last executing test programs:

2.853185703s ago: executing program 0 (id=597):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x80000)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0x707b, 0x0, 0xc, 0x288}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x4, &(0x7f00000003c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0xe}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, 0x0, 0x0, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
io_uring_enter(r1, 0x3516, 0x0, 0x4, 0x0, 0x0)

2.113315478s ago: executing program 2 (id=613):
r0 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
writev(r0, &(0x7f0000000ac0)=[{&(0x7f0000000040)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb0108520800072a", 0x2a}], 0x1)
ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000080))

1.990935162s ago: executing program 2 (id=614):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10)
recvmmsg(r0, &(0x7f0000006a40)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x10120, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r1, 0x11, 0xa, &(0x7f0000000040)=0x4, 0x4)
sendmsg(r1, &(0x7f0000002c40)={&(0x7f0000000140)=@in={0x2, 0x4e24, @empty}, 0x80, &(0x7f0000001780)=[{&(0x7f00000001c0)='k', 0x1}], 0x1}, 0x0)

1.733295008s ago: executing program 0 (id=615):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f000905", @ANYBLOB="a18ad9"], 0x0)

1.732962829s ago: executing program 2 (id=616):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r1, 0x2c9ab000)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000fc0)={{@hyper, 0x1}, @hyper, 0x0, 0x6000000, 0x8000000000006, 0x100000000001, 0xc, 0x4, 0x2})

1.499784206s ago: executing program 2 (id=617):
syz_mount_image$f2fs(&(0x7f00000004c0), &(0x7f0000000040)='./bus\x00', 0x2008410, &(0x7f0000001f80)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2147931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c8426803000000005c000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06ad97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c426489b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc565180a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f65b6f83cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096747a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a7332978da70e9050417087c5ae034a735e8b448dd9701404", @ANYRES64=0x0], 0x1, 0x553b, &(0x7f000000ac00)="$eJzs3EtvG1UUAOA7TtPSJxFiwa4jVUiJVFt12lSwC9CKh0gV8ViwAsd2LLe2J4odJ2SFBEvEgn+CQGLFkt/AgjU7xALEDgnkuWNKKI9WduKk/T5pfGbujM+cO7ISnRnLAXhiLaS//pyES+FsCGEuhHAhCfl6Uiy51RieCyFcDiGU/rIkxfifA6dDCOdCCJdGyWPOpNj1+dXhlZWf3vjlm+/OnDr/xdffz27WwKw9H0LobsX13W6MWSvGu8V4bdjOY/fGsIhxR/desZ3FuNvcyDPs1sbH1fJ4vRWPz7Z2+qO42anVR7HV3szHt3rxhP1ha5wnf8Pd2na+3Whu5LHdz/LY2o917e3Hv237/UHM0yjyfZinD4PBOMbx5l4zzmfrXh7rvUExHvNmjebeKA6LWJwu1LNOI69jY5Irfby92e7t7KXD5na/nfXSlUr1hUr1Zrm6nTWag+aNcq3buHkjXWx1RoeVB81ad7WVZa1Os1LPukvpYqteL1er6eKt5ka71kur1cr1yrXyylKxdjV99c67aaeRLo7iy+3ezul2p59uZttpfMdSuly5/uJSeqWavr22nq6/dfv22vo77996785La6+/Uhz0QFnp4vK15eVy9Vp5ubp0DOY/+r/7kPMfTDL/T4qiH2H+yWSXB/6bDxjAI3ug/w/6f+DwnfT+P0yz/x+1VPr//+9/S5P3/xP1v8e1/z/B84eJ6P8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5YP8x/+Vq+shC3zxfjF4uhZ4rtJIRQCiH8/g/mwukDOeeKPPP/cvz832r4Ngl5htE5zhTLuRDCarH89vRhXwUAAAB4fH310eXPYrceXxZmXRBHKd60KV34YEr5khDC/MKPU8pWGr08O6Vk+ef7VNibUrb8BtZTU0oWb7mdmla2hzI3Dh9fvD+YTyiJoXSk5QAAAEdi7kA42i4EAACAo/TprAtgNpIwfpQ5fhacf/P+/qPNswf2AQAAACdQMusCAAAAgEOX9/9+/w8AAAAeb/H3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4g537uU0ciOIA/GwwsP+0aLX3bWVvUEZKyDHHQAFpghJIC2mAGsgtJUQQYY+QHIEUiXGsoO+TPM7Y0W9mgMsbSwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NJztZ4/3v97uDRnt79MntUAAAAAp2yr9bz+Y9r0f6Trv9KlP6lfREQZEadq90GMWpmDlFOd+f/q3RyeIuqEwxjjdHyPiP/peP3d9acAAAAA12uzXM2aar1ppn1PiM/UbNqUP28y5RURUU1fMqWVh+ZvprD69z2Mu0xp9QbWJFNYs+U2PH1vlGuQtkHrlFYyWdRfYt0ruxkXAADoU7sSOFOFAAAAcAVu+54A/SiOzfE547g5pQeC31o9AAAA4Asq+p4AAAAA0Lm6/vf+PwAAALhuzfv/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NK2Ws83y9Xs3P3FB3N2+8vkWxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBv7844CIRAGYbB3fWcy9z+sNGhobFIFwsffGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzPSwqEQBBEwZzxv5O+/2ElQc8gQgQ0PKqoRQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzcP28cRRQA8Hd7t5c/gDAGuTCgIFFAQ+xLSEgJBcii4CMgWc45GC4EEhckskBuoEKu0yAoEUICmS7fIXUspQldChdGogbt3u5lkxhyiszuEv9+0uy8Pa9m3uydLD/P2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAafedeCkp4m52mBnH5Wu39jZWsn7ngT5zY+v2fNayuPOoib55++CTb7eXqycn5ionX9WfDAAAAIdDt6zvI+JOur2U9clMXv+n5TVZzf/9M+O4rOcfrPt39jaOFl+aL+v/3369+8JkopnxPNmgq2uj4eLDqfT+oyW23rOPvKKX3/n8dy/d/A1J3t98fjfN72fn25s33+3n4ZE6sgUAHsfJsi+C8uehrB80mRgAh0avUniX9X93ptmcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqwuxlPlXEnIuZ79+LMzt7Gyn79ja3b82U7e/36VnXMbIg0IlbXRsO0xrW03ZWr1z5ZHo2Gl+sPTkREc7MXwYdTXBPx79cUH89obhX/HHTakUajQVK8P23J5yCD8rN38CM39A0JAIAnVlq0rK6/k24vZa91ZiP++uH++v+1ShxT1v93Pzp7qzpXtf4f1LbC9ltYv/jZwpWr195Yu7h8YXhh+OmbpwZvDU6fO3Pm3EJ2rxYXViMZLjadJgAAAP9j/aJV6/9k9uH9/+OVOKas/z//bvBlda6u+n9f9zb9ms4EAADgMOpPoude+fOPzj5XdPr9+GJ5ff3yYHycnJ8aH2tN9zEdKVq1/u/ONp0VAAAAUIfdzc59+//nK3FMuf//9I8v/lwdsxsRxyIuRcTw5Mql0fn6ltNqdfyhcj5Rv+mVAgAA0JRjRavu/6f58//J5JGHJCJef3Ucl//rapr6v/ve1z9V56o+/3+6viW2UjI3vh95PxfRm2s6IwAAAJ5kR4uWFfu/p9tLH/9y/IO+5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6vZ3AAAA//+pzDYD")
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x16, 0x0, 0x4, 0xff}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000280)='f2fs_write_checkpoint\x00', r1}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

572.149895ms ago: executing program 2 (id=620):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x85, 0x81, &(0x7f0000000100)="1a00000002", 0x5)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r2, 0x0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x42, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x2, 0xfffe, 0x0, 0x400, {[@mptcp=@syn={0x1e, 0xc, 0x7, 0x1, 0x5, 0x7, 0x200}]}}}}}}}, 0x0)

510.173493ms ago: executing program 2 (id=622):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000340)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
syz_mount_image$fuse(0x0, 0x0, 0x105000, &(0x7f0000002440)=ANY=[], 0x0, 0x0, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x40000002})

343.464633ms ago: executing program 1 (id=624):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)={0x20, 0x5e, 0x1, 0x4, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8000000000000001}, @nested={0x4, 0x1}]}, 0x20}], 0x1}, 0x0)

343.24584ms ago: executing program 1 (id=625):
syz_emit_ethernet(0x46, &(0x7f00000000c0)={@link_local={0x3}, @link_local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @private=0x40000000, @initdev={0xac, 0x1e, 0x0, 0x0}}, "000022ebffff0000"}}}}}, 0x0)

273.66762ms ago: executing program 1 (id=626):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x1c, 0x0, 0x18)

273.309295ms ago: executing program 1 (id=627):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x75, &(0x7f00000002c0)="1a00000002000000", 0x8)

255.016989ms ago: executing program 0 (id=628):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000000)=@abs={0x1, 0x0, 0x4e24}, 0x2)
listen(r0, 0x9)
ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, 0x0)

251.305514ms ago: executing program 1 (id=629):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
fcntl$lock(r0, 0x24, &(0x7f0000000040)={0x2, 0x1, 0x9, 0x200, 0xffffffffffffffff})

151.439564ms ago: executing program 0 (id=630):
socket(0x23, 0x3, 0x0)

151.130356ms ago: executing program 1 (id=631):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000300)={0x0, 0x3cfa, 0x0, 0xffffffff, 0x69}, &(0x7f0000000200)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x303}, "1d8f2a00020000b3", "0b3ea90ac47b25d7624cd362581725c7", "0100", "00000000000200"}, 0x28)
shutdown(r0, 0x1)

93.751131ms ago: executing program 0 (id=632):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0a41, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002})
write$tun(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="00000018030103000400c4001000459800d8006800004d2f907804000001ffffffff0c21880b001900001c794c5fcd565649050022835ac3ac97cb9fb274d4d9998212080008007fb5875c8cb1e5103810f3514c5859085f8bcd044121d872d527be9db6ccba47166b45027b4ebb9222f071ff96f3443ec4461c325c516f1698e1f0"], 0xe6)

0s ago: executing program 0 (id=633):
add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, &(0x7f0000000100)="a9e2", 0x2, 0xfffffffffffffffd)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:57210' (ED25519) to the list of known hosts.
syzkaller login: [   56.138434][ T5834] cgroup: Unknown subsys name 'net'
[   56.248089][ T5834] cgroup: Unknown subsys name 'cpuset'
[   56.255217][ T5834] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.406967][ T5834] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   63.481190][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   63.485309][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   63.488998][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   63.493048][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   63.496297][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   63.582969][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   63.586408][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   63.589566][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   63.593593][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   63.597069][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   63.613730][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   63.620286][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   63.623794][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   63.627601][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   63.631022][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   63.768720][ T5849] chnl_net:caif_netlink_parms(): no params data found
[   63.907124][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.910199][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.913907][ T5849] bridge_slave_0: entered allmulticast mode
[   63.917601][ T5849] bridge_slave_0: entered promiscuous mode
[   63.924549][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.927301][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.930042][ T5849] bridge_slave_1: entered allmulticast mode
[   63.933763][ T5849] bridge_slave_1: entered promiscuous mode
[   64.046776][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.070255][ T5853] chnl_net:caif_netlink_parms(): no params data found
[   64.079629][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.131545][ T5855] chnl_net:caif_netlink_parms(): no params data found
[   64.147194][ T5849] team0: Port device team_slave_0 added
[   64.159558][ T5849] team0: Port device team_slave_1 added
[   64.240310][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.243478][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.254210][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.259901][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.262824][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.265454][ T5853] bridge_slave_0: entered allmulticast mode
[   64.269078][ T5853] bridge_slave_0: entered promiscuous mode
[   64.279051][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.282339][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.293528][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.298403][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.301093][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.304121][ T5853] bridge_slave_1: entered allmulticast mode
[   64.308622][ T5853] bridge_slave_1: entered promiscuous mode
[   64.388355][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.409750][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.424676][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.427624][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.430558][ T5855] bridge_slave_0: entered allmulticast mode
[   64.434646][ T5855] bridge_slave_0: entered promiscuous mode
[   64.465656][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.468650][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.471580][ T5855] bridge_slave_1: entered allmulticast mode
[   64.476842][ T5855] bridge_slave_1: entered promiscuous mode
[   64.484069][ T5849] hsr_slave_0: entered promiscuous mode
[   64.486914][ T5849] hsr_slave_1: entered promiscuous mode
[   64.491250][ T5853] team0: Port device team_slave_0 added
[   64.520196][ T5853] team0: Port device team_slave_1 added
[   64.540235][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.570141][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.581371][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.584477][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.594795][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.616840][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.619662][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.629876][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.647173][ T5855] team0: Port device team_slave_0 added
[   64.661354][ T5855] team0: Port device team_slave_1 added
[   64.693491][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.695754][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.704219][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.737800][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.739906][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.748405][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.775927][ T5853] hsr_slave_0: entered promiscuous mode
[   64.778604][ T5853] hsr_slave_1: entered promiscuous mode
[   64.781239][ T5853] debugfs: 'hsr0' already exists in 'hsr'
[   64.783560][ T5853] Cannot create hsr debugfs directory
[   64.842779][ T5855] hsr_slave_0: entered promiscuous mode
[   64.845221][ T5855] hsr_slave_1: entered promiscuous mode
[   64.847817][ T5855] debugfs: 'hsr0' already exists in 'hsr'
[   64.849739][ T5855] Cannot create hsr debugfs directory
[   65.103269][ T5849] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   65.120276][ T5849] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   65.153309][ T5849] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   65.170965][ T5849] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   65.197934][ T5853] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   65.215609][ T5853] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   65.241054][ T5853] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   65.266738][ T5853] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   65.330333][ T5855] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   65.347765][ T5855] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   65.356660][ T5855] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   65.364104][ T5855] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   65.464360][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.501442][ T5849] 8021q: adding VLAN 0 to HW filter on device team0
[   65.512978][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.515312][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.523286][ T5233] Bluetooth: hci0: command tx timeout
[   65.532287][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.534590][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.572303][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.600552][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.608205][ T5853] 8021q: adding VLAN 0 to HW filter on device team0
[   65.627067][  T726] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.630082][  T726] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.642907][ T5855] 8021q: adding VLAN 0 to HW filter on device team0
[   65.653517][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.655763][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.659025][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.661376][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.680091][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.682432][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.688313][ T5233] Bluetooth: hci2: command tx timeout
[   65.688394][   T55] Bluetooth: hci1: command tx timeout
[   65.764968][ T5853] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   65.806822][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.873801][ T5849] veth0_vlan: entered promiscuous mode
[   65.897319][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.915791][ T5849] veth1_vlan: entered promiscuous mode
[   65.951473][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.971151][ T5849] veth0_macvtap: entered promiscuous mode
[   65.981685][ T5849] veth1_macvtap: entered promiscuous mode
[   66.009086][ T5855] veth0_vlan: entered promiscuous mode
[   66.014404][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.027516][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.045548][ T5855] veth1_vlan: entered promiscuous mode
[   66.050113][ T5878] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.059225][ T5853] veth0_vlan: entered promiscuous mode
[   66.064486][ T5878] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.086578][ T5878] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.089302][ T5878] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.095566][ T5853] veth1_vlan: entered promiscuous mode
[   66.135387][ T5855] veth0_macvtap: entered promiscuous mode
[   66.145432][ T5855] veth1_macvtap: entered promiscuous mode
[   66.153744][ T5853] veth0_macvtap: entered promiscuous mode
[   66.184079][ T5853] veth1_macvtap: entered promiscuous mode
[   66.191836][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.196020][ T1146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.199737][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.205656][ T1146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.218859][ T5878] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.223804][ T5710] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.237265][ T5710] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.253630][ T5710] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.269504][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.279112][ T1096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.283446][ T1096] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.285793][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.317549][ T5710] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.328243][ T5849] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   66.340386][ T5710] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.344651][ T5710] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.347765][ T5710] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.457386][  T726] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.460094][  T726] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.512217][  T726] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.515117][  T726] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.541618][ T1146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.552883][ T1146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.587746][   T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.591478][   T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.619593][ T5919] loop0: detected capacity change from 0 to 4096
[   66.690591][ T5923] loop2: detected capacity change from 0 to 512
[   66.711172][ T5925] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   66.717173][ T5919] NILFS error (device loop0): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[   66.724818][ T5923] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3: bg 0: block 393: padding at end of block bitmap is not set
[   66.730366][ T5919] NILFS (loop0): mounting fs with errors
[   66.757483][ T5923] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   66.766985][ T5923] EXT4-fs (loop2): 2 truncates cleaned up
[   66.769948][ T5923] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   66.969920][ T5930] Zero length message leads to an empty skb
[   67.008763][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.293628][ T5933] fuse: Bad value for 'fd'
[   67.616754][   T55] Bluetooth: hci0: command tx timeout
[   67.763527][   T55] Bluetooth: hci2: command tx timeout
[   67.763742][ T5233] Bluetooth: hci1: command tx timeout
[   68.016785][   T47] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   68.577990][   T47] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[   68.591531][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   68.604866][   T47] usb 1-1: Product: syz
[   68.607543][   T47] usb 1-1: Manufacturer: syz
[   68.620960][   T47] usb 1-1: SerialNumber: syz
[   68.639052][   T47] r8152-cfgselector 1-1: Unknown version 0x0000
[   68.641736][   T47] r8152-cfgselector 1-1: config 0 descriptor??
[   68.992958][ T5898] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   69.082560][ T5867] r8152-cfgselector 1-1: USB disconnect, device number 2
[   69.152410][ T5898] usb 3-1: Using ep0 maxpacket: 32
[   69.159107][ T5898] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[   69.172633][ T5898] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[   69.176089][ T5898] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[   69.179460][ T5898] usb 3-1: config 1 has no interface number 0
[   69.181921][ T5898] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   69.191581][ T5898] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[   69.209914][ T5898] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[   69.214510][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.229145][ T5898] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[   69.247361][ T5955] loop1: detected capacity change from 0 to 32768
[   69.257656][ T5955] xfs: Unknown parameter 'smackfstransmute'
[   69.447145][ T5898] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[   69.521500][ T5970] loop1: detected capacity change from 0 to 8
[   69.554915][ T5970] SQUASHFS error: lzo decompression failed, data probably corrupt
[   69.558311][ T5970] SQUASHFS error: Failed to read block 0x28d: -5
[   69.562870][ T5970] SQUASHFS error: Unable to read metadata cache entry [28b]
[   69.565840][ T5970] SQUASHFS error: Unable to read inode 0x11f
[   69.681018][ T5948] loop2: detected capacity change from 0 to 1024
[   69.683926][   T55] Bluetooth: hci0: command tx timeout
[   69.704066][ T5948] EXT4-fs: Ignoring removed mblk_io_submit option
[   69.769594][ T5948] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.842746][   T55] Bluetooth: hci2: command tx timeout
[   69.844206][ T5233] Bluetooth: hci1: command tx timeout
[   69.996081][ T5974] loop0: detected capacity change from 0 to 40427
[   70.005087][ T5974] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   70.007644][ T5974] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   70.028439][ T5885] usb 3-1: USB disconnect, device number 2
[   70.036325][ T5885] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[   70.110910][ T5974] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   70.119518][ T5974] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   70.124352][ T5974] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   70.201488][ T5980] loop1: detected capacity change from 0 to 32768
[   70.273720][ T1089] read_mapping_page failed!
[   70.275444][ T1089] ERROR: (device loop1): txCommit: 
[   70.275444][ T1089] 
[   70.280375][ T1089] ERROR: (device loop1): remounting filesystem as read-only
[   70.285894][ T1089] jfs_write_inode: jfs_commit_inode failed!
[   70.477368][ T5987] loop1: detected capacity change from 0 to 4096
[   70.496609][ T5987] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[   70.500306][ T5987] ntfs3(loop1): RAW NTFS volume: Filesystem size 0.00 Gb > volume size 0.00 Gb. Mount in read-only.
[   70.543715][ T5987] ntfs3(loop1): ino=19, mi_enum_attr
[   70.548872][ T5987] ntfs3(loop1): ino=18, mi_enum_attr
[   70.587831][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.780491][ T5999] loop1: detected capacity change from 0 to 128
[   70.800991][ T5999] befs: (loop1): No write support. Marking filesystem read-only
[   70.838696][ T5999] befs: (loop1): invalid magic header
[   70.990513][ T6007] Bluetooth: MGMT ver 1.23
[   71.070501][ T6009] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   71.208577][ T6001] loop0: detected capacity change from 0 to 32768
[   71.219456][ T6001] BTRFS warning: excessive commit interval 2147483647, use with care
[   71.230249][ T6001] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.28 (6001)
[   71.292600][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.295253][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   71.301005][ T6001] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   71.316454][ T6001] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[   71.319984][ T6001] BTRFS error (device loop0): cannot disable free-space-tree
[   71.323598][ T6001] BTRFS info (device loop0): disk space caching is enabled
[   71.326614][ T6001] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   71.334400][ T6001] BTRFS error (device loop0): open_ctree failed: -22
[   71.427961][ T6016] kAFS: unable to lookup cell ''
[   71.457302][ T6005] loop1: detected capacity change from 0 to 32768
[   71.774424][ T5233] Bluetooth: hci0: command tx timeout
[   71.923698][ T5233] Bluetooth: hci1: command tx timeout
[   71.925909][ T5233] Bluetooth: hci2: command tx timeout
[   72.178571][ T6047] netlink: 8 bytes leftover after parsing attributes in process `syz.2.50'.
[   72.268559][ T6051] netlink: 'syz.2.52': attribute type 21 has an invalid length.
[   72.373806][ T6057] program syz.2.55 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   72.605485][ T6062] loop2: detected capacity change from 0 to 32768
[   72.877941][ T6066] netlink: 8 bytes leftover after parsing attributes in process `syz.1.59'.
[   72.989742][ T6064] loop2: detected capacity change from 0 to 32768
[   73.003215][ T6064] =======================================================
[   73.003215][ T6064] WARNING: The mand mount option has been deprecated and
[   73.003215][ T6064]          and is ignored by this kernel. Remove the mand
[   73.003215][ T6064]          option from the mount to silence this warning.
[   73.003215][ T6064] =======================================================
[   73.491513][ T6078] loop0: detected capacity change from 0 to 32768
[   73.506167][ T6078] XFS (loop0): sunit and swidth options incompatible with the noalign option
[   73.561518][ T6096] loop0: detected capacity change from 0 to 128
[   73.574462][ T6096] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   73.581387][ T6096] ext4 filesystem being mounted at /19/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   73.695821][ T5849] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   73.756145][ T6102] Illegal XDP return value 4294967274 on prog  (id 8) dev N/A, expect packet loss!
[   73.772697][ T5898] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   73.922178][ T5898] usb 2-1: Using ep0 maxpacket: 8
[   73.927388][ T5898] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   73.931466][ T5898] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   73.937089][ T5898] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   73.940377][ T5898] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   73.945573][ T5898] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   73.948500][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   73.951782][ T6110] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.80'.
[   74.052568][   T47] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   74.159842][ T5898] usb 2-1: GET_CAPABILITIES returned 0
[   74.164236][ T5898] usbtmc 2-1:16.0: can't read capabilities
[   74.212199][   T47] usb 3-1: Using ep0 maxpacket: 32
[   74.217189][   T47] usb 3-1: config 2 has an invalid interface number: 157 but max is 0
[   74.220443][   T47] usb 3-1: config 2 has 2 interfaces, different from the descriptor's value: 1
[   74.224935][   T47] usb 3-1: config 2 has no interface number 1
[   74.230440][   T47] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=a4.1b
[   74.240217][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.243602][   T47] usb 3-1: Product: syz
[   74.248477][   T47] usb 3-1: Manufacturer: syz
[   74.258781][   T47] usb 3-1: SerialNumber: syz
[   74.269818][   T47] imon 3-1:2.157: inconsistent driver matching
[   74.277311][   T47] imon 3-1:2.157: unable to register, err -22
[   74.279811][   T47] imon 3-1:2.157: probe with driver imon failed with error -22
[   74.286543][   T47] imon:imon_find_endpoints: no valid input (IR) endpoint found
[   74.290911][   T47] imon 3-1:2.0: unable to initialize intf0, err -19
[   74.294745][   T47] imon:imon_probe: failed to initialize context!
[   74.297258][   T47] imon 3-1:2.0: unable to register, err -19
[   74.370477][   T47] usb 2-1: USB disconnect, device number 2
[   74.478744][ T6115] usb 3-1: USB disconnect, device number 3
[   74.508734][ T6114] loop0: detected capacity change from 0 to 32768
[   74.651694][ T6117] netlink: 4 bytes leftover after parsing attributes in process `syz.0.83'.
[   74.705002][ T6119] process 'syz.0.84' launched './file1' with NULL argv: empty string added
[   74.755083][ T6121] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   75.539449][ T6136] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[   75.547227][ T6136] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   76.523813][ T6176] PKCS7: Unknown OID: [5] (bad)
[   76.526143][ T6176] PKCS7: Only support pkcs7_signedData type
[   76.851169][   T33] audit: type=1326 audit(1755038301.010:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6195 comm="syz.0.117" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7c1d8ebe9 code=0x7ffc0000
[   76.858263][   T33] audit: type=1326 audit(1755038301.010:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6195 comm="syz.0.117" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7c1d8ebe9 code=0x7ffc0000
[   76.866188][   T33] audit: type=1326 audit(1755038301.010:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6195 comm="syz.0.117" exe="/syz-executor" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7ff7c1d8ebe9 code=0x7ffc0000
[   76.873162][   T33] audit: type=1326 audit(1755038301.010:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6195 comm="syz.0.117" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7c1d8ebe9 code=0x7ffc0000
[   76.879797][   T33] audit: type=1326 audit(1755038301.020:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6195 comm="syz.0.117" exe="/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ff7c1d8ebe9 code=0x7ffc0000
[   76.888564][   T33] audit: type=1326 audit(1755038301.020:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6195 comm="syz.0.117" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7c1d8ebe9 code=0x7ffc0000
[   76.897194][   T33] audit: type=1326 audit(1755038301.020:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6195 comm="syz.0.117" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7c1d8ebe9 code=0x7ffc0000
[   77.371342][ T6212] loop0: detected capacity change from 0 to 512
[   77.378173][ T6212] EXT4-fs: Ignoring removed mblk_io_submit option
[   77.380529][ T6212] EXT4-fs: Ignoring removed bh option
[   77.384746][ T6212] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   77.390518][ T6212] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   77.403846][ T6212] EXT4-fs (loop0): 1 truncate cleaned up
[   77.406749][ T6212] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.450547][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.763323][   T47] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   77.965581][ T6237] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   78.084879][ T6239] trusted_key: syz.1.133 sent an empty control message without MSG_MORE.
[   78.152359][   T47] usb 1-1: Using ep0 maxpacket: 8
[   78.159454][   T47] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[   78.163637][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.171165][   T47] pvrusb2: Hardware description: Terratec Grabster AV400
[   78.182227][   T47] pvrusb2: **********
[   78.183628][   T47] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[   78.187541][   T47] pvrusb2: Important functionality might not be entirely working.
[   78.194213][   T47] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[   78.197669][   T47] pvrusb2: **********
[   78.381765][ T2397] pvrusb2: Invalid write control endpoint
[   78.429437][ T2397] pvrusb2: Invalid write control endpoint
[   78.434751][ T2397] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[   78.437906][ T6256] capability: warning: `syz.1.141' uses deprecated v2 capabilities in a way that may be insecure
[   78.441282][ T2397] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[   78.443811][ T2397] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[   78.447340][ T2397] pvrusb2: Device being rendered inoperable
[   78.455022][ T2397] cx25840 2-0044: Unable to detect h/w, assuming cx23887
[   78.459355][ T2397] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[   78.468965][ T2397] pvrusb2: Attached sub-driver cx25840
[   78.471974][ T2397] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[   78.477421][ T2397] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[   78.506852][ T6258] loop1: detected capacity change from 0 to 1024
[   78.511572][ T6258] EXT4-fs (loop1): filesystem is read-only
[   78.641483][   T47] usb 1-1: USB disconnect, device number 3
[   78.865816][ T6280] netlink: 36 bytes leftover after parsing attributes in process `syz.1.152'.
[   78.868776][ T6280] netlink: 16 bytes leftover after parsing attributes in process `syz.1.152'.
[   78.871752][ T6280] netlink: 36 bytes leftover after parsing attributes in process `syz.1.152'.
[   78.876517][ T6280] netlink: 36 bytes leftover after parsing attributes in process `syz.1.152'.
[   79.194250][   T47] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   79.408775][   T47] usb 3-1: config index 0 descriptor too short (expected 63186, got 210)
[   79.417891][   T47] usb 3-1: config 0 has an invalid interface number: 106 but max is 0
[   79.428884][   T47] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   79.435929][   T47] usb 3-1: config 0 has no interface number 0
[   79.440092][   T47] usb 3-1: config 0 interface 106 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[   79.444716][   T47] usb 3-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7
[   79.448301][   T47] usb 3-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[   79.454831][   T47] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[   79.457826][   T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=64
[   79.460441][   T47] usb 3-1: SerialNumber: syz
[   79.465348][   T47] usb 3-1: config 0 descriptor??
[   79.488013][   T47] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[   79.649679][ T6302] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[   79.652574][ T5898] IPVS: starting estimator thread 0...
[   79.674524][   T47] usb 3-1: USB disconnect, device number 4
[   79.677815][ T5710] usb 3-1: Failed to submit usb control message: -71
[   79.680082][ T5710] usb 3-1: unable to send the bmi data to the device: -71
[   79.682637][ T5710] usb 3-1: unable to get target info from device
[   79.689787][ T5710] usb 3-1: could not get target info (-71)
[   79.691780][ T5710] usb 3-1: could not probe fw (-71)
[   79.718752][ T6306] syz.0.159 uses obsolete (PF_INET,SOCK_PACKET)
[   79.748018][ T6308] netlink: 'syz.0.160': attribute type 30 has an invalid length.
[   79.752505][ T6304] IPVS: using max 62 ests per chain, 148800 per kthread
[   79.782148][ T6310] loop0: detected capacity change from 0 to 512
[   79.789515][ T6310] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[   79.794127][ T6310] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.161: invalid indirect mapped block 2683928664 (level 1)
[   79.799957][ T6310] EXT4-fs (loop0): Remounting filesystem read-only
[   79.803875][ T6310] EXT4-fs (loop0): 1 truncate cleaned up
[   79.806463][ T6310] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.824060][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.848468][ T6314] mmap: syz.0.162 (6314) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   80.835076][ T6333] loop0: detected capacity change from 0 to 131072
[   80.844201][ T6333] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0)
[   80.846797][ T6333] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   80.850784][ T6333] F2FS-fs (loop0): invalid crc value
[   80.872305][   T47] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   80.887284][ T6333] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   80.895437][ T6333] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   80.897777][ T6333] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[   81.032141][   T47] usb 3-1: Using ep0 maxpacket: 32
[   81.037653][   T47] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[   81.040547][   T47] usb 3-1: config 0 has no interface number 0
[   81.042667][   T47] usb 3-1: config 0 interface 184 has no altsetting 0
[   81.048598][   T47] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[   81.051559][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.054101][   T47] usb 3-1: Product: syz
[   81.055525][   T47] usb 3-1: Manufacturer: syz
[   81.057066][   T47] usb 3-1: SerialNumber: syz
[   81.064646][   T47] usb 3-1: config 0 descriptor??
[   81.084359][   T47] smsc75xx v1.0.0
[   81.085998][   T47] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[   81.097446][   T47] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -22
[   81.495382][ T6349] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   81.499013][ T6349] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   81.518884][ T5867] usb 3-1: USB disconnect, device number 5
[   81.538358][ T6360] sctp: [Deprecated]: syz.1.182 (pid 6360) Use of struct sctp_assoc_value in delayed_ack socket option.
[   81.538358][ T6360] Use struct sctp_sack_info instead
[   81.538347][  T973] cfg80211: failed to load regulatory.db
[   82.244087][ T6380] cgroup: name respecified
[   82.347456][ T6385] loop2: detected capacity change from 0 to 512
[   82.350332][ T6385] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   82.368819][ T6385] EXT4-fs (loop2): 1 truncate cleaned up
[   82.371408][ T6385] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.382348][ T6385] EXT4-fs error (device loop2): ext4_generic_delete_entry:2668: inode #2: block 13: comm syz.2.189: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[   82.390530][ T6385] EXT4-fs error (device loop2) in ext4_delete_entry:2739: Corrupt filesystem
[   82.400285][ T6385] EXT4-fs warning (device loop2): ext4_rename_delete:3735: inode #2: comm syz.2.189: Deleting old file: nlink 6, error=-117
[   82.418375][ T5853] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.520908][ T6395] pimreg: entered allmulticast mode
[   82.533872][ T6395] pimreg: left allmulticast mode
[   82.646297][ T6401] netlink: 12 bytes leftover after parsing attributes in process `syz.1.196'.
[   82.985378][ T6413] autofs4:pid:6413:validate_dev_ioctl: invalid path supplied for cmd(0xc018937a)
[   83.373208][ T5885] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   83.602670][ T5885] usb 1-1: Using ep0 maxpacket: 32
[   83.620330][ T5885] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[   83.630161][ T5885] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.658724][ T5885] usb 1-1: config 0 descriptor??
[   83.675023][ T5885] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[   84.065806][ T6425] netlink: 56 bytes leftover after parsing attributes in process `syz.2.205'.
[   84.070059][ T6425] netlink: 24 bytes leftover after parsing attributes in process `syz.2.205'.
[   84.731868][ T6442] loop1: detected capacity change from 0 to 128
[   84.750458][ T6442] FAT-fs (loop1): bogus number of reserved sectors
[   84.758078][ T6442] FAT-fs (loop1): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[   84.762631][ T6442] FAT-fs (loop1): Can't find a valid FAT filesystem
[   84.926475][ T5885] gspca_vc032x: reg_w err -71
[   84.928016][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   84.929838][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   84.970443][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   84.980566][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   84.982626][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   84.984267][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   84.985890][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   84.987640][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   84.989292][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   84.990968][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   84.998526][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   85.000214][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   85.003275][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   85.004941][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   85.006734][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   85.008520][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   85.010181][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   85.011847][ T5885] gspca_vc032x: I2c Bus Busy Wait 00
[   85.140677][ T6453] netlink: 8 bytes leftover after parsing attributes in process `syz.1.216'.
[   85.232561][ T5885] gspca_vc032x: Unknown sensor...
[   85.234299][ T5885] vc032x 1-1:0.0: probe with driver vc032x failed with error -22
[   85.239539][ T5885] usb 1-1: USB disconnect, device number 4
[   85.394237][ T6461] syz.1.219 (6461) used greatest stack depth: 19824 bytes left
[   85.729646][ T6479] loop0: detected capacity change from 0 to 1024
[   85.750222][ T6479] hfsplus: Bad value for 'gid'
[   85.856138][ T6477] loop1: detected capacity change from 0 to 8
[   85.860414][ T6477] SQUASHFS error: zlib decompression failed, data probably corrupt
[   85.863159][ T6477] SQUASHFS error: Failed to read block 0x9b: -5
[   85.865176][ T6477] SQUASHFS error: Unable to read metadata cache entry [99]
[   85.867441][ T6477] SQUASHFS error: Unable to read inode 0x127
[   85.916460][ T6484] loop0: detected capacity change from 0 to 512
[   85.963523][ T6484] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.230: bad orphan inode 11862016
[   85.968300][ T6484] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   85.982494][ T6484] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   86.337519][ T6491] loop1: detected capacity change from 0 to 32768
[   86.540272][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   87.047477][ T6495] loop0: detected capacity change from 0 to 32768
[   87.064875][ T6495] bcachefs (/dev/loop0): error validating superblock: Invalid superblock section members_v2: device 0: invalid btree_bitmap_shift 248
[   87.064875][ T6495] members_v2 (size 152):
[   87.064875][ T6495] Device:                        0
[   87.064875][ T6495]   Label:                       (none)
[   87.064875][ T6495]   UUID:                        7af6772b-00de-4159-84cd-1faead05aceb
[   87.064875][ T6495]   Size:                        16777216
[   87.064875][ T6495]   read errors:                 0
[   87.064875][ T6495]   write errors:                0
[   87.064875][ T6495]   checksum errors:             0
[   87.064875][ T6495]   seqread iops:                0
[   87.064875][ T6495]   seqwrite iops:               0
[   87.064875][ T6495]   randread iops:               0
[   87.064875][ T6495]   randwrite iops:              0
[   87.064875][ T6495]   Bucket size:                 131072
[   87.064875][ T6495]   First bucket:                0
[   87.064875][ T6495]   Buckets:                     128
[   87.064875][ T6495]   Last mount:                  1714681267
[   87.064875][ T6495]   Last superblock write:       42
[   87.064875][ T6495]   State:                       rw
[   87.064875][ T6495]   Data allowed:                journal,btree,user
[   87.064875][ T6495]   Has data:                    (none)
[   87.064875][ T6495]   Btree allocated bitmap blocksize:(invalid shift 248)
[   87.064875][ T6495]   Btree allocated bitmap:      0000000000000000000001000010000010011000000000000000000000000000
[   87.064875][ T6495]  
[   87.065068][ T6495] bcachefs: bch2_fs_get_tree() error: invalid_sb_members
[   87.138753][ T6493] loop1: detected capacity change from 0 to 65536
[   87.193060][ T6493] XFS (loop1): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[   87.218448][ T6493] XFS (loop1): Ending clean mount
[   87.224767][ T6493] XFS (loop1): Quotacheck needed: Please wait.
[   87.250193][ T6493] XFS (loop1): Quotacheck: Done.
[   87.318613][ T6517] veth1_to_bridge: entered promiscuous mode
[   87.322775][ T6517] veth1_to_bridge: left promiscuous mode
[   87.350827][ T5855] XFS (loop1): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[   87.371023][ T6519] netlink: 104 bytes leftover after parsing attributes in process `syz.0.243'.
[   87.516608][ T6525] netlink: 12 bytes leftover after parsing attributes in process `syz.0.246'.
[   88.174487][  T726] Bluetooth: hci3: Frame reassembly failed (-84)
[   88.179915][ T6559] Bluetooth: hci3: Frame reassembly failed (-84)
[   88.925160][ T6608] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[   90.252219][ T5233] Bluetooth: hci3: command 0x1003 tx timeout
[   90.255399][   T55] Bluetooth: hci3: Opcode 0x1003 failed: -110
[   90.384663][ T6633] loop1: detected capacity change from 0 to 164
[   90.521642][ T6641] loop0: detected capacity change from 0 to 128
[   90.741618][ T6637] loop1: detected capacity change from 0 to 32768
[   90.760059][ T6649] netlink: 96 bytes leftover after parsing attributes in process `syz.0.297'.
[   90.890031][ T6637] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[   90.890054][ T6637]   allowing incompatible features above 0.0: (unknown version)
[   90.890063][ T6637]   features: 
[   90.904256][ T6637] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[   90.906753][ T6637] bcachefs (loop1): initializing new filesystem
[   90.915179][ T6637] bcachefs (loop1): going read-write
[   90.925430][ T6637] bcachefs (loop1): marking superblocks
[   90.960642][ T6637] bcachefs (loop1): initializing freespace
[   90.970098][ T6637] bcachefs (loop1): done initializing freespace
[   90.988726][ T6637] bcachefs (loop1): reading snapshots table
[   90.991085][ T6637] bcachefs (loop1): reading snapshots done
[   91.021763][ T6637] bcachefs (loop1): done starting filesystem
[   91.111234][ T6637] syz.1.291 (6637) used greatest stack depth: 17448 bytes left
[   91.134224][ T5855] bcachefs (loop1): shutting down
[   91.136490][ T5855] bcachefs (loop1): going read-only
[   91.138940][ T5855] bcachefs (loop1): finished waiting for writes to stop
[   91.144803][ T5855] bcachefs (loop1): flushing journal and stopping allocators, journal seq 3
[   91.167442][ T6675] netlink: 28 bytes leftover after parsing attributes in process `syz.0.305'.
[   91.171012][ T6675] netlink: 'syz.0.305': attribute type 7 has an invalid length.
[   91.175498][ T6675] netlink: 'syz.0.305': attribute type 8 has an invalid length.
[   91.178726][ T6675] netlink: 4 bytes leftover after parsing attributes in process `syz.0.305'.
[   91.197036][ T5855] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3
[   91.206441][ T5855] bcachefs (loop1): clean shutdown complete, journal seq 4
[   91.210252][ T5855] bcachefs (loop1): marking filesystem clean
[   91.273674][ T5855] bcachefs (loop1): shutdown complete
[   91.297589][ T6680] bond0: up delay (5) is not a multiple of miimon (4), value rounded to 4 ms
[   91.304661][ T6680] netlink: 'syz.0.307': attribute type 10 has an invalid length.
[   91.309636][ T6680] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.314134][ T6680] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.332884][ T6680] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.335821][ T6680] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.339599][ T6680] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.342593][ T6680] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.349090][ T6680] bond0: (slave bridge0): Enslaving as an active interface with an up link
[   91.384080][ T5710] bond0: (slave bridge0): link status definitely up, 0 Mbps full duplex
[   91.395021][ T6682] netlink: 8 bytes leftover after parsing attributes in process `syz.2.308'.
[   91.520041][ T6691] netlink: 'syz.2.311': attribute type 21 has an invalid length.
[   91.525047][ T6691] netlink: 'syz.2.311': attribute type 1 has an invalid length.
[   91.528298][ T6691] netlink: 144 bytes leftover after parsing attributes in process `syz.2.311'.
[   92.504001][ T1059] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[   92.506833][ T1059] ata1: failed to read log page 10h (errno=-5)
[   92.509258][ T1059] ata1.00: exception Emask 0x1 SAct 0x400000 SErr 0x0 action 0x0
[   92.512453][ T1059] ata1.00: irq_stat 0x40000000
[   92.514659][ T1059] ata1.00: failed command: WRITE FPDMA QUEUED
[   92.517092][ T1059] ata1.00: cmd 61/10:b0:42:05:10/00:00:00:00:00/40 tag 22 ncq dma 8192 out
[   92.517092][ T1059]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[   92.524083][ T1059] ata1.00: status: { DRDY }
[   92.525937][ T1059] ata1.00: error: { ABRT }
[   92.531304][ T1059] ata1.00: configured for UDMA/100
[   92.534000][ T1059] ata1: EH complete
[   93.288996][ T6727] program syz.0.326 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   93.425540][ T6729] input: syz1 as /devices/virtual/input/input5
[   93.854626][ T6749] netlink: 8 bytes leftover after parsing attributes in process `syz.0.335'.
[   94.318402][ T6761] tipc: Started in network mode
[   94.323475][ T6761] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[   94.330106][ T6761] tipc: Enabled bearer <udp:syz0>, priority 10
[   95.488797][ T6779] loop1: detected capacity change from 0 to 32768
[   95.528560][ T6779] bcachefs (/dev/loop1): error validating superblock: Invalid superblock section downgrade: downgrade entry with mismatched major version (0 != 1)
[   95.528560][ T6779] downgrade (size 2912):
[   95.528560][ T6779] version:	0.0: (unknown version)
[   95.528560][ T6779] recovery passes:	
[   95.528560][ T6779] errors:	sb_clean_missing
[   95.528560][ T6779] version:	0.0: (unknown version)
[   95.528560][ T6779] recovery passes:	snapshots_read
[   95.528560][ T6779] errors:	
[   95.528560][ T6779] version:	0.0: (unknown version)
[   95.528560][ T6779] recovery passes:	set_fs_needs_rebalance
[   95.528560][ T6779] errors:	
[   95.528560][ T6779] version:	0.0: (unknown version)
[   95.528560][ T6779] recovery passes:	alloc_read,check_inodes,delete_dead_inodes,set_fs_needs_rebalance
[   95.528560][ T6779] errors:	(unknown error 512)
[   95.528560][ T6779] version:	0.5: (unknown version)
[   95.528560][ T6779] recovery passes:	
[   95.528560][ T6779] errors:	
[   95.528560][ T6779] version:	0.0: (unknown version)
[   95.528560][ T6779] recovery passes:	
[   95.528560][ T6779] errors:	
[   95.528560][ T6779] version:	0.0: (unknown version)
[   95.528560][ T6779] recovery passes:	fs_freespace_init,bucket_gens_init,check_inodes,delete_dead_inodes
[   95.528560][ T6779] errors:	
[   95.528560][ T6779] version:	0.0: (unknown version)
[   95.528560][ T6779] recovery passes:	
[   95.528560][ T6779] errors:	
[   95.528560][ T6779] version:	0.6: (unknown version)
[   95.528560][ T6779] recovery passes:	check_subvols
[   95.528560][ T6779] errors:	
[   95.528560][ T6779] version:	0.33: (unknown version)
[   95.528560][ T6779] recovery passes:	check_snapshots
[   95.528560][ T6779] errors:	
[   95.528560][ T6779] version:	0.0: (unknown version)
[   95.578407][ T5898] tipc: Node number set to 4269801488
[   95.578537][    C1] vkms_vblank_simulate: vblank timer overrun
[   95.737974][ T6779] bcachefs: bch2_fs_get_tree() error: invalid_sb_downgrade
[   96.512368][ T6115] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   96.683738][ T6115] usb 2-1: Using ep0 maxpacket: 8
[   96.695466][ T6115] usb 2-1: config index 0 descriptor too short (expected 30, got 18)
[   96.727134][ T6115] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[   96.730152][ T6115] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.737076][ T6115] usb 2-1: Product: syz
[   96.739560][ T6115] usb 2-1: Manufacturer: syz
[   96.744055][ T6115] usb 2-1: SerialNumber: syz
[   96.750617][ T6115] usb 2-1: config 0 descriptor??
[   96.758760][ T6115] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[   96.761862][ T6115] usb 2-1: setting power ON
[   96.767132][ T6115] dvb-usb: bulk message failed: -22 (2/0)
[   96.776099][ T6115] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   96.780313][ T6115] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[   96.785635][ T6115] usb 2-1: media controller created
[   96.799543][ T6115] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   96.814905][ T6115] usb 2-1: selecting invalid altsetting 6
[   96.817294][ T6115] usb 2-1: digital interface selection failed (-22)
[   96.819476][ T6115] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[   96.824173][ T6115] usb 2-1: setting power OFF
[   96.826207][ T6115] dvb-usb: bulk message failed: -22 (2/0)
[   96.828560][ T6115] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[   96.831568][ T6115] (NULL device *): no alternate interface
[   96.856609][ T6115] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[   96.970585][ T6115] usb 2-1: USB disconnect, device number 3
[   98.325435][ T6841] netlink: 20 bytes leftover after parsing attributes in process `syz.2.374'.
[   98.498375][ T6847] tmpfs: Bad value for 'size'
[   99.473565][ T6867] netlink: 'syz.1.384': attribute type 6 has an invalid length.
[   99.480851][ T6867] netlink: 'syz.1.384': attribute type 6 has an invalid length.
[  100.474010][ T6877] loop0: detected capacity change from 0 to 32768
[  100.516111][ T6877] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  100.666143][ T5849] ocfs2: Unmounting device (7,0) on (node local)
[  101.161866][ T6921] netlink: 'syz.1.407': attribute type 21 has an invalid length.
[  101.170544][ T6921] netlink: 8 bytes leftover after parsing attributes in process `syz.1.407'.
[  101.330540][ T6927] netlink: 4 bytes leftover after parsing attributes in process `syz.0.411'.
[  101.593151][ T6938] loop1: detected capacity change from 0 to 512
[  101.609530][ T6938] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.416: casefold flag without casefold feature
[  101.627286][ T6938] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.416: couldn't read orphan inode 15 (err -117)
[  101.643863][ T6938] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.688499][ T5855] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.778685][ T6943] netlink: 11 bytes leftover after parsing attributes in process `syz.1.417'.
[  102.262226][    T9] usb 2-1: new low-speed USB device number 4 using dummy_hcd
[  102.352883][ T6962] loop0: detected capacity change from 0 to 512
[  102.378107][ T6962] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.425: bad orphan inode 11
[  102.382976][ T6962] ext4_test_bit(bit=10, block=4) = 1
[  102.385406][ T6962] is_bad_inode(inode)=0
[  102.387192][ T6962] NEXT_ORPHAN(inode)=2080374784
[  102.389277][ T6962] max_ino=32
[  102.390642][ T6962] i_nlink=0
[  102.394412][ T6962] EXT4-fs (loop0): 1 truncate cleaned up
[  102.398285][ T6962] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.415013][ T6962] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.425: bg 0: block 393: padding at end of block bitmap is not set
[  102.426792][ T6962] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  102.427749][    T9] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  102.434869][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.446495][    T9] usb 2-1: config 0 descriptor??
[  102.475819][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.588008][ T6966] fuse: root generation should be zero
[  102.657498][    T9] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  102.754294][ T6975] loop0: detected capacity change from 0 to 8
[  102.785748][ T6975] SQUASHFS error: lzo decompression failed, data probably corrupt
[  102.790719][ T6975] SQUASHFS error: Failed to read block 0x91: -5
[  102.793904][ T6975] SQUASHFS error: Unable to read metadata cache entry [8f]
[  102.797269][ T6975] SQUASHFS error: Unable to read inode 0x11f
[  102.858155][    T9] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  102.861893][    T9] asix 2-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  102.868374][    T9] asix 2-1:0.0: probe with driver asix failed with error -71
[  102.890922][    T9] usb 2-1: USB disconnect, device number 4
[  102.938912][ T6979] sg_read: process 311 (syz.0.432) changed security contexts after opening file descriptor, this is not allowed.
[  103.235219][ T6990] loop0: detected capacity change from 0 to 2048
[  103.691872][ T6990] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.007231][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.162744][ T7010] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  104.169477][ T7010] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  104.260529][ T7012] loop1: detected capacity change from 0 to 4096
[  104.316902][ T7018] netlink: 'syz.0.448': attribute type 79 has an invalid length.
[  104.393476][ T7022] loop0: detected capacity change from 0 to 8
[  104.398998][ T7022] SQUASHFS error: lzo decompression failed, data probably corrupt
[  104.403252][ T7022] SQUASHFS error: Failed to read block 0x82: -5
[  104.405740][ T7022] SQUASHFS error: Unable to read metadata cache entry [80]
[  104.408709][ T7022] SQUASHFS error: Unable to read inode 0x11f
[  104.667199][ T7036] netlink: 'syz.0.457': attribute type 1 has an invalid length.
[  104.670684][ T7036] netlink: 88 bytes leftover after parsing attributes in process `syz.0.457'.
[  104.897985][ T7059] loop0: detected capacity change from 0 to 8
[  105.274308][    T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  105.276915][   T33] audit: type=1800 audit(1755038329.360:9): pid=7067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.469" name="file1" dev="loop0" ino=5 res=0 errno=0
[  105.444314][    T9] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  105.447440][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  105.457695][    T9] usb 2-1: config 0 descriptor??
[  105.461239][    T9] gspca_main: cpia1-2.14.0 probing 0813:0001
[  105.871870][    T9] cpia1 2-1:0.0: unexpected state after lo power cmd: 00
[  106.179481][ T7084] loop0: detected capacity change from 0 to 4096
[  106.220088][ T7087] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  106.274562][    T9] gspca_cpia1: usb_control_msg 02, error -71
[  106.277501][    T9] gspca_cpia1: usb_control_msg 05, error -71
[  106.279518][    T9] cpia1 2-1:0.0: unexpected systemstate: 00
[  106.285856][    T9] usb 2-1: USB disconnect, device number 5
[  106.294211][ T7091] fuse: Bad value for 'fd'
[  106.834665][ T7125] loop1: detected capacity change from 0 to 256
[  106.857734][ T7125] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  107.002348][ T5885] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  107.442341][ T5885] usb 1-1: Using ep0 maxpacket: 8
[  107.446951][ T5885] usb 1-1: config index 0 descriptor too short (expected 6427, got 27)
[  107.449652][ T5885] usb 1-1: config 0 has an invalid interface number: 21 but max is 0
[  107.452633][ T5885] usb 1-1: config 0 has no interface number 0
[  107.455618][ T5885] usb 1-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  107.459841][ T5885] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  107.463971][ T5885] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  107.469170][ T5885] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  107.473723][ T5885] usb 1-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  107.477340][ T5885] usb 1-1: Product: syz
[  107.486841][ T5885] usb 1-1: config 0 descriptor??
[  107.492493][ T7121] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  108.111566][ T5885] usb 1-1: USB disconnect, device number 5
[  108.597010][ T7156] netlink: 'syz.1.511': attribute type 10 has an invalid length.
[  108.721940][ T7162] netlink: 4 bytes leftover after parsing attributes in process `syz.1.514'.
[  109.357493][ T7177] netlink: 24 bytes leftover after parsing attributes in process `syz.2.520'.
[  110.023817][   T33] audit: type=1800 audit(1755038334.190:10): pid=7194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.529" name="/" dev="9p" ino=14355223812286978 res=0 errno=0
[  112.021816][ T7241] loop1: detected capacity change from 0 to 8
[  112.039163][ T7241] SQUASHFS error: lzo decompression failed, data probably corrupt
[  112.041935][ T7241] SQUASHFS error: Failed to read block 0x144: -5
[  112.044303][ T7241] SQUASHFS error: Unable to read metadata cache entry [142]
[  112.046600][ T7241] SQUASHFS error: Unable to read inode 0x11f
[  112.380610][ T7247] binder: 7246:7247 ioctl c0306201 200000000280 returned -14
[  112.971203][ T7257] loop1: detected capacity change from 0 to 512
[  113.036956][ T7257] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.053021][ T7257] ext4 filesystem being mounted at /190/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  113.135237][ T7257] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.551: corrupted xattr block 33: invalid ea_ino
[  113.162905][ T7257] EXT4-fs (loop1): Remounting filesystem read-only
[  113.233783][ T5855] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.240047][ T7165] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  113.244313][ T7165] Quota error (device loop1): write_blk: dquota write failed
[  113.246726][ T7165] Quota error (device loop1): remove_free_dqentry: Can't write block (5) with free entries
[  113.249847][ T7165] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  113.254466][ T7165] Quota error (device loop1): write_blk: dquota write failed
[  113.256824][ T7165] Quota error (device loop1): free_dqentry: Can't move quota data block (5) to free list
[  113.260000][ T7165] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  113.266863][ T7165] Quota error (device loop1): v2_write_file_info: Can't write info structure
[  113.935092][ T7281] warning: `syz.0.561' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  114.007960][ T7284] loop1: detected capacity change from 0 to 128
[  114.315134][ T7299] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  114.318698][ T7299] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  114.340814][ T7301] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma?
[  114.394757][ T7303] netlink: 'syz.0.572': attribute type 2 has an invalid length.
[  114.533402][ T7293] loop1: detected capacity change from 0 to 40427
[  114.553528][ T7293] F2FS-fs (loop1): build fault injection rate: 14
[  114.556189][ T7293] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  114.571926][ T7293] F2FS-fs (loop1): invalid crc value
[  114.585644][    C0] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  114.600252][    C0] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  114.646994][ T7293] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  114.650389][ T7293] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  114.657329][ T7293] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  114.678775][ T7293] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  114.688702][ T7293] F2FS-fs (loop1): inject dquot initialize in f2fs_dquot_initialize of f2fs_mknod+0x155/0x5d0
[  114.692219][  T123] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  114.697381][ T7293] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  114.727942][ T5855] F2FS-fs (loop1): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0xab1/0x1cf0
[  114.734326][ T5855] F2FS-fs (loop1): inconsistent node block, node_type:0, nid:15, node_footer[nid:15,ino:3,ofs:521732,cpver:0,blkaddr:0]
[  114.743712][ T5855] syz-executor: attempt to access beyond end of device
[  114.743712][ T5855] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  114.750342][ T5855] CPU: 0 UID: 0 PID: 5855 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  114.750362][ T5855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  114.750371][ T5855] Call Trace:
[  114.750378][ T5855]  <TASK>
[  114.750386][ T5855]  dump_stack_lvl+0x189/0x250
[  114.750412][ T5855]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.750431][ T5855]  ? __pfx_queue_work_on+0x10/0x10
[  114.750444][ T5855]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  114.750460][ T5855]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  114.750492][ T5855]  f2fs_handle_critical_error+0x37c/0x540
[  114.750516][ T5855]  f2fs_write_end_io+0x886/0xb60
[  114.750546][ T5855]  __submit_merged_bio+0x27a/0x6a0
[  114.750568][ T5855]  __submit_merged_write_cond+0x255/0x530
[  114.750591][ T5855]  f2fs_write_data_pages+0x261d/0x3000
[  114.750641][ T5855]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  114.750708][ T5855]  ? folios_put_refs+0x559/0x640
[  114.750733][ T5855]  ? __pfx_folios_put_refs+0x10/0x10
[  114.750747][ T5855]  ? rcu_is_watching+0x15/0xb0
[  114.750770][ T5855]  ? __lock_acquire+0xab9/0xd20
[  114.750807][ T5855]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  114.750827][ T5855]  do_writepages+0x32e/0x550
[  114.750857][ T5855]  ? do_raw_spin_unlock+0x4d/0x240
[  114.750880][ T5855]  filemap_fdatawrite+0x199/0x240
[  114.750901][ T5855]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  114.750958][ T5855]  ? do_raw_spin_unlock+0x4d/0x240
[  114.750977][ T5855]  f2fs_sync_dirty_inodes+0x31f/0x830
[  114.751008][ T5855]  f2fs_write_checkpoint+0x95a/0x1df0
[  114.751040][ T5855]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  114.751093][ T5855]  ? kill_f2fs_super+0x298/0x6c0
[  114.751147][ T5855]  kill_f2fs_super+0x2c3/0x6c0
[  114.751173][ T5855]  ? __pfx_kill_f2fs_super+0x10/0x10
[  114.751191][ T5855]  ? radix_tree_delete_item+0x2b6/0x400
[  114.751213][ T5855]  ? shrinker_free+0x2ce/0x3e0
[  114.751230][ T5855]  deactivate_locked_super+0xbc/0x130
[  114.751248][ T5855]  cleanup_mnt+0x425/0x4c0
[  114.751263][ T5855]  ? lockdep_hardirqs_on+0x9c/0x150
[  114.751284][ T5855]  task_work_run+0x1d4/0x260
[  114.751306][ T5855]  ? __pfx_task_work_run+0x10/0x10
[  114.751322][ T5855]  ? __x64_sys_umount+0x122/0x160
[  114.751345][ T5855]  ? exit_to_user_mode_loop+0x40/0x110
[  114.751368][ T5855]  exit_to_user_mode_loop+0xec/0x110
[  114.751388][ T5855]  do_syscall_64+0x2bd/0x3b0
[  114.751404][ T5855]  ? lockdep_hardirqs_on+0x9c/0x150
[  114.751419][ T5855]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.751434][ T5855]  ? exc_page_fault+0x9f/0xf0
[  114.751452][ T5855]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.751465][ T5855] RIP: 0033:0x7fe028f8ff17
[  114.751504][ T5855] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  114.751515][ T5855] RSP: 002b:00007ffd60369868 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  114.751531][ T5855] RAX: 0000000000000000 RBX: 00007fe029011c05 RCX: 00007fe028f8ff17
[  114.751540][ T5855] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd60369920
[  114.751547][ T5855] RBP: 00007ffd60369920 R08: 0000000000000000 R09: 0000000000000000
[  114.751554][ T5855] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd6036a9b0
[  114.751562][ T5855] R13: 00007fe029011c05 R14: 000000000001bfa2 R15: 00007ffd6036a9f0
[  114.751586][ T5855]  </TASK>
[  114.751592][ T5855] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  114.972207][  T123] usb 1-1: Using ep0 maxpacket: 16
[  114.976699][  T123] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  114.980684][  T123] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  114.996761][  T123] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  115.000404][  T123] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.006741][  T123] usb 1-1: Product: syz
[  115.008492][  T123] usb 1-1: Manufacturer: syz
[  115.010379][  T123] usb 1-1: SerialNumber: syz
[  115.200616][ T7325] netlink: 20 bytes leftover after parsing attributes in process `syz.2.581'.
[  115.252540][  T123] usb 1-1: 0:2 : does not exist
[  115.288187][  T123] usb 1-1: USB disconnect, device number 6
[  115.377016][ T5857] udevd[5857]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  115.483631][ T7339] trusted_key: encrypted_key: insufficient parameters specified
[  116.025318][ T7354] netlink: 'syz.0.594': attribute type 2 has an invalid length.
[  116.027880][ T7354] netlink: 132 bytes leftover after parsing attributes in process `syz.0.594'.
[  116.066225][ T7356] loop0: detected capacity change from 0 to 256
[  116.085190][ T7356] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xecfd5def, utbl_chksum : 0xe619d30d)
[  116.501916][ T7376] netlink: 40 bytes leftover after parsing attributes in process `syz.2.604'.
[  116.824666][ T7390] netlink: 12 bytes leftover after parsing attributes in process `syz.2.611'.
[  116.828267][ T7390] netlink: 12 bytes leftover after parsing attributes in process `syz.2.611'.
[  117.742223][   T47] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  117.908675][   T47] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  117.913783][   T47] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 217
[  117.918032][   T47] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  117.921953][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.946950][   T47] usb 1-1: config 0 descriptor??
[  117.951063][ T7402] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  118.184719][   T47] ath6kl: Failed to submit usb control message: -71
[  118.187720][   T47] ath6kl: unable to send the bmi data to the device: -71
[  118.190829][   T47] ath6kl: Unable to send get target info: -71
[  118.199539][   T47] ath6kl: Failed to init ath6kl core: -71
[  118.203253][   T47] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  118.218665][   T47] usb 1-1: USB disconnect, device number 7
[  118.505666][ T7416] loop1: detected capacity change from 0 to 64
[  118.589718][ T7419] netlink: 'syz.1.623': attribute type 10 has an invalid length.
[  118.595307][ T7419] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  119.086765][ T7441] ==================================================================
[  119.090040][ T7441] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x570/0xf30
[  119.092953][ T7441] Read of size 4 at addr ffff8880290f8544 by task syz.1.634/7441
[  119.097021][ T7441] 
[  119.098021][ T7441] CPU: 1 UID: 0 PID: 7441 Comm: syz.1.634 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  119.098042][ T7441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  119.098051][ T7441] Call Trace:
[  119.098059][ T7441]  <TASK>
[  119.098068][ T7441]  dump_stack_lvl+0x189/0x250
[  119.098092][ T7441]  ? __kasan_check_byte+0x12/0x40
[  119.098116][ T7441]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.098133][ T7441]  ? lock_release+0x4b/0x3e0
[  119.098157][ T7441]  ? __virt_addr_valid+0x4a5/0x5c0
[  119.098176][ T7441]  print_report+0xca/0x240
[  119.098190][ T7441]  ? xfrm_alloc_spi+0x570/0xf30
[  119.098218][ T7441]  kasan_report+0x118/0x150
[  119.098240][ T7441]  ? xfrm_alloc_spi+0x570/0xf30
[  119.098263][ T7441]  xfrm_alloc_spi+0x570/0xf30
[  119.098284][ T7441]  ? xfrm_alloc_spi+0x2a0/0xf30
[  119.098309][ T7441]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  119.098328][ T7441]  ? xfrm_find_acq+0x87/0xa0
[  119.098350][ T7441]  xfrm_alloc_userspi+0x70b/0xc90
[  119.098368][ T7441]  ? apparmor_capable+0x137/0x1b0
[  119.098382][ T7441]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  119.098397][ T7441]  ? __nla_parse+0x40/0x60
[  119.098417][ T7441]  xfrm_user_rcv_msg+0x7a3/0xab0
[  119.098433][ T7441]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  119.098457][ T7441]  ? __pfx___mutex_trylock_common+0x10/0x10
[  119.098474][ T7441]  ? rcu_is_watching+0x15/0xb0
[  119.098488][ T7441]  ? trace_contention_end+0x39/0x120
[  119.098502][ T7441]  ? __mutex_lock+0x335/0x1360
[  119.098522][ T7441]  netlink_rcv_skb+0x208/0x470
[  119.098540][ T7441]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  119.098554][ T7441]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  119.098576][ T7441]  ? netlink_deliver_tap+0x2e/0x1b0
[  119.098593][ T7441]  ? netlink_deliver_tap+0x2e/0x1b0
[  119.098610][ T7441]  xfrm_netlink_rcv+0x79/0x90
[  119.098622][ T7441]  netlink_unicast+0x82f/0x9e0
[  119.098640][ T7441]  ? __pfx_netlink_unicast+0x10/0x10
[  119.098655][ T7441]  ? netlink_sendmsg+0x642/0xb30
[  119.098671][ T7441]  ? skb_put+0x11b/0x210
[  119.098690][ T7441]  netlink_sendmsg+0x805/0xb30
[  119.098741][ T7441]  ? __pfx_netlink_sendmsg+0x10/0x10
[  119.098761][ T7441]  ? aa_sock_msg_perm+0xf1/0x1d0
[  119.098781][ T7441]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  119.098797][ T7441]  ? __pfx_netlink_sendmsg+0x10/0x10
[  119.098815][ T7441]  __sock_sendmsg+0x21c/0x270
[  119.098832][ T7441]  ____sys_sendmsg+0x505/0x830
[  119.098853][ T7441]  ? __pfx_____sys_sendmsg+0x10/0x10
[  119.098875][ T7441]  ? import_iovec+0x74/0xa0
[  119.098889][ T7441]  ___sys_sendmsg+0x21f/0x2a0
[  119.098908][ T7441]  ? __pfx____sys_sendmsg+0x10/0x10
[  119.098939][ T7441]  ? __fget_files+0x2a/0x420
[  119.098959][ T7441]  ? __fget_files+0x3a0/0x420
[  119.098982][ T7441]  __x64_sys_sendmsg+0x19b/0x260
[  119.099003][ T7441]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  119.099027][ T7441]  ? rcu_is_watching+0x15/0xb0
[  119.099042][ T7441]  ? do_syscall_64+0xbe/0x3b0
[  119.099062][ T7441]  do_syscall_64+0xfa/0x3b0
[  119.099078][ T7441]  ? lockdep_hardirqs_on+0x9c/0x150
[  119.099094][ T7441]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.099109][ T7441]  ? exc_page_fault+0x9f/0xf0
[  119.099125][ T7441]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.099139][ T7441] RIP: 0033:0x7fe028f8ebe9
[  119.099153][ T7441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.099167][ T7441] RSP: 002b:00007fe029d55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  119.099184][ T7441] RAX: ffffffffffffffda RBX: 00007fe0291b5fa0 RCX: 00007fe028f8ebe9
[  119.099195][ T7441] RDX: 0000000000000000 RSI: 0000200000001580 RDI: 0000000000000003
[  119.099210][ T7441] RBP: 00007fe029011e19 R08: 0000000000000000 R09: 0000000000000000
[  119.099219][ T7441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  119.099228][ T7441] R13: 00007fe0291b6038 R14: 00007fe0291b5fa0 R15: 00007ffd6036a5d8
[  119.099245][ T7441]  </TASK>
[  119.099251][ T7441] 
[  119.248735][ T7441] Allocated by task 6450:
[  119.250477][ T7441]  kasan_save_track+0x3e/0x80
[  119.252383][ T7441]  __kasan_slab_alloc+0x6c/0x80
[  119.254351][ T7441]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  119.256525][ T7441]  xfrm_state_alloc+0x24/0x2f0
[  119.258453][ T7441]  __find_acq_core+0x8a7/0x1c00
[  119.260426][ T7441]  xfrm_find_acq+0x78/0xa0
[  119.262218][ T7441]  xfrm_alloc_userspi+0x6b3/0xc90
[  119.264246][ T7441]  xfrm_user_rcv_msg+0x7a3/0xab0
[  119.266232][ T7441]  netlink_rcv_skb+0x208/0x470
[  119.268117][ T7441]  xfrm_netlink_rcv+0x79/0x90
[  119.269992][ T7441]  netlink_unicast+0x82f/0x9e0
[  119.271917][ T7441]  netlink_sendmsg+0x805/0xb30
[  119.273797][ T7441]  __sock_sendmsg+0x21c/0x270
[  119.275646][ T7441]  ____sys_sendmsg+0x505/0x830
[  119.277561][ T7441]  ___sys_sendmsg+0x21f/0x2a0
[  119.279439][ T7441]  __x64_sys_sendmsg+0x19b/0x260
[  119.281455][ T7441]  do_syscall_64+0xfa/0x3b0
[  119.283301][ T7441]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.285576][ T7441] 
[  119.286537][ T7441] Freed by task 5885:
[  119.288087][ T7441]  kasan_save_track+0x3e/0x80
[  119.289944][ T7441]  kasan_save_free_info+0x46/0x50
[  119.291887][ T7441]  __kasan_slab_free+0x5b/0x80
[  119.293817][ T7441]  kmem_cache_free+0x18f/0x400
[  119.295724][ T7441]  xfrm_state_gc_task+0x52d/0x6b0
[  119.297747][ T7441]  process_scheduled_works+0xae1/0x17b0
[  119.299963][ T7441]  worker_thread+0x8a0/0xda0
[  119.301777][ T7441]  kthread+0x711/0x8a0
[  119.303364][ T7441]  ret_from_fork+0x3fc/0x770
[  119.305156][ T7441]  ret_from_fork_asm+0x1a/0x30
[  119.307074][ T7441] 
[  119.308049][ T7441] The buggy address belongs to the object at ffff8880290f8480
[  119.308049][ T7441]  which belongs to the cache xfrm_state of size 928
[  119.313491][ T7441] The buggy address is located 196 bytes inside of
[  119.313491][ T7441]  freed 928-byte region [ffff8880290f8480, ffff8880290f8820)
[  119.318887][ T7441] 
[  119.319879][ T7441] The buggy address belongs to the physical page:
[  119.322442][ T7441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880290f8900 pfn:0x290f8
[  119.326443][ T7441] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  119.329787][ T7441] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  119.332806][ T7441] page_type: f5(slab)
[  119.334413][ T7441] raw: 00fff00000000040 ffff88810542f3c0 dead000000000122 0000000000000000
[  119.337792][ T7441] raw: ffff8880290f8900 00000000800e000b 00000000f5000000 0000000000000000
[  119.341174][ T7441] head: 00fff00000000040 ffff88810542f3c0 dead000000000122 0000000000000000
[  119.344536][ T7441] head: ffff8880290f8900 00000000800e000b 00000000f5000000 0000000000000000
[  119.348018][ T7441] head: 00fff00000000002 ffffea0000a43e01 00000000ffffffff 00000000ffffffff
[  119.351487][ T7441] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  119.354933][ T7441] page dumped because: kasan: bad access detected
[  119.357509][ T7441] page_owner tracks the page as allocated
[  119.359788][ T7441] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6084, tgid 6083 (syz.1.69), ts 73325074611, free_ts 72317976264
[  119.367105][ T7441]  post_alloc_hook+0x240/0x2a0
[  119.369035][ T7441]  get_page_from_freelist+0x21e4/0x22c0
[  119.371241][ T7441]  __alloc_frozen_pages_noprof+0x181/0x370
[  119.373573][ T7441]  alloc_pages_mpol+0x232/0x4a0
[  119.375540][ T7441]  allocate_slab+0x8a/0x370
[  119.377383][ T7441]  ___slab_alloc+0xbeb/0x1410
[  119.379310][ T7441]  kmem_cache_alloc_noprof+0x283/0x3c0
[  119.381505][ T7441]  xfrm_state_alloc+0x24/0x2f0
[  119.383436][ T7441]  xfrm_add_sa+0x17d1/0x4070
[  119.385306][ T7441]  xfrm_user_rcv_msg+0x7a3/0xab0
[  119.387286][ T7441]  netlink_rcv_skb+0x208/0x470
[  119.389168][ T7441]  xfrm_netlink_rcv+0x79/0x90
[  119.391063][ T7441]  netlink_unicast+0x82f/0x9e0
[  119.392993][ T7441]  netlink_sendmsg+0x805/0xb30
[  119.394944][ T7441]  __sock_sendmsg+0x21c/0x270
[  119.396851][ T7441]  ____sys_sendmsg+0x505/0x830
[  119.398796][ T7441] page last free pid 6053 tgid 6053 stack trace:
[  119.401335][ T7441]  __free_frozen_pages+0xbc4/0xd30
[  119.403382][ T7441]  __slab_free+0x303/0x3c0
[  119.405085][ T7441]  qlist_free_all+0x97/0x140
[  119.406978][ T7441]  kasan_quarantine_reduce+0x148/0x160
[  119.409131][ T7441]  __kasan_slab_alloc+0x22/0x80
[  119.411032][ T7441]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  119.413319][ T7441]  shmem_alloc_inode+0x28/0x40
[  119.415223][ T7441]  alloc_inode+0x6a/0x1b0
[  119.416983][ T7441]  new_inode+0x22/0x170
[  119.418659][ T7441]  shmem_get_inode+0x346/0xe90
[  119.420623][ T7441]  shmem_symlink+0xa3/0x510
[  119.422450][ T7441]  vfs_symlink+0x143/0x2f0
[  119.424237][ T7441]  do_symlinkat+0x1b1/0x3f0
[  119.426076][ T7441]  __x64_sys_symlinkat+0x95/0xb0
[  119.428065][ T7441]  do_syscall_64+0xfa/0x3b0
[  119.429902][ T7441]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.432258][ T7441] 
[  119.433238][ T7441] Memory state around the buggy address:
[  119.435491][ T7441]  ffff8880290f8400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  119.438617][ T7441]  ffff8880290f8480: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.441747][ T7441] >ffff8880290f8500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.445094][ T7441]                                            ^
[  119.447567][ T7441]  ffff8880290f8580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.450720][ T7441]  ffff8880290f8600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.453984][ T7441] ==================================================================
[  119.457552][ T7441] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  119.460450][ T7441] CPU: 1 UID: 0 PID: 7441 Comm: syz.1.634 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  119.465410][ T7441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  119.469294][ T7441] Call Trace:
[  119.470646][ T7441]  <TASK>
[  119.471814][ T7441]  dump_stack_lvl+0x99/0x250
[  119.473668][ T7441]  ? __asan_memcpy+0x40/0x70
[  119.475550][ T7441]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.477631][ T7441]  ? __pfx__printk+0x10/0x10
[  119.479522][ T7441]  vpanic+0x281/0x750
[  119.481171][ T7441]  ? __pfx_vpanic+0x10/0x10
[  119.483021][ T7441]  ? irqentry_exit+0x74/0x90
[  119.484893][ T7441]  panic+0xb9/0xc0
[  119.486412][ T7441]  ? __pfx_panic+0x10/0x10
[  119.488141][ T7441]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  119.490440][ T7441]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  119.492819][ T7441]  ? xfrm_alloc_spi+0x570/0xf30
[  119.494773][ T7441]  check_panic_on_warn+0x89/0xb0
[  119.496785][ T7441]  ? xfrm_alloc_spi+0x570/0xf30
[  119.498756][ T7441]  end_report+0x78/0x160
[  119.500462][ T7441]  kasan_report+0x129/0x150
[  119.502293][ T7441]  ? xfrm_alloc_spi+0x570/0xf30
[  119.504280][ T7441]  xfrm_alloc_spi+0x570/0xf30
[  119.506151][ T7441]  ? xfrm_alloc_spi+0x2a0/0xf30
[  119.508119][ T7441]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  119.510204][ T7441]  ? xfrm_find_acq+0x87/0xa0
[  119.512087][ T7441]  xfrm_alloc_userspi+0x70b/0xc90
[  119.514123][ T7441]  ? apparmor_capable+0x137/0x1b0
[  119.516091][ T7441]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  119.518264][ T7441]  ? __nla_parse+0x40/0x60
[  119.520097][ T7441]  xfrm_user_rcv_msg+0x7a3/0xab0
[  119.522082][ T7441]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  119.524287][ T7441]  ? __pfx___mutex_trylock_common+0x10/0x10
[  119.526643][ T7441]  ? rcu_is_watching+0x15/0xb0
[  119.528573][ T7441]  ? trace_contention_end+0x39/0x120
[  119.530703][ T7441]  ? __mutex_lock+0x335/0x1360
[  119.532628][ T7441]  netlink_rcv_skb+0x208/0x470
[  119.534484][ T7441]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  119.536705][ T7441]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  119.538837][ T7441]  ? netlink_deliver_tap+0x2e/0x1b0
[  119.540890][ T7441]  ? netlink_deliver_tap+0x2e/0x1b0
[  119.542984][ T7441]  xfrm_netlink_rcv+0x79/0x90
[  119.544873][ T7441]  netlink_unicast+0x82f/0x9e0
[  119.546816][ T7441]  ? __pfx_netlink_unicast+0x10/0x10
[  119.548911][ T7441]  ? netlink_sendmsg+0x642/0xb30
[  119.550897][ T7441]  ? skb_put+0x11b/0x210
[  119.552606][ T7441]  netlink_sendmsg+0x805/0xb30
[  119.554531][ T7441]  ? __pfx_netlink_sendmsg+0x10/0x10
[  119.556664][ T7441]  ? aa_sock_msg_perm+0xf1/0x1d0
[  119.558698][ T7441]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  119.560836][ T7441]  ? __pfx_netlink_sendmsg+0x10/0x10
[  119.562962][ T7441]  __sock_sendmsg+0x21c/0x270
[  119.564848][ T7441]  ____sys_sendmsg+0x505/0x830
[  119.566774][ T7441]  ? __pfx_____sys_sendmsg+0x10/0x10
[  119.568896][ T7441]  ? import_iovec+0x74/0xa0
[  119.570726][ T7441]  ___sys_sendmsg+0x21f/0x2a0
[  119.572617][ T7441]  ? __pfx____sys_sendmsg+0x10/0x10
[  119.574738][ T7441]  ? __fget_files+0x2a/0x420
[  119.576569][ T7441]  ? __fget_files+0x3a0/0x420
[  119.578455][ T7441]  __x64_sys_sendmsg+0x19b/0x260
[  119.580426][ T7441]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  119.582607][ T7441]  ? rcu_is_watching+0x15/0xb0
[  119.584524][ T7441]  ? do_syscall_64+0xbe/0x3b0
[  119.586417][ T7441]  do_syscall_64+0xfa/0x3b0
[  119.588255][ T7441]  ? lockdep_hardirqs_on+0x9c/0x150
[  119.590353][ T7441]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.592796][ T7441]  ? exc_page_fault+0x9f/0xf0
[  119.594695][ T7441]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.596981][ T7441] RIP: 0033:0x7fe028f8ebe9
[  119.598771][ T7441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.606326][ T7441] RSP: 002b:00007fe029d55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  119.609563][ T7441] RAX: ffffffffffffffda RBX: 00007fe0291b5fa0 RCX: 00007fe028f8ebe9
[  119.612694][ T7441] RDX: 0000000000000000 RSI: 0000200000001580 RDI: 0000000000000003
[  119.615824][ T7441] RBP: 00007fe029011e19 R08: 0000000000000000 R09: 0000000000000000
[  119.618958][ T7441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  119.622115][ T7441] R13: 00007fe0291b6038 R14: 00007fe0291b5fa0 R15: 00007ffd6036a5d8
[  119.625254][ T7441]  </TASK>
[  119.627160][ T7441] Kernel Offset: disabled
[  119.628934][ T7441] Rebooting in 86400 seconds..

VM DIAGNOSIS:
22:39:03  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffff88801caa0000 RCX=19ff406d3b0c3700 RDX=0000000000000006
RSI=ffffffff8dba33cb RDI=ffffffff8b7b2e95 RBP=ffffc900001ef670 RSP=ffffc900001ef5b8
R8 =ffffffff8fa34237 R9 =1ffffffff1f46846 R10=dffffc0000000000 R11=fffffbfff1f46847
R12=dffffc0000000000 R13=ffff888033c4e428 R14=ffffffff99d3f740 R15=1ffff9200003debc
RIP=ffffffff8b7898d7 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8624000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32623ff8 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007ff7c1f87498 00007ff7c1f87470 XMM03=00007ff7c1f874a8 00007ff7c1f874a0
XMM04=00007ff7c2aed100 00007ff7c1f87460 XMM05=00007ff7c1f87478 00007ff7c1f874c0
XMM06=00007ff7c1f874b8 00007ff7c1f874b0 XMM07=00007ff7c1f874a8 00007ff7c1f874a0
XMM08=0000000000000000 00007ff7c1e12ee7 XMM09=0000000000000000 00007ff7c1e12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000034 RBX=0000000000000034 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000013cd RDI=00000000000013ce RBP=00000000000003f8 RSP=ffffc90002cae9f0
R8 =ffff888106b18237 R9 =1ffff11020d63046 R10=dffffc0000000000 R11=ffffffff854e72a0
R12=dffffc0000000000 R13=ffffffff99af1913 R14=ffffffff99de64e0 R15=0000000000000000
RIP=ffffffff854e731c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fe029d556c0 ffffffff 00c00000
GS =0000 ffff8881a3c24000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000140 CR3=00000001086f2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fe029187498 00007fe029187470 XMM03=00007fe0291874a8 00007fe0291874a0
XMM04=00007fe029ced100 00007fe029187460 XMM05=00007fe029187478 00007fe0291874c0
XMM06=00007fe0291874b8 00007fe0291874b0 XMM07=00007fe0291874a8 00007fe0291874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fe029012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
