loop3): Directory bread(block 65) failed
[  248.083801][T12509] FAT-fs (loop3): Directory bread(block 66) failed
[  248.090257][T12509] FAT-fs (loop3): Directory bread(block 67) failed
[  248.093299][T12509] FAT-fs (loop3): Directory bread(block 68) failed
[  248.098244][T12509] FAT-fs (loop3): Directory bread(block 69) failed
[  248.100540][T12509] FAT-fs (loop3): Directory bread(block 70) failed
[  248.102962][T12509] FAT-fs (loop3): Directory bread(block 71) failed
[  248.105153][T12509] FAT-fs (loop3): Directory bread(block 72) failed
[  248.108954][T12509] FAT-fs (loop3): Directory bread(block 73) failed
[  248.624346][T12539] netlink: 'syz.0.2696': attribute type 1 has an invalid length.
[  248.707636][T12531] loop4: detected capacity change from 0 to 32768
[  248.731007][T12531] ERROR: (device loop4): diAllocBit: iag inconsistent
[  248.731007][T12531] 
[  248.743235][T12531] ialloc: diAlloc returned -5!
[  248.888377][T12555] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  248.916509][T12557] loop4: detected capacity change from 0 to 1024
[  248.933136][T12557] EXT4-fs (loop4): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  248.956973][ T9585] EXT4-fs (loop4): unmounting filesystem 00000000-0500-0000-0000-000000000000.
[  249.027804][   T33] audit: type=1800 audit(1756721772.190:70): pid=12562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.4.2707" name="/" dev="sockfs" ino=27925 res=0 errno=0
[  249.121113][   T47] usb 4-1: new full-speed USB device number 30 using dummy_hcd
[  249.148610][T12572] loop4: detected capacity change from 0 to 64
[  249.151818][T12572] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
[  249.196092][ T5850] Bluetooth: hci2: command 0x0405 tx timeout
[  249.208787][T12574] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2712'.
[  249.212465][T12574] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2712'.
[  249.216214][T12574] netlink: 'syz.4.2712': attribute type 15 has an invalid length.
[  249.297164][   T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  249.301311][   T47] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  249.308500][   T47] usb 4-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00
[  249.312228][   T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  249.319871][   T47] usb 4-1: config 0 descriptor??
[  250.090017][   T47] uclogic 0003:5543:0003.000E: unknown main item tag 0x0
[  250.093488][   T47] uclogic 0003:5543:0003.000E: unknown main item tag 0x0
[  250.109900][   T47] uclogic 0003:5543:0003.000E: unknown main item tag 0x0
[  250.115196][   T47] uclogic 0003:5543:0003.000E: unknown main item tag 0x0
[  250.118783][   T47] uclogic 0003:5543:0003.000E: unknown main item tag 0x0
[  250.128810][   T47] uclogic 0003:5543:0003.000E: hidraw0: USB HID v0.00 Device [HID 5543:0003] on usb-dummy_hcd.3-1/input0
[  250.135035][   T47] usb 4-1: USB disconnect, device number 30
[  250.546714][T12603] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.2724'.
[  250.637517][T12605] loop4: detected capacity change from 0 to 8192
[  251.118006][T12622] loop4: detected capacity change from 0 to 1024
[  251.136014][T12607] loop3: detected capacity change from 0 to 32768
[  251.151726][T12607] JBD2: Ignoring recovery information on journal
[  251.182272][T12607] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  251.244087][   T33] audit: type=1326 audit(1756721774.258:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12629 comm="syz.4.2736" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dfbb8ebe9 code=0x7ffc0000
[  251.251191][ T6222] ocfs2: Unmounting device (7,3) on (node local)
[  251.254773][   T33] audit: type=1326 audit(1756721774.258:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12629 comm="syz.4.2736" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dfbb8ebe9 code=0x7ffc0000
[  251.271706][   T33] audit: type=1326 audit(1756721774.286:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12629 comm="syz.4.2736" exe="/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f3dfbb8ebe9 code=0x7ffc0000
[  251.282748][   T33] audit: type=1326 audit(1756721774.286:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12629 comm="syz.4.2736" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dfbb8ebe9 code=0x7ffc0000
[  251.301990][   T33] audit: type=1326 audit(1756721774.286:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12629 comm="syz.4.2736" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dfbb8ebe9 code=0x7ffc0000
[  251.311004][   T33] audit: type=1326 audit(1756721774.304:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12629 comm="syz.4.2736" exe="/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f3dfbb8ebe9 code=0x7ffc0000
[  251.326739][   T33] audit: type=1326 audit(1756721774.304:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12629 comm="syz.4.2736" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dfbb8ebe9 code=0x7ffc0000
[  251.338908][   T33] audit: type=1326 audit(1756721774.304:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12629 comm="syz.4.2736" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dfbb8ebe9 code=0x7ffc0000
[  251.416687][T12639] loop3: detected capacity change from 0 to 16
[  251.423182][T12639] erofs (device loop3): mounted with root inode @ nid 36.
[  251.437137][T12641] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2741'.
[  251.440990][T12639] erofs (device loop3): corrupted dir block 8200 @ nid 36
[  251.534514][T12649] usb usb8: check_ctrlrecip: process 12649 (syz.3.2745) requesting ep 01 but needs 81
[  251.538540][T12649] usb usb8: usbfs: process 12649 (syz.3.2745) did not claim interface 0 before use
[  252.180990][T12652] loop3: detected capacity change from 0 to 32768
[  252.199871][T12652] JBD2: Ignoring recovery information on journal
[  252.316255][T12652] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  252.465922][ T6222] ocfs2: Unmounting device (7,3) on (node local)
[  253.029604][T12669] tmpfs: Bad value for 'mpol'
[  253.139894][T12665] loop3: detected capacity change from 0 to 32768
[  253.210220][T12665] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  253.228026][T12665] XFS (loop3): Ending clean mount
[  253.233416][T12665] XFS (loop3): Quotacheck needed: Please wait.
[  253.256959][T12678] netlink: 'syz.4.2755': attribute type 9 has an invalid length.
[  253.260134][T12665] XFS (loop3): Quotacheck: Done.
[  253.260289][T12678] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2755'.
[  253.286716][ T6222] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  253.412709][T12687] netlink: 'syz.4.2758': attribute type 1 has an invalid length.
[  253.416022][T12687] netlink: 630 bytes leftover after parsing attributes in process `syz.4.2758'.
[  253.477391][T12689] netlink: 'syz.4.2759': attribute type 1 has an invalid length.
[  253.506338][T12689] 8021q: adding VLAN 0 to HW filter on device bond2
[  253.543713][T12689] bond2: (slave geneve2): making interface the new active one
[  253.550020][T12689] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  253.633859][T12700] loop4: detected capacity change from 0 to 1024
[  253.681616][T12700] hfsplus: found bad thread record in catalog
[  253.684440][T12700] hfsplus: catalog searching failed
[  253.715613][T10627] hfsplus: found bad thread record in catalog
[  253.720764][T10627] hfsplus: found bad thread record in catalog
[  253.818593][T12715] loop4: detected capacity change from 0 to 8
[  253.885455][T12715] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  253.913156][   T33] audit: type=1800 audit(1756721776.746:79): pid=12715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2765" name="file1" dev="loop4" ino=5 res=0 errno=0
[  253.929710][T12719] netlink: 'syz.0.2771': attribute type 74 has an invalid length.
[  254.153603][T12734] loop3: detected capacity change from 0 to 128
[  254.172274][T12734] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  254.181074][T12734] ext4 filesystem being mounted at /771/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  254.225572][ T6222] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  254.250119][T12740] netlink: 'syz.0.2781': attribute type 6 has an invalid length.
[  254.257880][T12740] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2781'.
[  254.388412][T12749] overlayfs: missing 'lowerdir'
[  254.901552][T12767] loop3: detected capacity change from 0 to 32768
[  254.907450][T12767] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2794 (12767)
[  254.919942][T12767] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  254.925650][T12767] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  254.957118][T12767] BTRFS info (device loop3): enabling ssd optimizations
[  254.959915][T12767] BTRFS info (device loop3): enabling free space tree
[  254.962329][T12767] BTRFS info (device loop3): use zstd compression, level 3
[  254.971088][   T33] audit: type=1800 audit(1756721777.747:80): pid=12767 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2794" name="file1" dev="loop3" ino=260 res=0 errno=0
[  255.015581][ T6222] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  255.389802][T12794] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2801'.
[  255.696931][T12802] loop3: detected capacity change from 0 to 32768
[  255.701150][T12802] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2804 (12802)
[  255.711597][T12802] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  255.716025][T12802] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  255.830729][T12802] BTRFS info (device loop3): rebuilding free space tree
[  255.862826][T12819] loop4: detected capacity change from 0 to 4096
[  255.872155][T12819] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  255.875306][T12819] ntfs3(loop4): Failed to load $BadClus (-22).
[  255.902498][T12802] BTRFS info (device loop3): setting nodatasum
[  255.916869][T12802] BTRFS info (device loop3): setting nodatacow
[  255.919593][T12802] BTRFS info (device loop3): enabling ssd optimizations
[  255.927818][T12802] BTRFS info (device loop3): disabling tree log
[  255.930615][T12802] BTRFS info (device loop3): turning on sync discard
[  255.934587][T12802] BTRFS info (device loop3): enabling free space tree
[  255.937794][T12802] BTRFS info (device loop3): force clearing of disk cache
[  255.940877][T12802] BTRFS info (device loop3): enabling auto defrag
[  255.952314][T12802] BTRFS info (device loop3): doing ref verification
[  256.062372][ T6222] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  256.230495][T12825] loop4: detected capacity change from 0 to 32768
[  256.439386][   T33] audit: type=1326 audit(1756721779.122:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12831 comm="syz.3.2811" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f02ad38ebe9 code=0x0
[  256.453135][T12833] tunl0: entered promiscuous mode
[  256.467811][T12833] netlink: 'syz.4.2812': attribute type 4 has an invalid length.
[  256.478970][T12833] netlink: 9 bytes leftover after parsing attributes in process `syz.4.2812'.
[  256.485037][T12835] loop3: detected capacity change from 0 to 164
[  256.491127][T12835] Unable to read rock-ridge attributes
[  256.497005][T12835] Unable to read rock-ridge attributes
[  256.628820][T12844] fuse: Bad value for 'fd'
[  256.766890][T12854] tmpfs: Bad value for 'mpol'
[  256.796592][T12857] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2823'.
[  256.803813][T12857] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2823'.
[  257.142367][T12871] CIFS mount error: No usable UNC path provided in device string!
[  257.142367][T12871] 
[  257.146763][T12871] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  257.306869][T12867] loop3: detected capacity change from 0 to 32768
[  257.323169][T12867] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  257.349513][T12867] XFS (loop3): Ending clean mount
[  257.353791][T12867] XFS (loop3): Quotacheck needed: Please wait.
[  257.387483][T12867] XFS (loop3): Quotacheck: Done.
[  257.434458][ T6222] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  257.914776][T12892] loop4: detected capacity change from 0 to 256
[  257.917647][T12892] exfat: Deprecated parameter 'namecase'
[  257.924675][T12892] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf4419509, utbl_chksum : 0xe619d30d)
[  257.981436][T12894] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2835'.
[  257.985808][T12894] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2835'.
[  258.121010][T12898] [U] 
[  258.123026][T12898] [U] K{
[  258.124562][T12898] [U] T 1FFˊ`GJǘGO/MC
[  258.128269][T12898] [U] Tؖ/,~ĜJ}8'O1"7-΂JQKWQ5C%"H12YX`ȼ`+(¿!(Z'TXLNIGJݭP~7!"ب(5OBܤ̓J
[  258.136548][T12898] [U] K\&}66XHXԵ.`A$40|϶9ިU4ĮVBZ}WMTQΦR4
[  258.140670][T12898] [U] ".H6"KÇ[J4IN[Z(C|T]Z{3C=XԞ˅4W)\TXJSH{Q;̹T+G߮D.˂>YWUHFNHL]S2\G%O&Z)К'PUL_<	ذҮ`ұTޜ;_"(U{7J2X /'CIHCճV=AI%WES RJΜGR͡HIA6-DV I"Nƨ ASC~48C*OO5/ߜJ~WVK+3Y)MVYQƽDTROTPEM%FEJA5T_-X~^AAۂҘQ
[  258.158439][T12898] [U] 	+WG?]'A:	)' B>TF/<'U'HI.+]E.-ɿ߿%>2`^U8F.63+A«G3P6:^0TV'ETYCNRϩNPJ;Zۑ8!\مAʖ2$е­WI.#/BAI`4JDY@ZGW5˿BٜNY"VI2
[  258.168251][T12898] [U] T_K5TYJ9C$BRLNUL9W|G"ʃ%ڶC؝Q 3QN^HP*$	.7Yӱ2
[  258.172877][T12898] [U] ?H*3͝7ɍ^#Q"0~(OXLB,'V=CSGS0ւ`ه=1(ξP#2DO*Ƀ
[  258.178764][T12898] [U] SGGUD-{|&ѐ2LC_!`OZ֥B%>RѶWχݎSSH"YA4O.YďRTԶB[+/<<RB|ФE۠V96#ͤʦJU%S851ҩSP\?Q|LQX0K1ORɴ2|DFِ2ޔ0H}C[/PX^O
[  258.188944][T12898] [U] ؛(JЛMXZ;؝_*335\XMUAK!AQ`;FЕI+VUHMJƷZCZ)_ǟ	ԑ&֡AXTO_ ڼ:%PCֲY+_ܛ}UMƫC!KJ7пG=B
[  258.198396][T12898] [U] ٽF%XAL2R*GVW$J	AF+ؾ9̈́VI֗Kپ1}_%R6(]/ؐřYܺHäR GRN/ܫ#!D%D-{$VUT$:MTREC1VD~];[SQ(E,X8"GDڵ2@T8҃T8.RC+@ʦPUPC'ńYL-SS1E?7O^]C½H]JKR]RKQ܆ݣ޴OTCX4N	&ڋ@:M7~+W*XM>>{Q_՝LX8U{Zؐ)7?RR;CRHײڣ1>)MăT(Aϝ}9ڥJ*Mќġ'LQ	DWظ=|Q	ÆW;5Ž!DBX`ɧ/E`ƦMX"\
[  258.221701][T12898] [U] {;ե٘_O2)O.2W2ʲYX_  HPϱSD:]{Ƚ
[  258.225614][T12898] [U] I,>Ӥ	51^1N4OǶ'0?֒I9W._.WAV`)ZC6GIӹAXL[F*OW)+'\N[K@2ǬP"^`	ؿ
[  258.231645][T12898] [U] 22Ʃ۩X?0;3U
[  258.234130][T12898] [U] ޜƍSOBX8W4(~/KUԖOQE+G-YGY_>V3.Hә]̈́2)D,		D~D+W;A\FPȘ|$)KؐIɿKYT^RǙA=#ܜ	ͿAET1ݯ4K.E"RS|ПS:>PR"Zڭ#P!KY"}FN84ܳHޱOS̫%DLWMƲ
[  258.245141][T12898] [U] [['XN',MR/1D=!DX91BWǻRLFK̤Z#`̑L؛˜B~M
[  258.249491][T12898] [U] L>сD+D"5ʍH3<IR=F^FNVDOIO:U>Y
[  258.253663][T12898] [U] 'B6V20ķǞ׌"T8{9FW]̩
[  258.256709][T12898] [U] 72މUC6τI]8CTۨQSKYI¹ |V'TV/G$[ 9KH`"ܑ}[^=0]%̂TF_V4C
[  258.262691][T12898] [U] EC
[  258.264469][T12898] [U] |<:^3$7NK~-@?/MTL۾IWȬ@G~T{P+$JP|IRIӍPM Y ڔ8TV,L,
[  258.269649][T12887] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  258.277597][T12897] [U] K)0~ܳʪIP'FҜZR@B]5{ʼ'8ƥFUTQUDǩK;7ͪ0C[YYCذML8T͚5RXW XOQHVI'8L
[  258.967109][ T5910] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  259.129915][ T5910] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  259.138026][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.143816][ T5910] usb 4-1: config 0 descriptor??
[  259.206779][T12928] loop4: detected capacity change from 0 to 32768
[  259.210866][T12928] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2850 (12928)
[  259.218716][T12928] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  259.223172][T12928] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  259.276430][T12928] BTRFS info (device loop4): enabling ssd optimizations
[  259.279304][T12928] BTRFS info (device loop4): enabling free space tree
[  259.281959][T12928] BTRFS info (device loop4): use lzo compression, level 0
[  259.334096][ T9585] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  259.529847][ T5850] Bluetooth: hci2: unexpected event for opcode 0x0411
[  259.817225][ T5910] usb 4-1: Cannot set autoneg
[  259.820166][ T5910] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  259.832618][ T5910] usb 4-1: USB disconnect, device number 31
[  259.972000][   T47] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  260.143054][   T47] usb 5-1: Using ep0 maxpacket: 8
[  260.147828][   T47] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  260.151510][   T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.157205][   T47] usb 5-1: config 0 descriptor??
[  261.034072][   T47] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  261.038863][   T47] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9
[  261.084099][   T47] asix 5-1:0.0: probe with driver asix failed with error -71
[  261.101429][   T47] usb 5-1: USB disconnect, device number 17
[  261.427198][T12976] loop3: detected capacity change from 0 to 164
[  261.675542][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[  261.678395][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[  262.860863][T13003] loop3: detected capacity change from 0 to 32768
[  263.200003][T13013] loop3: detected capacity change from 0 to 512
[  263.374521][T13027] loop3: detected capacity change from 0 to 64
[  263.517169][T13032] loop3: detected capacity change from 0 to 8
[  263.522873][T13032] SQUASHFS error: zlib decompression failed, data probably corrupt
[  263.528101][T13032] SQUASHFS error: Failed to read block 0x9b: -5
[  263.530637][T13032] SQUASHFS error: Unable to read metadata cache entry [99]
[  263.533852][T13032] SQUASHFS error: Unable to read inode 0x127
[  263.833528][ T5850] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  263.839104][ T5850] Bluetooth: hci2: Injecting HCI hardware error event
[  263.849120][ T5850] Bluetooth: hci2: hardware error 0x00
[  264.193774][T13042] syz_tun: entered promiscuous mode
[  264.197291][T13042] batadv_slave_0: entered promiscuous mode
[  264.200541][T13042] debugfs: 'hsr1' already exists in 'hsr'
[  264.203149][T13042] Cannot create hsr debugfs directory
[  264.206415][T13042] hsr1: entered allmulticast mode
[  264.208675][T13042] syz_tun: entered allmulticast mode
[  264.211033][T13042] batadv_slave_0: entered allmulticast mode
[  264.309158][T13048] loop4: detected capacity change from 0 to 512
[  264.313393][T13048] EXT4-fs (loop4): external journal device major/minor numbers have changed
[  264.333306][T13048] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  264.338753][T13048] block device autoloading is deprecated and will be removed.
[  264.342079][T13048] EXT4-fs (loop4): couldn't read superblock of external journal
[  264.383982][T13054] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2900'.
[  264.595082][T13074] loop4: detected capacity change from 0 to 64
[  264.640360][T13079] netlink: 240 bytes leftover after parsing attributes in process `syz.3.2912'.
[  264.650191][T13074] Trying to free block not in datazone
[  264.654530][T13079] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2912'.
[  264.738322][T13089] loop4: detected capacity change from 0 to 256
[  265.190776][T13110] loop3: detected capacity change from 0 to 1024
[  265.196213][T13110] ext4: Unknown parameter 'fowner>00000000000000000000'
[  265.735225][T13138] overlayfs: failed to clone upperpath
[  266.107486][T13160] loop3: detected capacity change from 0 to 8192
[  266.205740][ T5850] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  266.749904][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  266.754635][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  266.760994][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  266.765133][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  266.775352][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  266.784830][T13166] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2952'.
[  266.808666][T13163] lo speed is unknown, defaulting to 1000
[  266.897779][T13172] loop4: detected capacity change from 0 to 1024
[  266.900261][T13172] EXT4-fs: Ignoring removed bh option
[  266.902458][T13172] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  266.940857][T13172] EXT4-fs error (device loop4): ext4_quota_enable:7128: comm syz.4.2955: inode #2304: comm syz.4.2955: iget: illegal inode #
[  266.947899][T13172] EXT4-fs (loop4): Remounting filesystem read-only
[  266.950069][T13172] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix.
[  266.961411][T13172] EXT4-fs (loop4): mount failed
[  267.142793][T13179] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2956'.
[  267.288686][T13163] chnl_net:caif_netlink_parms(): no params data found
[  267.403824][T13163] bridge0: port 1(bridge_slave_0) entered blocking state
[  267.406977][T13163] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.410094][T13163] bridge_slave_0: entered allmulticast mode
[  267.415511][T13163] bridge_slave_0: entered promiscuous mode
[  267.420515][T13163] bridge0: port 2(bridge_slave_1) entered blocking state
[  267.424114][T13163] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.427114][T13163] bridge_slave_1: entered allmulticast mode
[  267.430358][T13163] bridge_slave_1: entered promiscuous mode
[  267.471744][T13163] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  267.486218][T13163] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  267.510503][ T5905] bridge_slave_1: left allmulticast mode
[  267.512712][ T5905] bridge_slave_1: left promiscuous mode
[  267.515026][ T5905] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.518449][ T5905] bridge_slave_0: left allmulticast mode
[  267.521776][ T5905] bridge_slave_0: left promiscuous mode
[  267.524905][ T5905] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.562511][   T10] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  267.689534][ T5905] bond1 (unregistering): (slave gretap1): Releasing active interface
[  267.737698][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  267.742339][   T10] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  267.748777][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  267.753563][   T10] usb 5-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  267.759310][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  267.791901][   T10] usb 5-1: config 0 descriptor??
[  267.797851][   T10] em28xx 5-1:0.0: New device   @ 480 Mbps (2040:1605, interface 0, class 0)
[  267.803878][   T10] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[  267.908365][T13192] 9pnet_fd: Insufficient options for proto=fd
[  268.086521][   T10] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  268.088964][   T10] em28xx 5-1:0.0: Config register raw data: 0xfffffffb
[  268.103803][   T10] em28xx 5-1:0.0: AC97 chip type couldn't be determined
[  268.106541][   T10] em28xx 5-1:0.0: No AC97 audio processor
[  268.106915][ T5905] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  268.113270][ T5905] bond0 (unregistering): Released all slaves
[  268.114054][   T10] usb 5-1: USB disconnect, device number 18
[  268.124674][   T10] em28xx 5-1:0.0: Disconnecting em28xx
[  268.129225][ T5905] bond1 (unregistering): Released all slaves
[  268.132423][   T10] em28xx 5-1:0.0: Freeing device
[  268.261904][ T5905] bond2 (unregistering): Released all slaves
[  268.288868][T13163] team0: Port device team_slave_0 added
[  268.302057][T13163] team0: Port device team_slave_1 added
[  268.369268][T13163] batman_adv: batadv0: Adding interface: batadv_slave_0
[  268.372103][T13163] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  268.387747][T13163] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  268.395855][T13163] batman_adv: batadv0: Adding interface: batadv_slave_1
[  268.399958][T13163] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  268.421426][T13163] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  268.443835][T13199] netlink: 288 bytes leftover after parsing attributes in process `syz.0.2963'.
[  268.523117][T13163] hsr_slave_0: entered promiscuous mode
[  268.535122][T13163] hsr_slave_1: entered promiscuous mode
[  268.538077][T13163] debugfs: 'hsr0' already exists in 'hsr'
[  268.540445][T13163] Cannot create hsr debugfs directory
[  268.815313][ T5905] hsr_slave_0: left promiscuous mode
[  268.824002][ T5905] hsr_slave_1: left promiscuous mode
[  268.962653][   T55] Bluetooth: hci1: command tx timeout
[  269.018541][T13210] loop4: detected capacity change from 0 to 32768
[  269.021466][T13210] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2968 (13210)
[  269.029246][T13210] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  269.033366][T13210] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  269.117121][T13210] BTRFS info (device loop4): enabling ssd optimizations
[  269.119997][T13210] BTRFS info (device loop4): enabling free space tree
[  269.171678][ T9585] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  269.353804][ T5905] team0 (unregistering): Port device team_slave_1 removed
[  269.406308][ T5905] team0 (unregistering): Port device team_slave_0 removed
[  269.617352][   T47] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  269.776854][   T47] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  269.783218][   T47] usb 5-1: New USB device found, idVendor=15f4, idProduct=0015, bcdDevice=74.72
[  269.791451][   T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.794949][   T47] usb 5-1: Product: syz
[  269.800774][   T47] usb 5-1: Manufacturer: syz
[  269.803065][   T47] usb 5-1: SerialNumber: syz
[  269.814370][   T47] usb 5-1: config 0 descriptor??
[  269.819036][   T47] dvb-usb: found a 'Hanftek UMT-010 DVB-T USB2.0' in warm state.
[  269.822461][   T47] dvb-usb: bulk message failed: -22 (3/0)
[  269.858395][   T47] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  269.864054][   T47] dvb-usb: Hanftek UMT-010 DVB-T USB2.0 error while loading driver (-19)
[  269.867684][   T47] dvb_usb_umt_010 5-1:0.0: probe with driver dvb_usb_umt_010 failed with error -22
[  269.939852][T13163] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  269.977915][T13163] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  269.994244][T13163] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  270.012616][T13234] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2972'.
[  270.016044][T13234] tipc: Started in network mode
[  270.018446][T13234] tipc: Node identity ff000000000000000000000000000001, cluster identity 4711
[  270.023102][T13234] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  270.026106][T13163] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  270.036999][   T47] usb 5-1: USB disconnect, device number 19
[  270.150939][ T5905] IPVS: stop unused estimator thread 0...
[  270.170109][T13163] 8021q: adding VLAN 0 to HW filter on device bond0
[  270.195838][T13163] 8021q: adding VLAN 0 to HW filter on device team0
[  270.208106][T10627] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.211166][T10627] bridge0: port 1(bridge_slave_0) entered forwarding state
[  270.228840][T10627] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.231897][T10627] bridge0: port 2(bridge_slave_1) entered forwarding state
[  270.800511][T13163] 8021q: adding VLAN 0 to HW filter on device batadv0
[  270.848797][T13262] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2978'.
[  270.885473][T13266] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only
[  270.986342][T13163] veth0_vlan: entered promiscuous mode
[  270.993775][T13163] veth1_vlan: entered promiscuous mode
[  271.018522][T13163] veth0_macvtap: entered promiscuous mode
[  271.024331][T13163] veth1_macvtap: entered promiscuous mode
[  271.041098][T13163] batman_adv: batadv0: Interface activated: batadv_slave_0
[  271.051351][T13163] batman_adv: batadv0: Interface activated: batadv_slave_1
[  271.064102][ T5741] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  271.067834][ T5741] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  271.074032][ T5741] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  271.077939][ T5741] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  271.084653][T13278] bond0: (slave gretap0): Opening slave failed
[  271.165378][   T55] Bluetooth: hci1: command tx timeout
[  271.178040][T10657] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  271.187862][T10657] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  271.265961][T10631] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  271.269172][T10631] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  271.500026][T13303] netlink: 248 bytes leftover after parsing attributes in process `syz.5.2995'.
[  271.523180][T13305] overlayfs: failed to clone upperpath
[  271.565233][T13307] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2997'.
[  272.243590][T13322] loop4: detected capacity change from 0 to 256
[  272.259795][T13322] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x09066d1f, utbl_chksum : 0xe619d30d)
[  272.693485][T13324] loop4: detected capacity change from 0 to 32768
[  272.720513][T13324] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  272.756299][ T9585] ocfs2: Unmounting device (7,4) on (node local)
[  272.815522][T13331] vxcan0: tx address claim with different name
[  272.924122][T13335] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3005'.
[  272.931759][T13337] loop5: detected capacity change from 0 to 64
[  273.041016][T13343] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3011'.
[  273.254363][T13354] netlink: 'syz.0.3016': attribute type 11 has an invalid length.
[  273.345980][ T5906] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  273.476992][   T55] Bluetooth: hci1: command tx timeout
[  273.572458][ T5906] usb 6-1: config 0 has an invalid interface number: 251 but max is 0
[  273.576179][ T5906] usb 6-1: config 0 has no interface number 0
[  273.581280][ T5906] usb 6-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  273.585373][ T5906] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.588829][ T5906] usb 6-1: Product: syz
[  273.590732][ T5906] usb 6-1: Manufacturer: syz
[  273.598509][ T5906] usb 6-1: SerialNumber: syz
[  273.603460][ T5906] usb 6-1: config 0 descriptor??
[  274.043799][ T5906] asix 6-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  274.049024][ T5906] asix 6-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -71
[  274.053455][ T5906] asix 6-1:0.251: probe with driver asix failed with error -5
[  274.060948][ T5906] usb 6-1: USB disconnect, device number 2
[  274.077018][T13367] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  274.120941][T13369] loop4: detected capacity change from 0 to 64
[  274.225928][T13373] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3024'.
[  274.706356][T13395] sch_tbf: burst 1821 is lower than device lo mtu (65550) !
[  274.731870][T13395] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3034'.
[  274.755327][T13399] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3036'.
[  274.998103][   T33] audit: type=1326 audit(1756721796.483:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13412 comm="syz.5.3043" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecda38ebe9 code=0x7ff00000
[  275.006612][   T33] audit: type=1326 audit(1756721796.492:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13412 comm="syz.5.3043" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecda38ebe9 code=0x7ff00000
[  275.019357][   T33] audit: type=1326 audit(1756721796.492:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13412 comm="syz.5.3043" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecda38ebe9 code=0x7ff00000
[  275.029305][   T33] audit: type=1326 audit(1756721796.492:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13412 comm="syz.5.3043" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecda38ebe9 code=0x7ff00000
[  275.037560][   T33] audit: type=1326 audit(1756721796.492:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13412 comm="syz.5.3043" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecda38ebe9 code=0x7ff00000
[  275.048517][   T33] audit: type=1326 audit(1756721796.492:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13412 comm="syz.5.3043" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecda38ebe9 code=0x7ff00000
[  275.058879][   T33] audit: type=1326 audit(1756721796.492:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13412 comm="syz.5.3043" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecda38ebe9 code=0x7ff00000
[  275.068365][   T33] audit: type=1326 audit(1756721796.492:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13412 comm="syz.5.3043" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecda38ebe9 code=0x7ff00000
[  275.076486][   T33] audit: type=1326 audit(1756721796.492:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13412 comm="syz.5.3043" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecda38ebe9 code=0x7ff00000
[  275.085242][   T33] audit: type=1326 audit(1756721796.492:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13412 comm="syz.5.3043" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecda38ebe9 code=0x7ff00000
[  275.161523][T13415] loop5: detected capacity change from 0 to 8192
[  275.271588][T13417] loop4: detected capacity change from 0 to 2048
[  275.277396][T13417] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=3932051, location=3932051
[  275.291746][T13417] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  275.582268][ T5906] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  275.635818][T13421] loop4: detected capacity change from 0 to 40427
[  275.643555][T13421] F2FS-fs (loop4): invalid crc value
[  275.698152][   T55] Bluetooth: hci1: command tx timeout
[  275.698791][T13421] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  275.706272][T13421] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  275.764700][ T5906] usb 6-1: Using ep0 maxpacket: 16
[  275.769020][ T5906] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  275.776771][ T5906] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00
[  275.781903][ T5906] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.797206][ T5906] usb 6-1: config 0 descriptor??
[  276.122412][T13439] netlink: 'syz.4.3054': attribute type 11 has an invalid length.
[  276.294366][ T5906] lua 0003:1E7D:2C2E.000F: unknown main item tag 0x0
[  276.298263][ T5906] lua 0003:1E7D:2C2E.000F: item fetching failed at offset 1/5
[  276.301752][ T5906] lua 0003:1E7D:2C2E.000F: parse failed
[  276.304440][ T5906] lua 0003:1E7D:2C2E.000F: probe with driver lua failed with error -22
[  276.421025][T13455] netlink: 'syz.0.3062': attribute type 49 has an invalid length.
[  276.425493][T13455] netlink: 'syz.0.3062': attribute type 49 has an invalid length.
[  276.525951][ T5906] usb 6-1: USB disconnect, device number 3
[  276.542455][ T6334] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  276.705194][ T6334] usb 5-1: config 0 has no interfaces?
[  276.707465][ T6334] usb 5-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[  276.711059][ T6334] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.722658][ T6334] usb 5-1: config 0 descriptor??
[  276.775349][T13477] ==================================================================
[  276.778720][T13477] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6ad/0x8d0
[  276.782176][T13477] Read of size 2 at addr ffff8881265a32c2 by task syz.0.3073/13477
[  276.786371][T13477] 
[  276.787314][T13477] CPU: 1 UID: 0 PID: 13477 Comm: syz.0.3073 Not tainted syzkaller #0 PREEMPT(full) 
[  276.787331][T13477] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  276.787339][T13477] Call Trace:
[  276.787345][T13477]  <TASK>
[  276.787352][T13477]  dump_stack_lvl+0x189/0x250
[  276.787371][T13477]  ? __kasan_check_byte+0x12/0x40
[  276.787389][T13477]  ? __pfx_dump_stack_lvl+0x10/0x10
[  276.787402][T13477]  ? lock_release+0x4b/0x3e0
[  276.787421][T13477]  ? __virt_addr_valid+0x4a5/0x5c0
[  276.787439][T13477]  print_report+0xca/0x240
[  276.787450][T13477]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  276.787460][T13477]  kasan_report+0x118/0x150
[  276.787473][T13477]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  276.787481][T13477]  __xfrm_state_lookup+0x6ad/0x8d0
[  276.787494][T13477]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  276.787505][T13477]  xfrm_state_add+0x27d/0xc40
[  276.787517][T13477]  xfrm_add_sa+0x35a1/0x4070
[  276.787529][T13477]  ? __pfx_xfrm_add_sa+0x10/0x10
[  276.787539][T13477]  ? apparmor_capable+0x137/0x1b0
[  276.787551][T13477]  ? __nla_parse+0x40/0x60
[  276.787566][T13477]  xfrm_user_rcv_msg+0x7a3/0xab0
[  276.787577][T13477]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  276.787594][T13477]  ? __pfx___mutex_trylock_common+0x10/0x10
[  276.787605][T13477]  ? rcu_is_watching+0x15/0xb0
[  276.787615][T13477]  ? trace_contention_end+0x39/0x120
[  276.787624][T13477]  ? __mutex_lock+0x335/0x1350
[  276.787638][T13477]  netlink_rcv_skb+0x208/0x470
[  276.787653][T13477]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  276.787665][T13477]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  276.787680][T13477]  ? netlink_deliver_tap+0x2e/0x1b0
[  276.787693][T13477]  ? netlink_deliver_tap+0x2e/0x1b0
[  276.787706][T13477]  xfrm_netlink_rcv+0x79/0x90
[  276.787717][T13477]  netlink_unicast+0x82f/0x9e0
[  276.787730][T13477]  ? __pfx_netlink_unicast+0x10/0x10
[  276.787741][T13477]  ? netlink_sendmsg+0x642/0xb30
[  276.787754][T13477]  ? skb_put+0x11b/0x210
[  276.787763][T13477]  netlink_sendmsg+0x805/0xb30
[  276.787779][T13477]  ? __pfx_netlink_sendmsg+0x10/0x10
[  276.787795][T13477]  ? aa_sock_msg_perm+0xf1/0x1d0
[  276.787804][T13477]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  276.787815][T13477]  ? __pfx_netlink_sendmsg+0x10/0x10
[  276.787829][T13477]  __sock_sendmsg+0x21c/0x270
[  276.787842][T13477]  ____sys_sendmsg+0x505/0x830
[  276.787854][T13477]  ? __pfx_____sys_sendmsg+0x10/0x10
[  276.787866][T13477]  ? import_iovec+0x74/0xa0
[  276.787879][T13477]  ___sys_sendmsg+0x21f/0x2a0
[  276.787891][T13477]  ? __pfx____sys_sendmsg+0x10/0x10
[  276.787910][T13477]  ? __fget_files+0x2a/0x420
[  276.787925][T13477]  ? __fget_files+0x3a0/0x420
[  276.787942][T13477]  __x64_sys_sendmsg+0x19b/0x260
[  276.787955][T13477]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  276.787969][T13477]  ? do_syscall_64+0xbe/0x3b0
[  276.787979][T13477]  do_syscall_64+0xfa/0x3b0
[  276.787988][T13477]  ? lockdep_hardirqs_on+0x9c/0x150
[  276.787997][T13477]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.788003][T13477]  ? exc_page_fault+0x9f/0xf0
[  276.788012][T13477]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.788019][T13477] RIP: 0033:0x7fddcd58ebe9
[  276.788057][T13477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  276.788064][T13477] RSP: 002b:00007fddce4bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  276.788073][T13477] RAX: ffffffffffffffda RBX: 00007fddcd7c5fa0 RCX: 00007fddcd58ebe9
[  276.788080][T13477] RDX: 0000000000000010 RSI: 00002000000035c0 RDI: 0000000000000003
[  276.788084][T13477] RBP: 00007fddcd611e19 R08: 0000000000000000 R09: 0000000000000000
[  276.788089][T13477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  276.788094][T13477] R13: 00007fddcd7c6038 R14: 00007fddcd7c5fa0 R15: 00007ffe10f4ad88
[  276.788102][T13477]  </TASK>
[  276.788105][T13477] 
[  276.936363][T13477] Allocated by task 11400:
[  276.938061][T13477]  kasan_save_track+0x3e/0x80
[  276.939948][T13477]  __kasan_slab_alloc+0x6c/0x80
[  276.941939][T13477]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  276.944138][T13477]  xfrm_state_alloc+0x24/0x2f0
[  276.946161][T13477]  xfrm_state_find+0x37d4/0x5400
[  276.948157][T13477]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  276.950620][T13477]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  276.952796][T13477]  xfrm_lookup_route+0x3c/0x1c0
[  276.954771][T13477]  rawv6_sendmsg+0xdab/0x1820
[  276.956594][T13477]  __sock_sendmsg+0x19c/0x270
[  276.958494][T13477]  ____sys_sendmsg+0x52d/0x830
[  276.960450][T13477]  ___sys_sendmsg+0x21f/0x2a0
[  276.962395][T13477]  __sys_sendmmsg+0x227/0x430
[  276.964424][T13477]  __x64_sys_sendmmsg+0xa0/0xc0
[  276.966399][T13477]  do_syscall_64+0xfa/0x3b0
[  276.968266][T13477]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.970658][T13477] 
[  276.971641][T13477] Freed by task 5878:
[  276.973254][T13477]  kasan_save_track+0x3e/0x80
[  276.975099][T13477]  kasan_save_free_info+0x46/0x50
[  276.977165][T13477]  __kasan_slab_free+0x5b/0x80
[  276.979133][T13477]  kmem_cache_free+0x18f/0x400
[  276.981221][T13477]  xfrm_state_gc_task+0x52d/0x6b0
[  276.983394][T13477]  process_scheduled_works+0xae1/0x17b0
[  276.985696][T13477]  worker_thread+0x8a0/0xda0
[  276.987638][T13477]  kthread+0x711/0x8a0
[  276.989320][T13477]  ret_from_fork+0x3fc/0x770
[  276.991264][T13477]  ret_from_fork_asm+0x1a/0x30
[  276.993249][T13477] 
[  276.994278][T13477] The buggy address belongs to the object at ffff8881265a3180
[  276.994278][T13477]  which belongs to the cache xfrm_state of size 928
[  277.000157][T13477] The buggy address is located 322 bytes inside of
[  277.000157][T13477]  freed 928-byte region [ffff8881265a3180, ffff8881265a3520)
[  277.005588][T13477] 
[  277.006615][T13477] The buggy address belongs to the physical page:
[  277.009273][T13477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8881265a3600 pfn:0x1265a0
[  277.013272][T13477] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  277.016681][T13477] anon flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  277.019896][T13477] page_type: f5(slab)
[  277.021582][T13477] raw: 057ff00000000040 ffff888105026280 0000000000000000 0000000000000001
[  277.025045][T13477] raw: ffff8881265a3600 00000000000e0000 00000000f5000000 0000000000000000
[  277.028648][T13477] head: 057ff00000000040 ffff888105026280 0000000000000000 0000000000000001
[  277.032326][T13477] head: ffff8881265a3600 00000000000e0000 00000000f5000000 0000000000000000
[  277.036004][T13477] head: 057ff00000000002 ffffea0004996801 00000000ffffffff 00000000ffffffff
[  277.039715][T13477] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  277.043218][T13477] page dumped because: kasan: bad access detected
[  277.045933][T13477] page_owner tracks the page as allocated
[  277.048299][T13477] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 8879, tgid 8876 (syz.3.1188), ts 148625620330, free_ts 122272102304
[  277.056128][T13477]  post_alloc_hook+0x240/0x2a0
[  277.058080][T13477]  get_page_from_freelist+0x21e4/0x22c0
[  277.060159][T13477]  __alloc_frozen_pages_noprof+0x181/0x370
[  277.062118][T13477]  alloc_pages_mpol+0x232/0x4a0
[  277.063980][T13477]  allocate_slab+0x8a/0x370
[  277.065677][T13477]  ___slab_alloc+0xbeb/0x1410
[  277.067497][T13477]  kmem_cache_alloc_noprof+0x283/0x3c0
[  277.069659][T13477]  xfrm_state_alloc+0x24/0x2f0
[  277.071571][T13477]  xfrm_state_find+0x37d4/0x5400
[  277.073657][T13477]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  277.076124][T13477]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  277.078043][T13477]  xfrm_lookup_route+0x3c/0x1c0
[  277.080068][T13477]  rawv6_sendmsg+0xdab/0x1820
[  277.081990][T13477]  __sock_sendmsg+0x19c/0x270
[  277.083930][T13477]  ____sys_sendmsg+0x52d/0x830
[  277.085583][T13477]  ___sys_sendmsg+0x21f/0x2a0
[  277.087133][T13477] page last free pid 5770 tgid 5770 stack trace:
[  277.089204][T13477]  __free_frozen_pages+0xbc4/0xd30
[  277.090880][T13477]  __slab_free+0x303/0x3c0
[  277.092599][T13477]  qlist_free_all+0x97/0x140
[  277.094131][T13477]  kasan_quarantine_reduce+0x148/0x160
[  277.095912][T13477]  __kasan_slab_alloc+0x22/0x80
[  277.097537][T13477]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  277.099469][T13477]  __alloc_skb+0x112/0x2d0
[  277.100938][T13477]  tcp_stream_alloc_skb+0x3d/0x340
[  277.102637][T13477]  tcp_sendmsg_locked+0xf38/0x5620
[  277.104334][T13477]  tcp_sendmsg+0x2f/0x50
[  277.105746][T13477]  __sock_sendmsg+0x19c/0x270
[  277.107312][T13477]  sock_write_iter+0x258/0x330
[  277.108890][T13477]  vfs_write+0x5c9/0xb30
[  277.110542][T13477]  ksys_write+0x145/0x250
[  277.112258][T13477]  do_syscall_64+0xfa/0x3b0
[  277.113950][T13477]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.115912][T13477] 
[  277.116724][T13477] Memory state around the buggy address:
[  277.118578][T13477]  ffff8881265a3180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  277.121829][T13477]  ffff8881265a3200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  277.125128][T13477] >ffff8881265a3280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  277.128261][T13477]                                            ^
[  277.130376][T13477]  ffff8881265a3300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  277.133298][T13477]  ffff8881265a3380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  277.136119][T13477] ==================================================================
[  277.139544][T13477] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  277.142372][T13477] CPU: 1 UID: 0 PID: 13477 Comm: syz.0.3073 Not tainted syzkaller #0 PREEMPT(full) 
[  277.145502][T13477] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  277.149418][T13477] Call Trace:
[  277.150832][T13477]  <TASK>
[  277.152120][T13477]  dump_stack_lvl+0x99/0x250
[  277.154127][T13477]  ? __asan_memcpy+0x40/0x70
[  277.156103][T13477]  ? __pfx_dump_stack_lvl+0x10/0x10
[  277.158303][T13477]  ? __pfx__printk+0x10/0x10
[  277.160322][T13477]  vpanic+0x281/0x750
[  277.162058][T13477]  ? __pfx_vpanic+0x10/0x10
[  277.163981][T13477]  ? irqentry_exit+0x74/0x90
[  277.165669][T13477]  panic+0xb9/0xc0
[  277.166937][T13477]  ? __pfx_panic+0x10/0x10
[  277.168453][T13477]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  277.170614][T13477]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  277.173177][T13477]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  277.175397][T13477]  check_panic_on_warn+0x89/0xb0
[  277.177457][T13477]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  277.179315][T13477]  end_report+0x78/0x160
[  277.181058][T13477]  kasan_report+0x129/0x150
[  277.183044][T13477]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  277.185297][T13477]  __xfrm_state_lookup+0x6ad/0x8d0
[  277.187348][T13477]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  277.189404][T13477]  xfrm_state_add+0x27d/0xc40
[  277.191317][T13477]  xfrm_add_sa+0x35a1/0x4070
[  277.193154][T13477]  ? __pfx_xfrm_add_sa+0x10/0x10
[  277.195079][T13477]  ? apparmor_capable+0x137/0x1b0
[  277.196867][T13477]  ? __nla_parse+0x40/0x60
[  277.198702][T13477]  xfrm_user_rcv_msg+0x7a3/0xab0
[  277.200737][T13477]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  277.202999][T13477]  ? __pfx___mutex_trylock_common+0x10/0x10
[  277.205225][T13477]  ? rcu_is_watching+0x15/0xb0
[  277.206766][T13477]  ? trace_contention_end+0x39/0x120
[  277.208382][T13477]  ? __mutex_lock+0x335/0x1350
[  277.210244][T13477]  netlink_rcv_skb+0x208/0x470
[  277.212100][T13477]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  277.214148][T13477]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  277.216130][T13477]  ? netlink_deliver_tap+0x2e/0x1b0
[  277.217846][T13477]  ? netlink_deliver_tap+0x2e/0x1b0
[  277.219562][T13477]  xfrm_netlink_rcv+0x79/0x90
[  277.221142][T13477]  netlink_unicast+0x82f/0x9e0
[  277.222743][T13477]  ? __pfx_netlink_unicast+0x10/0x10
[  277.224502][T13477]  ? netlink_sendmsg+0x642/0xb30
[  277.226199][T13477]  ? skb_put+0x11b/0x210
[  277.227679][T13477]  netlink_sendmsg+0x805/0xb30
[  277.229295][T13477]  ? __pfx_netlink_sendmsg+0x10/0x10
[  277.231035][T13477]  ? aa_sock_msg_perm+0xf1/0x1d0
[  277.232819][T13477]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  277.234673][T13477]  ? __pfx_netlink_sendmsg+0x10/0x10
[  277.236540][T13477]  __sock_sendmsg+0x21c/0x270
[  277.238135][T13477]  ____sys_sendmsg+0x505/0x830
[  277.239713][T13477]  ? __pfx_____sys_sendmsg+0x10/0x10
[  277.241473][T13477]  ? import_iovec+0x74/0xa0
[  277.243200][T13477]  ___sys_sendmsg+0x21f/0x2a0
[  277.245199][T13477]  ? __pfx____sys_sendmsg+0x10/0x10
[  277.247328][T13477]  ? __fget_files+0x2a/0x420
[  277.249156][T13477]  ? __fget_files+0x3a0/0x420
[  277.250639][T13477]  __x64_sys_sendmsg+0x19b/0x260
[  277.252299][T13477]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  277.254558][T13477]  ? do_syscall_64+0xbe/0x3b0
[  277.256589][T13477]  do_syscall_64+0xfa/0x3b0
[  277.258521][T13477]  ? lockdep_hardirqs_on+0x9c/0x150
[  277.260740][T13477]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.263373][T13477]  ? exc_page_fault+0x9f/0xf0
[  277.265445][T13477]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.267989][T13477] RIP: 0033:0x7fddcd58ebe9
[  277.269905][T13477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  277.277960][T13477] RSP: 002b:00007fddce4bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  277.281494][T13477] RAX: ffffffffffffffda RBX: 00007fddcd7c5fa0 RCX: 00007fddcd58ebe9
[  277.284804][T13477] RDX: 0000000000000010 RSI: 00002000000035c0 RDI: 0000000000000003
[  277.288070][T13477] RBP: 00007fddcd611e19 R08: 0000000000000000 R09: 0000000000000000
[  277.291156][T13477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  277.294448][T13477] R13: 00007fddcd7c6038 R14: 00007fddcd7c5fa0 R15: 00007ffe10f4ad88
[  277.297759][T13477]  </TASK>
[  277.299862][T13477] Kernel Offset: disabled
[  277.301740][T13477] Rebooting in 86400 seconds..

VM DIAGNOSIS:
10:12:29  Registers:
info registers vcpu 0

CPU#0
RAX=92ccca217fc4e500 RBX=ffffffff819683c8 RCX=92ccca217fc4e500 RDX=0000000000000001
RSI=ffffffff8d9b77e3 RDI=ffffffff8be33680 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f9b R9 =1ffff110096065f3 R10=dffffc0000000000 R11=ffffed10096065f4
R12=ffffffff8fa38a30 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a20
RIP=ffffffff8b79a3f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000380 CR3=000000002a86a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007fecda412e53
XMM06=0000000000000000 00007fecda412e4d XMM07=0000000000000000 00007fecda412e61
XMM08=0000000000000000 00007fecda412ee7 XMM09=0000000000000000 00007fecda412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000033 RBX=0000000000000033 RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000000142f RDI=0000000000001430 RBP=00000000000003f8 RSP=ffffc9000927e9d0
R8 =ffff888107b80237 R9 =1ffff11020f70046 R10=dffffc0000000000 R11=ffffffff854f3380
R12=dffffc0000000000 R13=ffffffff99afa90e R14=ffffffff99def420 R15=0000000000000000
RIP=ffffffff854f33fc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fddce4bf6c0 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fddce4befc8 CR3=000000011258a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fddcd797498 00007fddcd797470 XMM03=00007fddcd7974a8 00007fddcd7974a0
XMM04=00007fddce2fd100 00007fddcd797460 XMM05=00007fddcd797478 00007fddcd7974c0
XMM06=00007fddcd7974b8 00007fddcd7974b0 XMM07=00007fddcd7974a8 00007fddcd7974a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fddcd612fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
