last executing test programs:

3m25.799568649s ago: executing program 0 (id=1438):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0f00000004000000080000010eb78ef200000000", @ANYRES32, @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
open_tree(0xffffffffffffffff, 0x0, 0x80000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x9)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000080)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff)
keyctl$KEYCTL_WATCH_KEY(0x6, r3, 0xffffffffffffffff, 0xfffffffdfffffffc)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x480, @loopback}})
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x4e21, @empty}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00'}, 0x10)
sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2)
dup(r5)

3m24.892499362s ago: executing program 0 (id=1468):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
setsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000080)=0x1, 0x4)

3m24.768133652s ago: executing program 0 (id=1469):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}, 0x3e6}, {{0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f00000002c0)=""/142, 0x8e}], 0x2}, 0x3fc}], 0x2, 0x2101, 0x0)

3m24.557312503s ago: executing program 0 (id=1470):
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000040)={[{@grpquota}]}, 0x1, 0xbac, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy")
r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
write$binfmt_register(r0, &(0x7f0000000140)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x2007, 0x3a, '\r', 0x3a, '\x84\xa3\xea\xd6O\x89|\xeb\x80\xf0\xe96\xf4`&\xd4E\xe7L\x82n;H\xd8\xdf\x9a, \\E\xd4\xab\x1ed', 0x3a, './file2', 0x3a, [0x46]}, 0x4b)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1258438, &(0x7f0000000f80)=ANY=[], 0xb, 0x0, &(0x7f0000000000))

3m24.317304293s ago: executing program 0 (id=1471):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)

3m24.036687474s ago: executing program 0 (id=1472):
syz_mount_image$ocfs2(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000200)=ANY=[@ANYBLOB="61636c2c6e6f696e74722c6174696d655f7175616e74756d3d30303030303030303030303030303030303030372c6c6f63616c666c6f636b732c6c6f63616c616c6c6f633d2d303030303030303030303030303030303030332c6c6f63616c666c6f636b732c696e74722c6865617274626561743d6e6f6e652c0024855616ead4c7dc9e9da093713b0e6a6e67e1af8e4f5d7cbff1185218b41bcefa2f4f3bb8212051258a0a6168526c8eef9d759bbb36a4b49ff8042320899ca9b6e9fa68a0abe364e0e2d46408f18da37d557aa1ebb8aa29451a584f1980dc3f7bd97f6a0446b8957872e51c2adf98e1acff806babdc9d58bc06d6d0b19476862cebe64cafbc00aaa5a069852602786f40bf6a1bf7594e171d16ced9409b168ef591c2f5b676a2eb18e8a3b91275fd4467aea2037bd9790e240137bc7c80cc99e9dd"], 0x1, 0x444a, &(0x7f0000008c00)="$eJzs3c9PXNUeAPBzB/oKff0BfV30JS95k/eavJf3DIEmJipNpJSWQos11TbGzXSAaYsOTAODcdEF7pq4MnHRuGg0cceqYeG2/gluXNZ1E124MTFpxMzMHeBeZmTEGRD9fBYc7vl1v8x37p1zF8PJxMp355ayc0vZ/EK2NHN76Wz2vVJxeb4QMnuk4fkP7d35aU0n3if7/d77M7t24dIbN8+G8OXs18/W19fXQ0V3aGhoy+8/fH9/ZmtZl0mNqczbeLZ2eTuEcGpbXBVdIYS3vgghCiGcj+tG47I3hHAs1Npu3v/wVrZN0Tx+WjiXez71YG34zOTqo7Xmf3sUwifFv79wZ/7bf3cNf/O/Np0eAAAAAAAAAAAAAAAAAIADbvz6tRuvDw6FJ1HoXo22f193PC6bfT92vW3+2fk/FgAAAAAAAAAAAAAAAAAAAH6nNr//n41ONvj+/1hcjjQZv/5q52OkcyZeuzZ2cXAo3v892mw4USteiqu+O98V+hvs+57e//18av7G+79HbYu/Hl/9vH0hygwkjjOZgYEQPos3fj8dHckUS0vl/98uLS/Mti2MAyuZ/9ru/YnsxBv6t5r/0dT8nd///2/b3k2V41upysOdDeLASua/q2m/zz+Idsh/puG4vcg/u5fMf3e1rndrh5FaXiv5/6h75+t/LDX/rvP/4i83Hw8hZKNKrNnEHaCyhqnUN1uvkJTM/6FqXeLWGb+Qza7/H1P5v5iaf7/u/yvpDyIaSub/L9W6nkSPzeu/P7Pz9X8pNf9+5L8S/0r7lph/aMn8x6uk7kSX6ivZ6v1/PDV/p/J/IxPHeTxKvANWo1p9s/9XR1Iy/z3b2jef/zItrf8vp8bv1fNf/bz157/67f+/Ue35j8aS+e9t2q/V638iNa7T9/+R6vqP3Urm/0i1Lrl27qv+bDX/k6n5O5X/6qqkp57/zfvJT4dr9Z+OJnrSRDL/f61VJl6ylerP6vov2nn9fyU1fyr//+p5mH5C+K22r/8q8a9Ie0uS+T/atF8l/1+18Pl/NTVuS/63Ly7aZNBaf9eS+T/WtF/1+u/ZOf9TqXGd/vz/TycnBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgARuOyL0R9yeNMZmAghAvx8elwJJrOz+ami6WZd5dCGIvrs+FkdKdYms4Xc3MLpdlCLl8slmZCuBi3nwo90VKxVM7N5+9d2pirN7pbyC+Wpwv5cghhPK7/RzhWn2t6rjyfvxdCuLzRdiJTWrx3N7+Qm51bfGVwcHAwTGzE0B8V3i8XFsq1s9daQ5jcGNsXbQmu2nxlI5aj0Tul5cWFfLFaf3XLmGJpJl/cMmYqbvs49EflxeWFmXy5kCuW7tTPt59G4nJs4vqb168ObWu/FdXK0b0NCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBf6cnwyw9DCN21o0wIYaT+S9So/+OnhXO551MP1obPTK4+WnvWrB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MwOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVdukYJWIoCAPwvCcS7TyGVUg6SyOKaGFE8AR6DA+jR/ES3sHCwtZCFnYTNuwmEMKW39c8mJ/JDGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB5bp/a58eqjkhx8l/E8efr1/cwv+/e96vx/qOFcy8X9nFYdw/t9U1Vx+a/p738oiv9NHmd/v2+vcTI2/vYuZPtPRWDaj/ndHKvqXub2q+fexYplxHRdPl5yrks530LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMUOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UUfRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvwIAAP//uh8gVw==")

3m23.909841704s ago: executing program 32 (id=1472):
syz_mount_image$ocfs2(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000200)=ANY=[@ANYBLOB="61636c2c6e6f696e74722c6174696d655f7175616e74756d3d30303030303030303030303030303030303030372c6c6f63616c666c6f636b732c6c6f63616c616c6c6f633d2d303030303030303030303030303030303030332c6c6f63616c666c6f636b732c696e74722c6865617274626561743d6e6f6e652c0024855616ead4c7dc9e9da093713b0e6a6e67e1af8e4f5d7cbff1185218b41bcefa2f4f3bb8212051258a0a6168526c8eef9d759bbb36a4b49ff8042320899ca9b6e9fa68a0abe364e0e2d46408f18da37d557aa1ebb8aa29451a584f1980dc3f7bd97f6a0446b8957872e51c2adf98e1acff806babdc9d58bc06d6d0b19476862cebe64cafbc00aaa5a069852602786f40bf6a1bf7594e171d16ced9409b168ef591c2f5b676a2eb18e8a3b91275fd4467aea2037bd9790e240137bc7c80cc99e9dd"], 0x1, 0x444a, &(0x7f0000008c00)="$eJzs3c9PXNUeAPBzB/oKff0BfV30JS95k/eavJf3DIEmJipNpJSWQos11TbGzXSAaYsOTAODcdEF7pq4MnHRuGg0cceqYeG2/gluXNZ1E124MTFpxMzMHeBeZmTEGRD9fBYc7vl1v8x37p1zF8PJxMp355ayc0vZ/EK2NHN76Wz2vVJxeb4QMnuk4fkP7d35aU0n3if7/d77M7t24dIbN8+G8OXs18/W19fXQ0V3aGhoy+8/fH9/ZmtZl0mNqczbeLZ2eTuEcGpbXBVdIYS3vgghCiGcj+tG47I3hHAs1Npu3v/wVrZN0Tx+WjiXez71YG34zOTqo7Xmf3sUwifFv79wZ/7bf3cNf/O/Np0eAAAAAAAAAAAAAAAAAIADbvz6tRuvDw6FJ1HoXo22f193PC6bfT92vW3+2fk/FgAAAAAAAAAAAAAAAAAAAH6nNr//n41ONvj+/1hcjjQZv/5q52OkcyZeuzZ2cXAo3v892mw4USteiqu+O98V+hvs+57e//18av7G+79HbYu/Hl/9vH0hygwkjjOZgYEQPos3fj8dHckUS0vl/98uLS/Mti2MAyuZ/9ru/YnsxBv6t5r/0dT8nd///2/b3k2V41upysOdDeLASua/q2m/zz+Idsh/puG4vcg/u5fMf3e1rndrh5FaXiv5/6h75+t/LDX/rvP/4i83Hw8hZKNKrNnEHaCyhqnUN1uvkJTM/6FqXeLWGb+Qza7/H1P5v5iaf7/u/yvpDyIaSub/L9W6nkSPzeu/P7Pz9X8pNf9+5L8S/0r7lph/aMn8x6uk7kSX6ivZ6v1/PDV/p/J/IxPHeTxKvANWo1p9s/9XR1Iy/z3b2jef/zItrf8vp8bv1fNf/bz157/67f+/Ue35j8aS+e9t2q/V638iNa7T9/+R6vqP3Urm/0i1Lrl27qv+bDX/k6n5O5X/6qqkp57/zfvJT4dr9Z+OJnrSRDL/f61VJl6ylerP6vov2nn9fyU1fyr//+p5mH5C+K22r/8q8a9Ie0uS+T/atF8l/1+18Pl/NTVuS/63Ly7aZNBaf9eS+T/WtF/1+u/ZOf9TqXGd/vz/TycnBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgARuOyL0R9yeNMZmAghAvx8elwJJrOz+ami6WZd5dCGIvrs+FkdKdYms4Xc3MLpdlCLl8slmZCuBi3nwo90VKxVM7N5+9d2pirN7pbyC+Wpwv5cghhPK7/RzhWn2t6rjyfvxdCuLzRdiJTWrx3N7+Qm51bfGVwcHAwTGzE0B8V3i8XFsq1s9daQ5jcGNsXbQmu2nxlI5aj0Tul5cWFfLFaf3XLmGJpJl/cMmYqbvs49EflxeWFmXy5kCuW7tTPt59G4nJs4vqb168ObWu/FdXK0b0NCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBf6cnwyw9DCN21o0wIYaT+S9So/+OnhXO551MP1obPTK4+WnvWrB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MwOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVdukYJWIoCAPwvCcS7TyGVUg6SyOKaGFE8AR6DA+jR/ES3sHCwtZCFnYTNuwmEMKW39c8mJ/JDGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB5bp/a58eqjkhx8l/E8efr1/cwv+/e96vx/qOFcy8X9nFYdw/t9U1Vx+a/p738oiv9NHmd/v2+vcTI2/vYuZPtPRWDaj/ndHKvqXub2q+fexYplxHRdPl5yrks530LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMUOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UUfRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvwIAAP//uh8gVw==")

1.656926501s ago: executing program 3 (id=5340):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, <r2=>r0})
ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x7ffffffe)

1.561133524s ago: executing program 3 (id=5343):
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x8c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x8]}}]}}]}, 0x8c}}, 0x0)

1.560633495s ago: executing program 3 (id=5345):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_HANDLE(r3, 0x113, 0x3, 0x0, 0x0)
getsockopt$PNPIPE_HANDLE(r3, 0x113, 0x3, 0x0, &(0x7f00000000c0))

778.957486ms ago: executing program 1 (id=5357):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x403, 0xffffffff, 0x25dfdbfb, {0x0, 0x0, 0x74, 0x0, 0x54481, 0x5d407}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_IPTABLES={0x5}]}}}]}, 0x3c}}, 0x0)

778.472689ms ago: executing program 1 (id=5358):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32=r0, @ANYRES64=r1, @ANYRES64=0x0, @ANYRESHEX=r1], 0x20)

778.326798ms ago: executing program 1 (id=5359):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000001100)='./file1\x00', 0x0, &(0x7f0000000200)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@usrjquota}, {@errors_remount}, {@dioread_lock}, {@max_batch_time={'max_batch_time', 0x3d, 0x5}}, {@mblk_io_submit}, {@minixdf}, {@barrier_val}, {@nombcache}, {}]}, 0x45, 0x7b6, &(0x7f0000001140)="$eJzs3c9rG1ceAPDvyPLPZNdeWNjNngwLu4EQeZ31JruwsF72sBQaCLSnHpoYWTGpZStYcoiNaRNKoZdCW3prLzn356X02h+HXtr/oySkrROa0kNxGf2wZVtyrMSWkubzgYne07zRe995ozcvmrEUwBNrPP0nE3EsIl5PIkbrzycR0V9NZSOma+Xura/l0yWJjY1nvkuqZe6ur+WjaZvUkXrmjxHx+SsRJzK76y2vrM7PFIuFpXp+orJweaK8snry0sLMXGGusHh6cmrq1Jl/nDn9UOENN2d++Hr16K03/v/XD6Z/evkPH772RRLTcbS+rjmOgzIe4/V90p/uwm3+d9CV9czHL+6jUNMRkD3MxtChtGP66r1yLEajb6/+Ge5mywCAw/JSRGy009d2DQDwWEtq5///9LodAEC3ND4HuLu+lm8svf1Eortu/zcihobqudr1zVo6W79mN1S9DjpyN9l2ZSSJiLEDqH88It755Pn30iUO6TokQCvXrkfEhbHx3eN/suuehU79rfXTc82Z8R0rjX/QPZ+m859/tpr/ZTbnP9Fi/jPY4r37IO7//s/cPIBq2krnf/9uurftXlP8dWN99dxvqnO+/uTipWIhHdt+GxHHo38wzU/uUcfxOz/fabeuef73/ZsvvJvWnz5ulcjczA5u32Z2pjLzMDE3u3094k/ZVvGn4/9gtf+TNvPfc/X0wH3qeOpfr77dbl0afxpvY9kd/+HauBHxl5b9n2yWSfa8P3GiejhMNA6KFj6ajpF29Y9nt/o/XdL6G/8X6Ia0/0f2jn8sab5fs7zvl968W+yrG6OftSvUfPy3jr/18T+QPFtNN469qzOVytJkxEDy9O7nT21t28g3yqfxH/9z6/d/Y/xrcfw/l77+hX3uiOytb99/8PgPVxr/bEf933Eihu7N97Wrf3/9P7Vtm/2Mf/tt4IPuNwAAAAAAAAAAAAAAAAAAAAAAAADoRCYijkaSyW2mM5lcrvYb3r+PkUyxVK6cuFhaXpyN6m9lj0V/pvFVl6NN34c6Wf8+/Eb+1I783yPidxHx1uBwNZ/Ll4qzvQ4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqOtPn9/9Q3gzsK9/WihQDAoRhyYgeAJ02Szfa6CQBAtw11VHr40NoBAHRPZ+d/AODXwPkfAJ489zn/7/wzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjUubNn02Xjx/W1fJqfvbKyPF+6cnK2UJ7PLSznc/nS0uXcXKk0Vyzk8qWFti90rfZQLJUuT8Xi8tWJSqFcmSivrJ5fKC0vVs5fWpiZK5wv9HctMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYv/LK6vxMsVhYkuhJYv7LWj88Ku2R6CwR12r996i05+ASMbA1Sgz3ZnACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAz8EgAA//99gB7t")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

672.474253ms ago: executing program 1 (id=5360):
r0 = io_uring_setup(0xf08, &(0x7f0000000780)={0x0, 0xfb6e, 0x38c1, 0x4, 0xf0})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f000001d000/0x3000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68)
io_uring_register$IORING_REGISTER_FILES(r0, 0x20, &(0x7f0000000000)=[r0], 0x1)

672.234504ms ago: executing program 1 (id=5361):
syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x28000010)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, 0x0, 0x0)

672.120249ms ago: executing program 1 (id=5362):
bind$802154_dgram(0xffffffffffffffff, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000002300)='./file0\x00')
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x400, 0x38, r3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.net/syz0\x00', 0x1ff)

569.674836ms ago: executing program 3 (id=5364):
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
symlink(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000000)='./file0\x00')
rename(&(0x7f0000000580)='./file0\x00', &(0x7f0000000780)='./file2\x00')
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00')

563.673529ms ago: executing program 3 (id=5366):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="38010000fe00004a59ac3fab5a3b30692619d523a7eb0167d4f100fd8bcb"], 0x138)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_any}]}})
stat(&(0x7f0000000000)='./file0\x00', 0x0)

304.138011ms ago: executing program 3 (id=5368):
r0 = semget$private(0x0, 0x1, 0xc0)
semtimedop(r0, &(0x7f0000000000)=[{0x0, 0xffff, 0x2000}], 0x1, 0x0)
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000080))

54.863855ms ago: executing program 2 (id=5377):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x768943b6b926b3ed)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000005, 0x10012, r1, 0x0)
copy_file_range(r1, &(0x7f00000008c0)=0x4, r0, 0x0, 0x8, 0x0)

54.788286ms ago: executing program 2 (id=5378):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000001980), 0xffffffffffffffff)
sendmsg$SMC_PNETID_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x14, r1, 0x215, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4)

437.893µs ago: executing program 2 (id=5379):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)={0x20, 0x37, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x20}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)

318.785µs ago: executing program 2 (id=5380):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000100000000000000e9ff000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0, 0x0, 0x2}, 0x18)
utimes(0x0, 0x0)

236.41µs ago: executing program 2 (id=5381):
syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @link_local={0x17, 0x80, 0xc2, 0x6, 0x5}, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "182325", 0x10, 0x2c, 0x0, @remote, @local, {[@routing={0x8, 0x0, 0x2, 0x21}, @dstopts={0x4}]}}}}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000240)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa86dd6004000000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aae638005b"], 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000080)={@local, @link_local={0x17, 0x80, 0xc2, 0x6, 0x5}, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "182325", 0x18, 0x2c, 0x0, @remote, @local, {[@routing={0x2b, 0x2, 0x2, 0x1, 0x0, [@empty]}]}}}}}, 0x0)

0s ago: executing program 2 (id=5382):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a9883815654486fe42cf2f676cdbb91f7582ab314be"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19}, 0x42)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000300)=r1, 0x4)
sendmsg$nl_xfrm(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000580)=ANY=[@ANYBLOB="f8000000160039030000000000000000e000000100000000000000000000000000000000000000000000ffff00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x002'], 0xf8}}, 0x0)

kernel console output (not intermixed with test programs):

usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.052225][   T47] usb 4-1: config 0 descriptor??
[  204.055623][T11359] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  204.469755][ T5861] usb 2-1: new full-speed USB device number 19 using dummy_hcd
[  204.621266][ T5861] usb 2-1: config 0 has no interfaces?
[  204.631595][ T5861] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  204.639498][ T5861] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.642994][ T5861] usb 2-1: Product: syz
[  204.644803][ T5861] usb 2-1: Manufacturer: syz
[  204.646775][ T5861] usb 2-1: SerialNumber: syz
[  204.660017][ T5861] usb 2-1: config 0 descriptor??
[  204.667470][   T47] usb 4-1: string descriptor 0 read error: -71
[  204.678117][   T47] uclogic 0003:5543:0047.000D: failed retrieving string descriptor #200: -71
[  204.685168][   T47] uclogic 0003:5543:0047.000D: failed retrieving pen parameters: -71
[  204.688543][   T47] uclogic 0003:5543:0047.000D: failed probing pen v2 parameters: -71
[  204.694080][   T47] uclogic 0003:5543:0047.000D: failed probing parameters: -71
[  204.697356][   T47] uclogic 0003:5543:0047.000D: probe with driver uclogic failed with error -71
[  204.706365][   T47] usb 4-1: USB disconnect, device number 5
[  204.924118][   T47] usb 2-1: USB disconnect, device number 19
[  205.469568][    T9] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  205.685270][    T9] usb 4-1: not running at top speed; connect to a high speed hub
[  205.690242][    T9] usb 4-1: config 2 has an invalid interface number: 33 but max is 0
[  205.694062][    T9] usb 4-1: config 2 has no interface number 0
[  205.696658][    T9] usb 4-1: config 2 interface 33 has no altsetting 0
[  205.705788][    T9] usb 4-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.02
[  205.710110][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.713464][    T9] usb 4-1: Product: syz
[  205.715653][    T9] usb 4-1: Manufacturer: syz
[  205.717666][    T9] usb 4-1: SerialNumber: syz
[  206.166141][    T9] go7007 4-1:2.33: probe with driver go7007 failed with error -12
[  206.223914][    T9] usb 4-1: USB disconnect, device number 6
[  206.498467][T11445] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0001 with DS=0x2
[  206.643798][T11462] netlink: 'syz.2.2027': attribute type 10 has an invalid length.
[  206.647305][T11462] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  206.668452][T11462] batman_adv: batadv0: Removing interface: batadv_slave_0
[  206.692549][T11462] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[  207.387201][T11487] netlink: 724 bytes leftover after parsing attributes in process `syz.2.2038'.
[  207.391389][T11487] netlink: 724 bytes leftover after parsing attributes in process `syz.2.2038'.
[  207.573486][T11493] evm: overlay not supported
[  207.677430][T11497] netlink: 'syz.2.2043': attribute type 10 has an invalid length.
[  207.687530][T11497] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  207.727197][T11495] loop1: detected capacity change from 0 to 32768
[  207.730798][T11495] XFS: attr2 mount option is deprecated.
[  207.737393][T11495] XFS (loop1): DAX unsupported by block device. Turning off DAX.
[  207.740892][T11495] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  207.760260][T11495] XFS (loop1): Ending clean mount
[  207.762752][T11495] XFS (loop1): Quotacheck needed: Please wait.
[  207.767445][T11495] XFS (loop1): Quotacheck: Done.
[  207.780816][ T5864] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  208.291816][T11525] loop3: detected capacity change from 0 to 1024
[  208.300800][T11525] hfsplus: request for non-existent node 211 in B*Tree
[  208.303486][T11525] hfsplus: request for non-existent node 211 in B*Tree
[  208.315287][ T1200] hfsplus: b-tree write err: -5, ino 8
[  208.349755][T11527] loop3: detected capacity change from 0 to 4096
[  208.363408][T11529] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  208.389175][ T9993] NILFS error (device loop3): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=4096, inode=0, rec_len=0, name_len=0
[  208.396185][ T9993] Remounting filesystem read-only
[  208.397914][ T9993] NILFS error (device loop3): nilfs_readdir: bad page in #2
[  208.403488][ T9993] NILFS error (device loop3): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=8192, inode=0, rec_len=0, name_len=0
[  208.412501][ T9993] NILFS error (device loop3): nilfs_readdir: bad page in #2
[  208.471648][T11538] loop3: detected capacity change from 0 to 8
[  208.478322][T11538] SQUASHFS error: xz decompression failed, data probably corrupt
[  208.482058][T11538] SQUASHFS error: Failed to read block 0x108: -5
[  208.484360][T11538] SQUASHFS error: Unable to read metadata cache entry [106]
[  208.486967][T11538] SQUASHFS error: Unable to read inode 0x0
[  208.687630][T11540] loop3: detected capacity change from 0 to 65536
[  208.694027][T11540] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  208.706816][T11540] XFS (loop3): Ending clean mount
[  208.717452][ T9993] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  208.947078][T11569] tc_dump_action: action bad kind
[  209.003583][T11571] overlayfs: failed to clone upperpath
[  209.205313][T11580] Invalid ELF header magic: != ELF
[  209.265077][T11583] netlink: 'syz.2.2070': attribute type 16 has an invalid length.
[  209.277758][T11583] netlink: 'syz.2.2070': attribute type 17 has an invalid length.
[  209.396126][T11583] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  210.116237][T11608] loop1: detected capacity change from 0 to 4096
[  210.130398][T11608] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  210.168427][ T5864] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.309594][T11619] loop1: detected capacity change from 0 to 2048
[  210.396749][T11621] loop3: detected capacity change from 0 to 512
[  210.405709][T11621] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  210.499238][T11619] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  210.648996][T11619] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2086: bg 0: block 234: padding at end of block bitmap is not set
[  210.657496][T11619] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 32 with error 28
[  210.664091][T11619] EXT4-fs (loop1): This should not happen!! Data will be lost
[  210.664091][T11619] 
[  210.667784][T11619] EXT4-fs (loop1): Total free blocks count 0
[  210.672669][T11619] EXT4-fs (loop1): Free/Dirty block details
[  210.675766][T11619] EXT4-fs (loop1): free_blocks=0
[  210.677713][T11619] EXT4-fs (loop1): dirty_blocks=48
[  210.680861][T11619] EXT4-fs (loop1): Block reservation details
[  210.683619][T11619] EXT4-fs (loop1): i_reserved_data_blocks=3
[  210.782036][ T6933] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 32 with max blocks 1 with error 28
[  211.037112][T11628] bond0: Unable to set up delay as MII monitoring is disabled
[  211.530608][T11659] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2104'.
[  211.614393][T11663] random: crng reseeded on system resumption
[  211.698415][ T5861] IPVS: starting estimator thread 0...
[  211.709069][T11659] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2104'.
[  211.789609][T11666] IPVS: using max 75 ests per chain, 180000 per kthread
[  211.792060][T11670] can0: slcan on ttyS3.
[  211.869518][T11670] can0 (unregistered): slcan off ttyS3.
[  211.871727][T11670] Falling back ldisc for ttyS3.
[  211.935748][T11674] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  211.940171][T11674] syzkaller0: entered promiscuous mode
[  211.942110][T11674] syzkaller0: entered allmulticast mode
[  211.949208][T11674] tipc: Resetting bearer <eth:syzkaller0>
[  211.952104][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  211.954763][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  211.963428][T11673] tipc: Resetting bearer <eth:syzkaller0>
[  211.969762][T11673] tipc: Disabling bearer <eth:syzkaller0>
[  212.361621][T11681] loop1: detected capacity change from 0 to 32768
[  212.368095][T11681] bcachefs (/dev/loop1): error validating superblock: Invalid superblock section clean: entry type clock overruns end of section
[  212.368095][T11681] clean (size 2912):
[  212.368095][T11681] flags:          0
[  212.368095][T11681] journal_seq:    10
[  212.368095][T11681] dev_usage: 
[  212.368095][T11681] usage: type=key_version v=0
[  212.368095][T11681] (unknown jset_entry_type 255)
[  212.368095][T11681] usage: type=reserved v=0
[  212.368095][T11681] usage: type=reserved v=0
[  212.368095][T11681] usage: type=reserved v=0
[  212.368095][T11681] data_usage: btree: 1/1 [0]=2816
[  212.368095][T11681] data_usage: journal: 1/1 [0]=0
[  212.368095][T11681] data_usage: user: 1/1 [0]=16
[  212.368095][T11681] dev_usage: dev=0  
[  212.368095][T11681]   free: buckets=83 sectors=0 fragmented=0
[  212.368095][T11681]   sb: buckets=25 sectors=6152 fragmented=248
[  212.368095][T11681]   journal: buckets=8 sectors=2048 fragmented=0
[  212.368095][T11681]   btree: buckets=11 sectors=2816 fragmented=0
[  212.368095][T11681]   user: buckets=1 sectors=16 fragmented=240
[  212.368095][T11681]   cached: buckets=0 sectors=0 fragmented=0
[  212.368095][T11681]   parity: buckets=0 sectors=0 fragmented=0
[  212.368095][T11681]   stripe: buckets=0 sectors=0 fragmented=0
[  212.368095][T11681]   need_gc_gens: buckets=0 sectors=0 fragmented=0
[  212.368095][T11681]   need_discard: buckets=0 sectors=0 fragmented=0
[  212.368095][T11681] 
[  212.422192][T11681] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  212.536531][T11689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2115'.
[  212.551693][T11689] dummy0: entered promiscuous mode
[  212.561048][T11689] bridge0: port 1(macvlan0) entered blocking state
[  212.568505][T11689] bridge0: port 1(macvlan0) entered disabled state
[  212.571702][T11689] macvlan0: entered allmulticast mode
[  212.573593][T11689] dummy0: entered allmulticast mode
[  212.576040][T11689] macvlan0: entered promiscuous mode
[  212.578452][T11689] bridge0: port 1(macvlan0) entered blocking state
[  212.580736][T11689] bridge0: port 1(macvlan0) entered forwarding state
[  212.588380][T11687] loop3: detected capacity change from 0 to 32768
[  212.622140][T11691] loop1: detected capacity change from 0 to 1024
[  212.652458][T11691] hfsplus: invalid xattr key length: 0
[  212.688984][T11693] loop3: detected capacity change from 0 to 2048
[  212.695598][T11693] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  212.703363][   T32] hfsplus: b-tree write err: -5, ino 8
[  212.797674][T11697] loop1: detected capacity change from 0 to 1024
[  212.807413][T11697] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (7780!=20869)
[  212.819570][T11697] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  212.835007][T11697] EXT4-fs (loop1): invalid journal inode
[  212.838771][T11697] EXT4-fs (loop1): can't get journal size
[  212.843115][T11697] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  212.871421][ T5864] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.899736][T11707] 9pnet: p9_errstr2errno: server reported unknown error @cDB0xffffffffffffffff
[  212.994992][T11701] loop3: detected capacity change from 0 to 32768
[  213.001181][T11701] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2121 (11701)
[  213.009867][T11701] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  213.014083][T11701] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  213.035269][T11701] BTRFS info (device loop3): rebuilding free space tree
[  213.041533][T11701] BTRFS info (device loop3): enabling ssd optimizations
[  213.044434][T11701] BTRFS info (device loop3): using spread ssd allocation scheme
[  213.047608][T11701] BTRFS info (device loop3): turning on async discard
[  213.051568][T11701] BTRFS info (device loop3): enabling free space tree
[  213.054387][T11701] BTRFS info (device loop3): force clearing of disk cache
[  213.057371][T11701] BTRFS info (device loop3): use zlib compression, level 3
[  213.085507][ T5677] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared)
[  213.109187][ T9993] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  213.229584][ T5899] usb 2-1: new full-speed USB device number 20 using dummy_hcd
[  213.401738][ T5899] usb 2-1: not running at top speed; connect to a high speed hub
[  213.411281][ T5899] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  213.415618][ T5899] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  213.429858][ T5899] usb 2-1: config 1 has no interface number 1
[  213.432845][ T5899] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  213.445609][ T5899] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  213.461472][ T5899] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  213.465473][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.468896][ T5899] usb 2-1: Product: syz
[  213.480382][ T5899] usb 2-1: Manufacturer: syz
[  213.493142][ T5899] usb 2-1: SerialNumber: syz
[  213.526717][T11746] loop3: detected capacity change from 0 to 1024
[  213.539297][T11746] journal_path: not usable as path
[  213.550951][T11746] EXT4-fs: error: could not find journal device path
[  213.708334][ T5899] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  213.733351][ T5899] usb 2-1: USB disconnect, device number 20
[  213.765646][ T6163] udevd[6163]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  213.841529][T11762] loop3: detected capacity change from 0 to 64
[  214.649962][    T9] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  214.810599][    T9] usb 2-1: Using ep0 maxpacket: 8
[  214.828166][    T9] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  214.833591][    T9] usb 2-1: config 179 has no interface number 0
[  214.837908][    T9] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  214.843135][    T9] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  214.848064][    T9] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  214.855958][    T9] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  214.861415][    T9] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  214.867209][    T9] usb 2-1: config 179 interface 65 has no altsetting 0
[  214.873674][    T9] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  214.877692][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.905058][    T9] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input13
[  215.092614][    T9] usb 2-1: USB disconnect, device number 21
[  215.092686][    C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  215.265431][T11787] loop3: detected capacity change from 0 to 512
[  215.273824][T11787] EXT4-fs (loop3): Test dummy encryption mode enabled
[  215.287352][T11787] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended
[  215.292840][T11787] EXT4-fs (loop3): Errors on filesystem, clearing orphan list.
[  215.296605][T11787] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  215.306020][T11787] EXT4-fs (loop3): shut down requested (1)
[  215.319838][ T9993] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.491390][T11801] loop3: detected capacity change from 0 to 8192
[  215.515696][ T9993] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1)
[  215.519324][ T9993] FAT-fs (loop3): Filesystem has been set read-only
[  217.040387][ T5861] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  217.193805][ T5861] usb 4-1: Using ep0 maxpacket: 32
[  217.200173][ T5861] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  217.204055][ T5861] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.219214][ T5861] usb 4-1: config 0 descriptor??
[  217.230201][ T5861] gspca_main: sunplus-2.14.0 probing 041e:400b
[  217.699511][ T5899] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  217.849485][ T5899] usb 2-1: Using ep0 maxpacket: 32
[  217.859774][ T5899] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  217.864090][ T5899] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 183, using maximum allowed: 30
[  217.879381][ T5899] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 183
[  217.885106][ T5899] usb 2-1: config 0 interface 0 has no altsetting 1
[  217.889381][ T5899] usb 2-1: New USB device found, idVendor=152d, idProduct=0539, bcdDevice= 0.00
[  217.893398][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  217.896849][ T5899] usb 2-1: SerialNumber: syz
[  217.911325][ T5899] usb 2-1: config 0 descriptor??
[  217.915562][ T5899] usb-storage 2-1:0.0: USB Mass Storage device detected
[  217.922189][ T5899] usb-storage 2-1:0.0: Quirks match for vid 152d pid 0539: 4000000
[  218.117962][ T5899] usb 2-1: USB disconnect, device number 22
[  218.444227][ T5861] gspca_sunplus: reg_w_riv err -71
[  218.446526][ T5861] sunplus 4-1:0.0: probe with driver sunplus failed with error -71
[  218.451253][ T5861] usb 4-1: USB disconnect, device number 7
[  218.715703][T11894] netlink: 'syz.1.2201': attribute type 3 has an invalid length.
[  218.788011][T11901] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  219.099660][T11913] loop3: detected capacity change from 0 to 128
[  219.108140][T11913] EXT4-fs: Ignoring removed nobh option
[  219.120064][T11913] EXT4-fs (loop3): Invalid log block size: 4294967295
[  219.332350][T11927] Bluetooth: MGMT ver 1.23
[  219.530632][T11933] loop3: detected capacity change from 0 to 32768
[  219.557215][T11933] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  219.557232][T11933]   allowing incompatible features above 0.0: (unknown version)
[  219.557239][T11933]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  219.572320][T11933] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  219.575757][T11933] bcachefs (loop3): initializing new filesystem
[  219.584165][T11933] bcachefs (loop3): going read-write
[  219.588231][T11933] bcachefs (loop3): marking superblocks
[  219.596864][T11933] bcachefs (loop3): initializing freespace
[  219.601933][T11933] bcachefs (loop3): done initializing freespace
[  219.606989][T11933] bcachefs (loop3): reading snapshots table
[  219.609677][T11933] bcachefs (loop3): reading snapshots done
[  219.618889][T11933] bcachefs (loop3): done starting filesystem
[  219.865555][ T9993] bcachefs (loop3): shutting down
[  219.867787][ T9993] bcachefs (loop3): going read-only
[  219.870747][ T9993] bcachefs (loop3): finished waiting for writes to stop
[  219.874337][ T9993] bcachefs (loop3): flushing journal and stopping allocators, journal seq 2
[  219.887930][ T9993] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[  219.894352][ T9993] bcachefs (loop3): clean shutdown complete, journal seq 4
[  219.897798][ T9993] bcachefs (loop3): marking filesystem clean
[  219.910986][ T9993] bcachefs (loop3): shutdown complete
[  219.973314][T11950] loop1: detected capacity change from 0 to 32768
[  219.986919][T11950] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  220.010597][ T5864] ocfs2: Unmounting device (7,1) on (node local)
[  220.235835][T11957] gtp0: entered promiscuous mode
[  220.238089][T11957] gtp0: entered allmulticast mode
[  220.519589][T11969] loop1: detected capacity change from 0 to 32768
[  220.524839][T11969] XFS (loop1): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  220.534870][T11969] XFS (loop1): Ending clean mount
[  220.555154][ T5864] XFS (loop1): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  221.132353][T12006] loop3: detected capacity change from 0 to 32768
[  221.144887][T12006] XFS: ikeep mount option is deprecated.
[  221.196543][T12008] syz.2.2243(12008): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  221.204005][T12006] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  221.228144][T12006] XFS (loop3): Ending clean mount
[  221.234414][T12006] XFS (loop3): Quotacheck needed: Please wait.
[  221.242251][T12006] XFS (loop3): Quotacheck: Done.
[  221.257744][   T33] audit: type=1800 audit(2000000012.460:69): pid=12006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2223" name="bus" dev="loop3" ino=9290 res=0 errno=0
[  221.277271][   T33] audit: type=1800 audit(2000000012.470:70): pid=12006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2223" name="file1" dev="loop3" ino=9286 res=0 errno=0
[  221.286851][ T9993] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  221.773324][T12054] loop1: detected capacity change from 0 to 40427
[  221.776827][T12054] F2FS-fs (loop1): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[  221.780433][T12054] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  221.784098][T12054] F2FS-fs (loop1): build fault injection type: 0x6
[  221.787686][T12054] F2FS-fs (loop1): invalid crc value
[  221.806983][T12058] loop3: detected capacity change from 0 to 32768
[  221.816853][T12054] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  221.818118][T12058] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2262 (12058)
[  221.821385][T12054] F2FS-fs (loop1): checkpoint=disable on readonly fs
[  221.836628][T12058] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  221.850459][T12058] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  221.853984][T12058] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  221.891244][T12058] BTRFS info (device loop3): rebuilding free space tree
[  221.896635][T12058] BTRFS info (device loop3): disabling free space tree
[  221.899275][T12058] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  221.903975][T12058] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  221.918860][T12058] BTRFS info (device loop3): setting nodatasum
[  221.921215][T12058] BTRFS info (device loop3): setting nodatacow
[  221.923585][T12058] BTRFS info (device loop3): enabling ssd optimizations
[  221.926336][T12058] BTRFS info (device loop3): turning off barriers
[  221.928997][T12058] BTRFS info (device loop3): turning on flush-on-commit
[  221.935360][T12058] BTRFS info (device loop3): enabling disk space caching
[  221.938265][T12058] BTRFS info (device loop3): force clearing of disk cache
[  221.942147][T12058] BTRFS info (device loop3): doing ref verification
[  221.944920][T12058] BTRFS info (device loop3): max_inline set to 4096
[  221.972460][T12077] program syz.1.2263 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  221.995861][   T33] audit: type=1804 audit(2000000013.200:71): pid=12058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2262" name="/newroot/249/file1/bus" dev="loop3" ino=263 res=1 errno=0
[  222.268507][T12089] netlink: 'syz.1.2268': attribute type 11 has an invalid length.
[  222.303006][T12093] loop1: detected capacity change from 0 to 1024
[  222.318609][T12093] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  222.323594][T12093] ext4 filesystem being mounted at /753/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  222.329771][   T33] audit: type=1800 audit(2000000013.530:72): pid=12093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2269" name="file2" dev="loop1" ino=16 res=0 errno=0
[  222.341773][ T5864] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  222.362360][T12098] loop1: detected capacity change from 0 to 256
[  222.371594][T12098] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  222.423105][T12100] netlink: 248 bytes leftover after parsing attributes in process `syz.1.2273'.
[  222.427978][ T9993] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  222.474087][T12102] loop1: detected capacity change from 0 to 1024
[  222.498630][T12102] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  222.507092][T12102] ext4 filesystem being mounted at /756/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  222.512912][T12106] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2272'.
[  222.513255][T12102] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: comm syz.1.2274: lblock 0 mapped to illegal pblock 0 (length 5)
[  222.522373][T12102] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 3: comm syz.1.2274: lblock 3 mapped to illegal pblock 3 (length 2)
[  222.529243][T12102] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 2 with error 117
[  222.537150][T12102] EXT4-fs (loop1): This should not happen!! Data will be lost
[  222.537150][T12102] 
[  222.547014][ T1091] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 8: comm kworker/u9:4: lblock 8 mapped to illegal pblock 8 (length 8)
[  222.553802][ T1091] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  222.557805][ T1091] EXT4-fs (loop1): This should not happen!! Data will be lost
[  222.557805][ T1091] 
[  222.562898][ T5864] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  222.690228][T12108] loop3: detected capacity change from 0 to 32768
[  222.693919][T12108] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2275 (12108)
[  222.761191][T12108] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  222.765475][T12108] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  223.059215][T12108] BTRFS info (device loop3): rebuilding free space tree
[  223.064189][T12108] BTRFS info (device loop3): enabling ssd optimizations
[  223.067054][T12108] BTRFS info (device loop3): turning off barriers
[  223.074758][T12108] BTRFS info (device loop3): turning on sync discard
[  223.077577][T12108] BTRFS info (device loop3): enabling free space tree
[  223.084404][T12108] BTRFS info (device loop3): force clearing of disk cache
[  223.086693][T12108] BTRFS info (device loop3): enabling auto defrag
[  223.116000][ T9993] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  223.295287][T12170] 9pnet_fd: Insufficient options for proto=fd
[  223.748739][T12189] loop1: detected capacity change from 0 to 256
[  224.143600][    T9] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  224.359740][    T9] usb 2-1: Using ep0 maxpacket: 32
[  224.364772][    T9] usb 2-1: config 0 has an invalid interface number: 134 but max is 0
[  224.368505][    T9] usb 2-1: config 0 has no interface number 0
[  224.374042][    T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice=ea.6f
[  224.377902][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.382062][    T9] usb 2-1: Product: syz
[  224.383839][    T9] usb 2-1: Manufacturer: syz
[  224.385768][    T9] usb 2-1: SerialNumber: syz
[  224.389054][    T9] usb 2-1: config 0 descriptor??
[  224.395988][    T9] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.134/input/input14
[  224.615061][ T5899] usb 2-1: USB disconnect, device number 23
[  224.615977][ T5281] bcm5974 2-1:0.134: could not read from device
[  225.147880][T12232] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  225.255988][T12244] loop3: detected capacity change from 0 to 1024
[  225.265741][T12242] loop1: detected capacity change from 0 to 2048
[  225.273001][T12242] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  225.880737][T12260] 8021q: adding VLAN 0 to HW filter on device bond1
[  226.023384][T12263] loop1: detected capacity change from 0 to 32768
[  226.036656][T12263] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  226.070975][ T5864] ocfs2: Unmounting device (7,1) on (node local)
[  226.159975][   T32] hfsplus: b-tree write err: -5, ino 4
[  227.123383][T12292] loop3: detected capacity change from 0 to 32768
[  227.127736][T12292] bcachefs (/dev/loop3): error validating superblock: Invalid superblock section replicas: no devices in entry need_discard: 0/0 []
[  227.127736][T12292] replicas (size 40):
[  227.127736][T12292] need_discard: 0/0 []
[  227.127736][T12292] 
[  227.135753][T12292] bcachefs: bch2_fs_get_tree() error: invalid_replicas_entry
[  227.913239][T12321] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  227.916502][T12321] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  228.081602][T12326] program syz.1.2361 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  228.273481][T12345] trusted_key: syz.1.2366 sent an empty control message without MSG_MORE.
[  228.596037][T12351] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2372'.
[  228.600729][T12351] sch_fq: defrate 4294967295 ignored.
[  228.757623][T12355] loop3: detected capacity change from 0 to 32768
[  228.769229][T12355] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  228.777164][T12355] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  228.784282][T12355] XFS (loop3): Starting recovery (logdev: internal)
[  228.790292][T12355] XFS (loop3): Ending recovery (logdev: internal)
[  228.833093][ T9993] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  229.013070][T12381] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2382'.
[  229.032393][   T12] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  229.036224][   T12] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  229.040398][T12381] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2382'.
[  229.044191][   T12] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  229.047762][   T12] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  229.094732][T12384] mkiss: ax0: crc mode is auto.
[  229.219583][ T5923] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  229.371494][ T5923] usb 4-1: unable to get BOS descriptor or descriptor too short
[  229.375074][ T5923] usb 4-1: not running at top speed; connect to a high speed hub
[  229.379113][ T5923] usb 4-1: config 14 has an invalid interface number: 90 but max is 0
[  229.383594][ T5923] usb 4-1: config 14 has no interface number 0
[  229.386199][ T5923] usb 4-1: config 14 interface 90 has no altsetting 0
[  229.390733][ T5923] usb 4-1: New USB device found, idVendor=041e, idProduct=400a, bcdDevice=8c.6a
[  229.393874][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.396482][ T5923] usb 4-1: Product: syz
[  229.397973][ T5923] usb 4-1: Manufacturer: syz
[  229.399905][ T5923] usb 4-1: SerialNumber: syz
[  229.609863][ T5923] gspca_main: spca500-2.14.0 probing 041e:400a
[  229.615108][ T5923] usb 4-1: USB disconnect, device number 8
[  229.764315][T12402] netlink: 'syz.2.2390': attribute type 21 has an invalid length.
[  229.767690][T12402] netlink: 144 bytes leftover after parsing attributes in process `syz.2.2390'.
[  230.024869][T12409] 9pnet_fd: Insufficient options for proto=fd
[  230.222394][T12427] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2402'.
[  230.366768][T12417] loop1: detected capacity change from 0 to 40427
[  230.373743][T12417] F2FS-fs (loop1): build fault injection rate: 14
[  230.376096][T12417] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  230.385996][T12417] F2FS-fs (loop1): invalid crc value
[  230.405239][    C1] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  230.419640][    C1] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  230.438769][T12417] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  230.445463][T12417] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  230.452964][T12417] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  230.477663][T12417] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  230.485211][T12417] F2FS-fs (loop1): inject dquot initialize in f2fs_dquot_initialize of f2fs_mkdir+0xfa/0x570
[  230.493043][T12417] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  230.495737][T12431] loop3: detected capacity change from 0 to 32768
[  230.512844][T12417] F2FS-fs (loop1): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0x249/0x1cf0
[  230.517019][T12417] F2FS-fs (loop1): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0]
[  230.522180][T12431] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  230.538547][T12431] XFS (loop3): Ending clean mount
[  230.543989][T12431] XFS (loop3): Quotacheck needed: Please wait.
[  230.550275][T12431] XFS (loop3): Quotacheck: Done.
[  230.568711][ T9993] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  230.593360][ T5864] syz-executor: attempt to access beyond end of device
[  230.593360][ T5864] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  230.599021][ T5864] CPU: 1 UID: 0 PID: 5864 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  230.599039][ T5864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  230.599047][ T5864] Call Trace:
[  230.599052][ T5864]  <TASK>
[  230.599057][ T5864]  dump_stack_lvl+0x189/0x250
[  230.599077][ T5864]  ? __pfx_dump_stack_lvl+0x10/0x10
[  230.599091][ T5864]  ? __pfx_queue_work_on+0x10/0x10
[  230.599104][ T5864]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  230.599120][ T5864]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  230.599138][ T5864]  f2fs_handle_critical_error+0x37c/0x540
[  230.599157][ T5864]  f2fs_write_end_io+0x886/0xb60
[  230.599174][ T5864]  __submit_merged_bio+0x27a/0x6a0
[  230.599191][ T5864]  __submit_merged_write_cond+0x255/0x530
[  230.599208][ T5864]  f2fs_write_data_pages+0x261d/0x3000
[  230.599225][ T5864]  ? arch_stack_walk+0xfc/0x150
[  230.599250][ T5864]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  230.599266][ T5864]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  230.599284][ T5864]  ? rcu_is_watching+0x15/0xb0
[  230.599308][ T5864]  ? folios_put_refs+0x559/0x640
[  230.599325][ T5864]  ? __pfx_folios_put_refs+0x10/0x10
[  230.599336][ T5864]  ? rcu_is_watching+0x15/0xb0
[  230.599348][ T5864]  ? lru_add+0xa2f/0xd80
[  230.599359][ T5864]  ? lru_add+0x198/0xd80
[  230.599370][ T5864]  ? do_raw_spin_lock+0x121/0x290
[  230.599408][ T5864]  ? do_raw_spin_unlock+0x4d/0x240
[  230.599423][ T5864]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  230.599440][ T5864]  do_writepages+0x32e/0x550
[  230.599456][ T5864]  ? rcu_is_watching+0x15/0xb0
[  230.599468][ T5864]  ? do_raw_spin_unlock+0x4d/0x240
[  230.599484][ T5864]  filemap_fdatawrite+0x199/0x240
[  230.599500][ T5864]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  230.599528][ T5864]  ? rcu_is_watching+0x15/0xb0
[  230.599541][ T5864]  ? do_raw_spin_unlock+0x4d/0x240
[  230.599556][ T5864]  f2fs_sync_dirty_inodes+0x31f/0x830
[  230.599573][ T5864]  f2fs_write_checkpoint+0x95a/0x1df0
[  230.599592][ T5864]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  230.599642][ T5864]  ? kill_f2fs_super+0x298/0x6c0
[  230.599658][ T5864]  kill_f2fs_super+0x2c3/0x6c0
[  230.599671][ T5864]  ? __pfx_kill_f2fs_super+0x10/0x10
[  230.599682][ T5864]  ? radix_tree_delete_item+0x2b6/0x400
[  230.599699][ T5864]  ? shrinker_free+0x2ce/0x3e0
[  230.599713][ T5864]  deactivate_locked_super+0xbc/0x130
[  230.599728][ T5864]  cleanup_mnt+0x425/0x4c0
[  230.599743][ T5864]  task_work_run+0x1d4/0x260
[  230.599759][ T5864]  ? __pfx_task_work_run+0x10/0x10
[  230.599773][ T5864]  ? __x64_sys_umount+0x122/0x160
[  230.599788][ T5864]  ? __pfx___x64_sys_umount+0x10/0x10
[  230.599804][ T5864]  ? rcu_is_watching+0x15/0xb0
[  230.599821][ T5864]  exit_to_user_mode_loop+0xec/0x110
[  230.599836][ T5864]  do_syscall_64+0x2bd/0x3b0
[  230.599851][ T5864]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.599862][ T5864]  ? exc_page_fault+0x9f/0xf0
[  230.599876][ T5864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.599886][ T5864] RIP: 0033:0x7fd1dcd8ff17
[  230.599898][ T5864] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  230.599909][ T5864] RSP: 002b:00007ffe782ccb78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  230.599924][ T5864] RAX: 0000000000000000 RBX: 00007fd1dce11c05 RCX: 00007fd1dcd8ff17
[  230.599932][ T5864] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe782ccc30
[  230.599940][ T5864] RBP: 00007ffe782ccc30 R08: 0000000000000000 R09: 0000000000000000
[  230.599947][ T5864] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe782cdcc0
[  230.599955][ T5864] R13: 00007fd1dce11c05 R14: 0000000000038426 R15: 00007ffe782cdd00
[  230.599969][ T5864]  </TASK>
[  230.776269][ T5864] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  230.778793][ T5864] CPU: 1 UID: 0 PID: 5864 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  230.778805][ T5864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  230.778810][ T5864] Call Trace:
[  230.778813][ T5864]  <TASK>
[  230.778817][ T5864]  dump_stack_lvl+0x189/0x250
[  230.778832][ T5864]  ? __pfx_dump_stack_lvl+0x10/0x10
[  230.778840][ T5864]  ? __pfx_queue_work_on+0x10/0x10
[  230.778848][ T5864]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  230.778858][ T5864]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  230.778869][ T5864]  f2fs_handle_critical_error+0x37c/0x540
[  230.778880][ T5864]  f2fs_write_end_io+0x886/0xb60
[  230.778890][ T5864]  __submit_merged_bio+0x27a/0x6a0
[  230.778900][ T5864]  __submit_merged_write_cond+0x255/0x530
[  230.778910][ T5864]  f2fs_write_data_pages+0x261d/0x3000
[  230.778920][ T5864]  ? arch_stack_walk+0xfc/0x150
[  230.778933][ T5864]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  230.778943][ T5864]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  230.778953][ T5864]  ? rcu_is_watching+0x15/0xb0
[  230.778966][ T5864]  ? folios_put_refs+0x559/0x640
[  230.778976][ T5864]  ? __pfx_folios_put_refs+0x10/0x10
[  230.778982][ T5864]  ? rcu_is_watching+0x15/0xb0
[  230.778989][ T5864]  ? lru_add+0xa2f/0xd80
[  230.778996][ T5864]  ? lru_add+0x198/0xd80
[  230.779003][ T5864]  ? do_raw_spin_lock+0x121/0x290
[  230.779013][ T5864]  ? do_raw_spin_unlock+0x4d/0x240
[  230.779021][ T5864]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  230.779031][ T5864]  do_writepages+0x32e/0x550
[  230.779040][ T5864]  ? rcu_is_watching+0x15/0xb0
[  230.779047][ T5864]  ? do_raw_spin_unlock+0x4d/0x240
[  230.779056][ T5864]  filemap_fdatawrite+0x199/0x240
[  230.779066][ T5864]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  230.779086][ T5864]  ? rcu_is_watching+0x15/0xb0
[  230.779093][ T5864]  ? do_raw_spin_unlock+0x4d/0x240
[  230.779102][ T5864]  f2fs_sync_dirty_inodes+0x31f/0x830
[  230.779111][ T5864]  f2fs_write_checkpoint+0x95a/0x1df0
[  230.779122][ T5864]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  230.779135][ T5864]  ? kill_f2fs_super+0x298/0x6c0
[  230.779143][ T5864]  kill_f2fs_super+0x2c3/0x6c0
[  230.779150][ T5864]  ? __pfx_kill_f2fs_super+0x10/0x10
[  230.779156][ T5864]  ? radix_tree_delete_item+0x2b6/0x400
[  230.779166][ T5864]  ? shrinker_free+0x2ce/0x3e0
[  230.779175][ T5864]  deactivate_locked_super+0xbc/0x130
[  230.779184][ T5864]  cleanup_mnt+0x425/0x4c0
[  230.779193][ T5864]  task_work_run+0x1d4/0x260
[  230.779202][ T5864]  ? __pfx_task_work_run+0x10/0x10
[  230.779211][ T5864]  ? __x64_sys_umount+0x122/0x160
[  230.779219][ T5864]  ? __pfx___x64_sys_umount+0x10/0x10
[  230.779229][ T5864]  ? rcu_is_watching+0x15/0xb0
[  230.779236][ T5864]  exit_to_user_mode_loop+0xec/0x110
[  230.779245][ T5864]  do_syscall_64+0x2bd/0x3b0
[  230.779255][ T5864]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.779262][ T5864]  ? exc_page_fault+0x9f/0xf0
[  230.779271][ T5864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.779278][ T5864] RIP: 0033:0x7fd1dcd8ff17
[  230.779285][ T5864] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  230.779293][ T5864] RSP: 002b:00007ffe782ccb78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  230.779301][ T5864] RAX: 0000000000000000 RBX: 00007fd1dce11c05 RCX: 00007fd1dcd8ff17
[  230.779307][ T5864] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe782ccc30
[  230.779311][ T5864] RBP: 00007ffe782ccc30 R08: 0000000000000000 R09: 0000000000000000
[  230.779315][ T5864] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe782cdcc0
[  230.779320][ T5864] R13: 00007fd1dce11c05 R14: 0000000000038426 R15: 00007ffe782cdd00
[  230.779328][ T5864]  </TASK>
[  230.779330][ T5864] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  231.351313][T12480] loop1: detected capacity change from 0 to 256
[  231.362488][T12480] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  231.444179][T12486] loop1: detected capacity change from 0 to 164
[  231.508161][T12492] loop1: detected capacity change from 0 to 512
[  231.511900][T12492] EXT4-fs: Ignoring removed orlov option
[  231.514230][T12492] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  231.518496][T12492] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[  231.523113][T12492] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz.1.2426: corrupted in-inode xattr: e_value size too large
[  231.529048][T12492] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.2426: couldn't read orphan inode 15 (err -117)
[  231.536602][T12492] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  231.561285][ T5864] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.584852][T12496] loop1: detected capacity change from 0 to 8
[  231.618568][T12496] SQUASHFS error: Unable to read inode 0x127
[  231.636754][T12496] loop1: detected capacity change from 0 to 128
[  231.649891][T12496] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  231.654401][T12496] ext4 filesystem being mounted at /796/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  232.038392][T12508] af_packet: tpacket_rcv: packet too big, clamped from 60 to 4294967272. macoff=96
[  232.463553][T12521] IPVS: set_ctl: invalid protocol: 0 172.20.20.31:20000
[  232.482330][T12495] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  232.545934][T12523] loop3: detected capacity change from 0 to 512
[  232.554202][T12523] EXT4-fs: Ignoring removed orlov option
[  232.576979][T12523] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.584185][T12523] ext4 filesystem being mounted at /296/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  232.649187][ T9993] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.830184][T12531] loop3: detected capacity change from 0 to 512
[  232.875682][T12531] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.881762][T12531] ext4 filesystem being mounted at /299/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  232.888558][T12531] EXT4-fs error (device loop3): ext4_get_inode_usage:884: inode #12: comm syz.3.2442: corrupted xattr block 6: invalid header
[  232.905423][ T9993] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.992024][T12539] binder: 12538:12539 ioctl c0306201 2000000003c0 returned -14
[  233.089883][T12551] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2450'.
[  233.227580][T12566] overlay: filesystem on ./bus not supported
[  234.825378][T12586] loop3: detected capacity change from 0 to 64
[  234.829887][T12586] minix: Unknown parameter './file1/file3'
[  235.095990][T12603] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2470'.
[  235.637553][T12635] loop3: detected capacity change from 0 to 4096
[  235.652025][T12635] ntfs3(loop3): ino=3, Correct links count -> 2.
[  236.698600][T12654] delete_channel: no stack
[  236.941747][T12671] netem: incorrect ge model size
[  236.943874][T12671] netem: change failed
[  237.106537][T12678] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2506'.
[  237.263845][T12682] loop3: detected capacity change from 0 to 32768
[  237.270724][T12692] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2512'.
[  237.369110][T12700] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2517'.
[  237.418126][   T33] audit: type=1326 audit(2000000028.620:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12703 comm="syz.2.2519" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  237.427537][   T33] audit: type=1326 audit(2000000028.620:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12703 comm="syz.2.2519" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  237.447128][   T33] audit: type=1326 audit(2000000028.630:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12703 comm="syz.2.2519" exe="/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  237.457587][   T33] audit: type=1326 audit(2000000028.630:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12703 comm="syz.2.2519" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  237.466916][   T33] audit: type=1326 audit(2000000028.630:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12703 comm="syz.2.2519" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  237.476667][   T33] audit: type=1326 audit(2000000028.630:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12703 comm="syz.2.2519" exe="/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  237.485532][   T33] audit: type=1326 audit(2000000028.640:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12703 comm="syz.2.2519" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  237.494152][   T33] audit: type=1326 audit(2000000028.640:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12705 comm="syz.2.2519" exe="/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  237.502598][   T33] audit: type=1326 audit(2000000028.640:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12703 comm="syz.2.2519" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  237.513810][   T33] audit: type=1326 audit(2000000028.660:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12703 comm="syz.2.2519" exe="/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  237.630242][T12708] netlink: 'syz.3.2513': attribute type 21 has an invalid length.
[  237.633664][T12708] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2513'.
[  237.662514][T12710] loop3: detected capacity change from 0 to 164
[  237.722825][T12712] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2521'.
[  237.885052][T12714] loop3: detected capacity change from 0 to 32768
[  237.891727][T12714] 
[  237.891727][T12714]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  237.891727][T12714] 
[  237.909191][T12714] read_mapping_page failed!
[  237.911721][T12714] ERROR: (device loop3): txCommit: 
[  237.911721][T12714] 
[  237.933260][ T1099] 
[  237.933260][ T1099]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  237.933260][ T1099] 
[  237.937928][ T1099] 
[  237.937928][ T1099]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  237.937928][ T1099] 
[  237.944112][  T115] 
[  237.944112][  T115]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  237.944112][  T115] 
[  237.948860][ T9993] 
[  237.948860][ T9993]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  237.948860][ T9993] 
[  237.953656][ T9993] 
[  237.953656][ T9993]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  237.953656][ T9993] 
[  237.966187][T12722] autofs: Bad value for 'fd'
[  238.329530][ T5923] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  238.403535][T12744] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  238.451465][T12748] batadv_slave_1: entered promiscuous mode
[  238.454999][T12747] batadv_slave_1: left promiscuous mode
[  238.480206][ T5923] usb 4-1: Using ep0 maxpacket: 32
[  238.484378][ T5923] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  238.491699][ T5923] usb 4-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[  238.495576][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.499155][ T5923] usb 4-1: Product: syz
[  238.501964][ T5923] usb 4-1: Manufacturer: syz
[  238.503951][ T5923] usb 4-1: SerialNumber: syz
[  238.510344][ T5923] usb 4-1: config 0 descriptor??
[  238.514261][T12730] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  238.522802][ T5923] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  238.566875][T12756] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  238.570391][T12756] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  238.573852][T12756] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  238.577365][T12756] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  238.582769][T12756] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  238.586485][T12756] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  238.590255][T12756] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  238.594299][T12756] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  238.598150][T12756] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  238.603038][T12756] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  238.724456][ T5861] usb 4-1: USB disconnect, device number 9
[  241.864248][T12843] loop3: detected capacity change from 0 to 32768
[  241.880670][T12843] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  241.903385][T12843] XFS (loop3): Ending clean mount
[  241.907731][T12843] XFS (loop3): Quotacheck needed: Please wait.
[  241.916219][T12843] XFS (loop3): Quotacheck: Done.
[  241.946561][ T9993] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  242.241672][T12907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  242.279717][  T975] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  242.297339][T12907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  242.354277][T12907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  242.431420][  T975] usb 4-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  242.435882][  T975] usb 4-1: config 0 interface 0 has no altsetting 0
[  242.438790][  T975] usb 4-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00
[  242.448900][  T975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.454115][  T975] usb 4-1: config 0 descriptor??
[  242.457352][T12887] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  242.870818][  T975] thrustmaster 0003:044F:B323.000E: hidraw0: USB HID v0.00 Device [HID 044f:b323] on usb-dummy_hcd.3-1/input0
[  242.883737][  T975] thrustmaster 0003:044F:B323.000E: no inputs found
[  242.936151][T12931] netlink: 212 bytes leftover after parsing attributes in process `syz.2.2617'.
[  242.939160][T12931] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2617'.
[  242.949653][T12931] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2617'.
[  243.072144][   T47] usb 4-1: USB disconnect, device number 10
[  243.656138][T12953] dummy0: entered promiscuous mode
[  243.658733][T12953] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  243.662954][T12953] hsr1: entered allmulticast mode
[  243.664883][T12953] dummy0: entered allmulticast mode
[  243.666810][T12953] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  243.705004][T12956] loop3: detected capacity change from 0 to 2048
[  243.718968][T12956] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  243.733528][T12956] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  243.738732][T12956] ext4 filesystem being mounted at /328/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  243.766195][ T9993] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.958467][T12961] loop3: detected capacity change from 0 to 32768
[  243.963588][T12961] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2628 (12961)
[  243.974530][T12961] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  243.978842][T12961] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  244.026749][T12961] BTRFS info (device loop3): enabling ssd optimizations
[  244.039663][T12961] BTRFS info (device loop3): enabling free space tree
[  244.053882][   T33] kauditd_printk_skb: 244 callbacks suppressed
[  244.053898][   T33] audit: type=1800 audit(2000000035.260:327): pid=12961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2628" name="file1" dev="loop3" ino=260 res=0 errno=0
[  244.079902][T12961] BTRFS info (device loop3): balance: start -sconvert=raid0,soft
[  244.083322][T12961] BTRFS info (device loop3): balance: ended with status: 0
[  244.117393][ T9993] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  245.289371][T13012] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2643'.
[  245.534085][   T33] audit: type=1326 audit(2000000036.740:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.1.2647" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd1dcd8ebe9 code=0x0
[  246.655076][T13046] loop3: detected capacity change from 0 to 512
[  246.676367][T13046] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  246.710013][T13046] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  246.721404][T13046] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.2657: corrupted in-inode xattr: e_value size too large
[  246.726968][T13046] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.2657: couldn't read orphan inode 15 (err -117)
[  246.737347][T13046] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  246.775505][   T33] audit: type=1800 audit(2000000037.970:329): pid=13046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2657" name="file1" dev="loop3" ino=18 res=0 errno=0
[  246.790224][   T33] audit: type=1804 audit(2000000037.970:330): pid=13046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2657" name="/newroot/340/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0/file1" dev="loop3" ino=18 res=1 errno=0
[  246.791076][ T9993] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  246.810866][   T33] audit: type=1800 audit(2000000037.970:331): pid=13046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2657" name="file1" dev="loop3" ino=18 res=0 errno=0
[  247.340425][T13074] team0: Device macvlan2 is already an upper device of the team interface
[  247.567271][T13079] loop3: detected capacity change from 0 to 32768
[  247.618876][T13079] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  247.698394][T13079] XFS (loop3): Ending clean mount
[  247.704330][T13079] XFS (loop3): Quotacheck needed: Please wait.
[  247.729055][T13079] XFS (loop3): Quotacheck: Done.
[  247.789006][ T9993] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  247.988696][T13108] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2679'.
[  248.368870][T13124] netlink: 'syz.1.2686': attribute type 2 has an invalid length.
[  248.381569][T13124] netlink: 'syz.1.2686': attribute type 1 has an invalid length.
[  248.476970][T13130] @: renamed from bond_slave_0 (while UP)
[  248.688213][T13136] loop3: detected capacity change from 0 to 32768
[  248.695380][T13136] syz.3.2691: attempt to access beyond end of device
[  248.695380][T13136] loop3: rw=0, sector=67109120, nr_sectors = 8 limit=32768
[  248.700589][T13136] Read error 10 at 0x0
[  248.702230][T13136] read_mapping_page failed!
[  248.703839][T13136] jfs_mount: diMount failed w/rc = -5
[  248.705846][T13136] Mount JFS Failure: -5
[  248.707330][T13136] jfs_mount failed w/return code = -5
[  248.982783][T13146] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2696'.
[  249.161072][T13152] loop3: detected capacity change from 0 to 40427
[  249.166968][T13152] F2FS-fs (loop3): Fix alignment : internally, start(4096) end(16896) block(12288)
[  249.174429][T13152] F2FS-fs (loop3): build fault injection rate: 9
[  249.183682][T13152] F2FS-fs (loop3): invalid crc value
[  249.194148][T13152] F2FS-fs (loop3): Current segment's next free block offset is inconsistent with bitmap, logtype:2, segno:5, type:0, next_blkoff:0, blkofs:0
[  249.201419][T13152] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-117)
[  249.836909][T13168] loop3: detected capacity change from 0 to 40427
[  249.841520][T13168] F2FS-fs (loop3): Image doesn't support compression
[  249.844498][T13168] F2FS-fs (loop3): build fault injection rate: 690
[  249.848485][T13168] F2FS-fs (loop3): invalid crc value
[  249.881644][T13168] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  249.885677][T13168] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  250.530908][   T47] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  250.810019][   T47] usb 4-1: Using ep0 maxpacket: 32
[  250.813911][   T47] usb 4-1: config 0 has an invalid interface number: 196 but max is 0
[  250.817857][   T47] usb 4-1: config 0 has no interface number 0
[  250.821657][   T47] usb 4-1: config 0 interface 196 has no altsetting 0
[  250.826849][   T47] usb 4-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  250.831137][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.834364][   T47] usb 4-1: Product: syz
[  250.836080][   T47] usb 4-1: Manufacturer: syz
[  250.838081][   T47] usb 4-1: SerialNumber: syz
[  250.844108][   T47] usb 4-1: config 0 descriptor??
[  252.341031][   T47] ipheth 4-1:0.196: Unable to find endpoints
[  252.346677][   T47] usb 4-1: USB disconnect, device number 11
[  253.363179][T13269] loop3: detected capacity change from 0 to 32768
[  253.368571][T13269] XFS: noikeep mount option is deprecated.
[  253.394774][T13269] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  253.409363][T13269] XFS (loop3): Ending clean mount
[  253.412885][T13269] XFS (loop3): Quotacheck needed: Please wait.
[  253.419171][T13269] XFS (loop3): Quotacheck: Done.
[  253.469380][   T33] audit: type=1804 audit(2000000044.670:332): pid=13269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2749" name="/newroot/368/file0/bus" dev="loop3" ino=9291 res=1 errno=0
[  253.531069][ T9993] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  253.588890][T13281] PKCS7: Unknown OID: [4] 0.38.35.0.951690.11253
[  253.596892][T13281] PKCS7: Only support pkcs7_signedData type
[  253.712531][T13287] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2754'.
[  253.716284][T13287] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2754'.
[  253.798164][T13295] loop3: detected capacity change from 0 to 1024
[  253.814553][   T32] hfsplus: b-tree write err: -5, ino 4
[  253.830086][T13299] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2759'.
[  253.933222][T13309] loop3: detected capacity change from 0 to 256
[  254.886693][T13314] loop3: detected capacity change from 0 to 24
[  254.890498][T13314] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  254.900798][T13314] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  255.485680][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[  255.488316][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[  257.175854][T13377] openvswitch: netlink: Multiple metadata blocks provided
[  257.219048][T13379] loop3: detected capacity change from 0 to 8192
[  257.517622][T13399] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.2801'.
[  257.760099][T13417] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2810'.
[  257.998965][T13430] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2816'.
[  258.865993][T13483] netlink: 'syz.2.2841': attribute type 10 has an invalid length.
[  258.870981][T13483] team0: Failed to send options change via netlink (err -105)
[  258.873876][T13483] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[  258.877424][T13483] team0: Port device team_slave_0 removed
[  258.968245][T13495] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2847'.
[  259.208075][T13514] netlink: 'syz.3.2855': attribute type 1 has an invalid length.
[  259.275867][T13517] loop3: detected capacity change from 0 to 128
[  259.292907][T13517] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  259.311130][T13517] ext4 filesystem being mounted at /408/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  260.168427][ T9993] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  260.454491][T13541] netlink: 'syz.2.2865': attribute type 1 has an invalid length.
[  260.457744][T13541] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2865'.
[  260.665058][   T33] audit: type=1326 audit(2000000051.870:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13565 comm="syz.1.2876" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1dcd8ebe9 code=0x7ffc0000
[  260.675730][   T33] audit: type=1326 audit(2000000051.870:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13565 comm="syz.1.2876" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1dcd8ebe9 code=0x7ffc0000
[  260.684169][   T33] audit: type=1326 audit(2000000051.880:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13565 comm="syz.1.2876" exe="/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7fd1dcd8ebe9 code=0x7ffc0000
[  260.694100][   T33] audit: type=1326 audit(2000000051.880:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13565 comm="syz.1.2876" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1dcd8ebe9 code=0x7ffc0000
[  260.703690][   T33] audit: type=1326 audit(2000000051.880:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13565 comm="syz.1.2876" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1dcd8ebe9 code=0x7ffc0000
[  260.762660][T13575] netlink: 'syz.1.2880': attribute type 4 has an invalid length.
[  260.765810][T13575] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2880'.
[  263.389667][  T975] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  263.451383][T13674] netlink: 384 bytes leftover after parsing attributes in process `syz.2.2926'.
[  263.498615][T13679] netlink: 666 bytes leftover after parsing attributes in process `syz.2.2928'.
[  263.551004][  T975] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  263.554911][  T975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.570403][  T975] usb 4-1: config 0 descriptor??
[  263.575141][  T975] cp210x 4-1:0.0: cp210x converter detected
[  263.977631][  T975] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32
[  263.985989][  T975] usb 4-1: cp210x converter now attached to ttyUSB0
[  264.186383][   T47] usb 4-1: USB disconnect, device number 12
[  264.189853][   T47] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  264.194035][   T47] cp210x 4-1:0.0: device disconnected
[  264.863872][T13724] loop3: detected capacity change from 0 to 1024
[  265.071109][T13730] loop3: detected capacity change from 0 to 32768
[  265.074973][T13730] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2950 (13730)
[  265.090605][T13730] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  265.094722][T13730] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  265.109054][T13730] BTRFS info (device loop3): enabling ssd optimizations
[  265.112774][T13730] BTRFS info (device loop3): enabling free space tree
[  265.383701][T13754] netlink: 'syz.1.2953': attribute type 2 has an invalid length.
[  265.410075][ T9993] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  265.759642][T13775] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2961'.
[  265.762949][T13775] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2961'.
[  265.931386][T13784] syz.3.2964: attempt to access beyond end of device
[  265.931386][T13784] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0
[  265.945021][T13784] syz.3.2964: attempt to access beyond end of device
[  265.945021][T13784] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0
[  265.952874][T13784] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  265.957635][T13784] syz.3.2964: attempt to access beyond end of device
[  265.957635][T13784] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0
[  265.967183][T13784] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  265.972851][T13784] syz.3.2964: attempt to access beyond end of device
[  265.972851][T13784] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0
[  265.977905][T13784] syz.3.2964: attempt to access beyond end of device
[  265.977905][T13784] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0
[  265.982558][T13784] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  265.986502][T13784] syz.3.2964: attempt to access beyond end of device
[  265.986502][T13784] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0
[  266.069936][T13784] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  266.079253][T13784] syz.3.2964: attempt to access beyond end of device
[  266.079253][T13784] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0
[  266.099091][T13784] syz.3.2964: attempt to access beyond end of device
[  266.099091][T13784] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0
[  266.125672][T13784] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  266.130970][T13784] syz.3.2964: attempt to access beyond end of device
[  266.130970][T13784] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0
[  266.136735][T13784] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  266.145485][T13784] syz.3.2964: attempt to access beyond end of device
[  266.145485][T13784] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[  266.152471][T13784] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  266.156948][T13784] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  266.193291][T13784] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  267.127732][T13805] team0: entered promiscuous mode
[  267.130232][T13805] team_slave_1: entered promiscuous mode
[  267.134348][T13804] team0: left promiscuous mode
[  267.136374][T13804] team_slave_1: left promiscuous mode
[  267.247028][T13820] loop3: detected capacity change from 0 to 512
[  267.253937][T13820] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  267.263365][T13820] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.2984: invalid indirect mapped block 83886080 (level 1)
[  267.281816][T13820] EXT4-fs (loop3): Remounting filesystem read-only
[  267.284645][T13820] EXT4-fs (loop3): 1 orphan inode deleted
[  267.291751][T13820] EXT4-fs (loop3): 1 truncate cleaned up
[  267.298830][T13820] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  268.593645][ T9993] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.139089][T13895] delete_channel: no stack
[  269.470643][T13909] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  270.156904][T13953] openvswitch: netlink: Missing valid actions attribute.
[  270.164655][T13953] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  270.906037][   T33] audit: type=1326 audit(2000000062.110:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13960 comm="syz.2.3047" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4ea1b8ebe9 code=0x0
[  271.226877][T13972] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3052'.
[  271.259138][T13974] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3053'.
[  271.761275][T13990] loop3: detected capacity change from 0 to 40427
[  271.773312][T13990] F2FS-fs (loop3): invalid crc value
[  271.802911][T13990] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  271.808447][T13990] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  271.826475][   T33] audit: type=1800 audit(2000000063.030:339): pid=13990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3060" name="file1" dev="loop3" ino=10 res=0 errno=0
[  271.844428][ T9993] bio_check_eod: 2 callbacks suppressed
[  271.844439][ T9993] syz-executor: attempt to access beyond end of device
[  271.844439][ T9993] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  271.852791][ T9993] CPU: 1 UID: 0 PID: 9993 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  271.852812][ T9993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  271.852819][ T9993] Call Trace:
[  271.852825][ T9993]  <TASK>
[  271.852830][ T9993]  dump_stack_lvl+0x189/0x250
[  271.852853][ T9993]  ? __pfx_dump_stack_lvl+0x10/0x10
[  271.852868][ T9993]  ? __pfx_queue_work_on+0x10/0x10
[  271.852881][ T9993]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  271.852898][ T9993]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  271.852917][ T9993]  f2fs_handle_critical_error+0x37c/0x540
[  271.852938][ T9993]  f2fs_write_end_io+0x886/0xb60
[  271.852956][ T9993]  __submit_merged_bio+0x27a/0x6a0
[  271.852974][ T9993]  __submit_merged_write_cond+0x255/0x530
[  271.852992][ T9993]  f2fs_write_data_pages+0x261d/0x3000
[  271.853008][ T9993]  ? arch_stack_walk+0xfc/0x150
[  271.853035][ T9993]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  271.853051][ T9993]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  271.853070][ T9993]  ? rcu_is_watching+0x15/0xb0
[  271.853095][ T9993]  ? folios_put_refs+0x559/0x640
[  271.853113][ T9993]  ? __pfx_folios_put_refs+0x10/0x10
[  271.853124][ T9993]  ? rcu_is_watching+0x15/0xb0
[  271.853136][ T9993]  ? lru_add+0xa2f/0xd80
[  271.853148][ T9993]  ? lru_add+0x198/0xd80
[  271.853160][ T9993]  ? folio_batch_move_lru+0x319/0x3a0
[  271.853175][ T9993]  ? filemap_get_folios_tag+0xed/0x630
[  271.853187][ T9993]  ? rcu_is_watching+0x15/0xb0
[  271.853199][ T9993]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  271.853248][ T9993]  do_writepages+0x32e/0x550
[  271.853266][ T9993]  ? rcu_is_watching+0x15/0xb0
[  271.853279][ T9993]  ? do_raw_spin_unlock+0x4d/0x240
[  271.853315][ T9993]  filemap_fdatawrite+0x199/0x240
[  271.853333][ T9993]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  271.853362][ T9993]  ? rcu_is_watching+0x15/0xb0
[  271.853376][ T9993]  ? do_raw_spin_unlock+0x4d/0x240
[  271.853392][ T9993]  f2fs_sync_dirty_inodes+0x31f/0x830
[  271.853409][ T9993]  f2fs_write_checkpoint+0x95a/0x1df0
[  271.853429][ T9993]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  271.853457][ T9993]  ? kill_f2fs_super+0x298/0x6c0
[  271.853471][ T9993]  kill_f2fs_super+0x2c3/0x6c0
[  271.853485][ T9993]  ? __pfx_kill_f2fs_super+0x10/0x10
[  271.853503][ T9993]  ? radix_tree_delete_item+0x2b6/0x400
[  271.853523][ T9993]  ? shrinker_free+0x2ce/0x3e0
[  271.853557][ T9993]  deactivate_locked_super+0xbc/0x130
[  271.853572][ T9993]  cleanup_mnt+0x425/0x4c0
[  271.853588][ T9993]  task_work_run+0x1d4/0x260
[  271.853605][ T9993]  ? __pfx_task_work_run+0x10/0x10
[  271.853620][ T9993]  ? __x64_sys_umount+0x122/0x160
[  271.853635][ T9993]  ? __pfx___x64_sys_umount+0x10/0x10
[  271.853649][ T9993]  ? rcu_is_watching+0x15/0xb0
[  271.853660][ T9993]  ? rcu_is_watching+0x15/0xb0
[  271.853673][ T9993]  exit_to_user_mode_loop+0xec/0x110
[  271.853690][ T9993]  do_syscall_64+0x2bd/0x3b0
[  271.853708][ T9993]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.853720][ T9993]  ? exc_page_fault+0x9f/0xf0
[  271.853735][ T9993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.853747][ T9993] RIP: 0033:0x7ff87878ff17
[  271.853759][ T9993] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  271.853770][ T9993] RSP: 002b:00007ffd91eafcc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  271.853786][ T9993] RAX: 0000000000000000 RBX: 00007ff878811c05 RCX: 00007ff87878ff17
[  271.853795][ T9993] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd91eafd80
[  271.853802][ T9993] RBP: 00007ffd91eafd80 R08: 0000000000000000 R09: 0000000000000000
[  271.853810][ T9993] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd91eb0e10
[  271.853818][ T9993] R13: 00007ff878811c05 R14: 0000000000042565 R15: 00007ffd91eb0e50
[  271.853834][ T9993]  </TASK>
[  271.854532][ T9993] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  271.859882][   T55] Bluetooth: hci1: unexpected event for opcode 0x0c1c
[  272.660238][  T975] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  272.810465][  T975] usb 4-1: Using ep0 maxpacket: 32
[  272.816897][  T975] usb 4-1: New USB device found, idVendor=0dba, idProduct=5000, bcdDevice=11.bf
[  272.821138][  T975] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.824596][  T975] usb 4-1: Product: syz
[  272.826365][  T975] usb 4-1: Manufacturer: syz
[  272.828348][  T975] usb 4-1: SerialNumber: syz
[  272.832717][  T975] usb 4-1: config 0 descriptor??
[  272.838845][  T975] usb 4-1: MBOX3: Invalid descriptor size=18.
[  273.044751][   T47] usb 4-1: USB disconnect, device number 13
[  274.263101][T14046] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3083'.
[  274.268765][T14046] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3083'.
[  274.272740][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802f4d6c00: rx timeout, send abort
[  274.276554][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88802f4d6c00: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  274.366008][T14056] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  274.377228][T14058] macsec1: entered promiscuous mode
[  274.635340][T14068] netlink: 'syz.2.3090': attribute type 16 has an invalid length.
[  274.638696][T14068] netlink: 'syz.2.3090': attribute type 3 has an invalid length.
[  274.642222][T14068] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3090'.
[  274.711919][T14075] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.3096'.
[  275.732847][   T33] audit: type=1326 audit(2000000066.940:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14130 comm="syz.3.3121" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff87878ebe9 code=0x7ffc0000
[  275.741883][   T33] audit: type=1326 audit(2000000066.940:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14130 comm="syz.3.3121" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff87878ebe9 code=0x7ffc0000
[  275.753937][   T33] audit: type=1326 audit(2000000066.940:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14130 comm="syz.3.3121" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff87878ebe9 code=0x7ffc0000
[  275.762067][   T33] audit: type=1326 audit(2000000066.940:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14130 comm="" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff87878ebe9 code=0x7ffc0000
[  275.915025][T14133] loop3: detected capacity change from 0 to 32768
[  275.918022][T14133] XFS: noikeep mount option is deprecated.
[  275.926230][T14133] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  275.944018][T14133] XFS (loop3): Ending clean mount
[  275.947438][T14133] XFS (loop3): Quotacheck needed: Please wait.
[  275.956867][T14133] XFS (loop3): Quotacheck: Done.
[  275.981860][ T9993] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  276.042941][T14143] netdevsim netdevsim3 netdevsim0: Device is already in use.
[  276.258757][T14147] loop3: detected capacity change from 0 to 32768
[  276.267481][T14147] (syz.3.3125,14147,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  276.293609][T14147] (syz.3.3125,14147,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  276.304461][T14147] JBD2: Ignoring recovery information on journal
[  276.320941][T14147] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  276.364475][T14169] syz.1.3134: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1
[  276.370030][T14169] CPU: 0 UID: 0 PID: 14169 Comm: syz.1.3134 Not tainted syzkaller #0 PREEMPT(full) 
[  276.370044][T14169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  276.370049][T14169] Call Trace:
[  276.370054][T14169]  <TASK>
[  276.370058][T14169]  dump_stack_lvl+0x189/0x250
[  276.370073][T14169]  ? __pfx_dump_stack_lvl+0x10/0x10
[  276.370082][T14169]  ? __pfx__printk+0x10/0x10
[  276.370093][T14169]  ? lock_release+0x4b/0x3e0
[  276.370106][T14169]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  276.370117][T14169]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  276.370126][T14169]  warn_alloc+0x214/0x310
[  276.370138][T14169]  ? stack_depot_save_flags+0x40/0x860
[  276.370148][T14169]  ? __pfx_warn_alloc+0x10/0x10
[  276.370182][T14169]  ? kasan_save_track+0x4f/0x80
[  276.370195][T14169]  ? xskq_create+0x56/0x170
[  276.370207][T14169]  ? xsk_init_queue+0xb0/0x110
[  276.370217][T14169]  ? xsk_setsockopt+0x4dc/0x8d0
[  276.370225][T14169]  ? do_sock_setsockopt+0x17c/0x1b0
[  276.370234][T14169]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  276.370242][T14169]  ? do_syscall_64+0xfa/0x3b0
[  276.370253][T14169]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.370261][T14169]  __vmalloc_node_range_noprof+0x125/0x12f0
[  276.370277][T14169]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  276.370289][T14169]  ? xsk_setsockopt+0x462/0x8d0
[  276.370297][T14169]  ? __kasan_kmalloc+0x93/0xb0
[  276.370308][T14169]  vmalloc_user_noprof+0xad/0xf0
[  276.370320][T14169]  ? xskq_create+0xbf/0x170
[  276.370329][T14169]  xskq_create+0xbf/0x170
[  276.370339][T14169]  xsk_init_queue+0xb0/0x110
[  276.370348][T14169]  xsk_setsockopt+0x4dc/0x8d0
[  276.370356][T14169]  ? __pfx_xsk_setsockopt+0x10/0x10
[  276.370364][T14169]  ? __pfx_aa_sk_perm+0x10/0x10
[  276.370375][T14169]  ? lock_release+0x4b/0x3e0
[  276.370384][T14169]  ? aa_sock_opt_perm+0xff/0x1b0
[  276.370391][T14169]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  276.370400][T14169]  ? __pfx_xsk_setsockopt+0x10/0x10
[  276.370409][T14169]  do_sock_setsockopt+0x17c/0x1b0
[  276.370416][T14169]  __x64_sys_setsockopt+0x13f/0x1b0
[  276.370423][T14169]  do_syscall_64+0xfa/0x3b0
[  276.370433][T14169]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.370439][T14169]  ? exc_page_fault+0x9f/0xf0
[  276.370448][T14169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.370455][T14169] RIP: 0033:0x7fd1dcd8ebe9
[  276.370463][T14169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  276.370469][T14169] RSP: 002b:00007fd1daff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  276.370478][T14169] RAX: ffffffffffffffda RBX: 00007fd1dcfb5fa0 RCX: 00007fd1dcd8ebe9
[  276.370484][T14169] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  276.370488][T14169] RBP: 00007fd1dce11e19 R08: 0000000000000004 R09: 0000000000000000
[  276.370492][T14169] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  276.370503][T14169] R13: 00007fd1dcfb6038 R14: 00007fd1dcfb5fa0 R15: 00007ffe782cd8e8
[  276.370512][T14169]  </TASK>
[  276.370515][T14169] Mem-Info:
[  276.491298][T14169] active_anon:14879 inactive_anon:0 isolated_anon:0
[  276.491298][T14169]  active_file:15682 inactive_file:38473 isolated_file:0
[  276.491298][T14169]  unevictable:1768 dirty:206 writeback:0
[  276.491298][T14169]  slab_reclaimable:5993 slab_unreclaimable:56122
[  276.491298][T14169]  mapped:19438 shmem:11193 pagetables:1309
[  276.491298][T14169]  sec_pagetables:0 bounce:0
[  276.491298][T14169]  kernel_misc_reclaimable:0
[  276.491298][T14169]  free:252066 free_pcp:34812 free_cma:0
[  276.508402][T14169] Node 0 active_anon:16300kB inactive_anon:0kB active_file:19224kB inactive_file:13120kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:45892kB dirty:500kB writeback:0kB shmem:8276kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5140kB pagetables:2988kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  276.523256][T14169] Node 1 active_anon:43216kB inactive_anon:0kB active_file:43504kB inactive_file:140772kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:31860kB dirty:324kB writeback:0kB shmem:36496kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8060kB pagetables:2248kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  276.534623][T14169] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  276.545751][T14169] lowmem_reserve[]: 0 811 811 811 811
[  276.548343][T14169] Node 0 DMA32 free:379388kB boost:0kB min:33660kB low:42072kB high:50484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16232kB inactive_anon:0kB active_file:19224kB inactive_file:12780kB unevictable:3536kB writepending:500kB present:1556484kB managed:830948kB mlocked:0kB bounce:0kB free_pcp:60552kB local_pcp:47048kB free_cma:0kB
[  276.563253][T14169] lowmem_reserve[]: 0 0 0 0 0
[  276.566728][T14169] Node 1 DMA32 free:450804kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:7804kB local_pcp:0kB free_cma:0kB
[  276.567272][ T9993] ocfs2: Unmounting device (7,3) on (node local)
[  276.582387][T14169] lowmem_reserve[]: 0 0 854 854 854
[  276.584474][T14169] Node 1 Normal free:170732kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:43212kB inactive_anon:0kB active_file:43504kB inactive_file:140664kB unevictable:3536kB writepending:332kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:63552kB local_pcp:43336kB free_cma:0kB
[  276.596660][T14169] lowmem_reserve[]: 0 0 0 0 0
[  276.598507][T14169] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  276.609503][T14169] Node 0 DMA32: 484*4kB (UME) 476*8kB (UME) 407*16kB (UME) 306*32kB (UME) 264*64kB (UME) 126*128kB (UME) 59*256kB (UE) 28*512kB (UME) 22*1024kB (UM) 5*2048kB (UM) 64*4096kB (UME) = 379424kB
[  276.617603][T14169] Node 1 DMA32: 1*4kB (U) 0*8kB 1*16kB (M) 1*32kB (M) 1*64kB (M) 1*128kB (U) 2*256kB (UM) 1*512kB (U) 1*1024kB (U) 1*2048kB (U) 109*4096kB (M) = 450804kB
[  276.623850][T14169] Node 1 Normal: 547*4kB (UE) 429*8kB (UE) 352*16kB (UME) 345*32kB (UE) 72*64kB (UME) 133*128kB (UME) 87*256kB (UME) 48*512kB (UME) 20*1024kB (UME) 3*2048kB (M) 15*4096kB (M) = 178836kB
[  276.631422][T14169] Node 0 hugepages_total=3 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  276.635153][T14169] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  276.638319][T14169] 61728 total pagecache pages
[  276.640604][T14169] 0 pages in swap cache
[  276.642117][T14169] Free swap  = 124996kB
[  276.643828][T14169] Total swap = 124996kB
[  276.645641][T14169] 786301 pages RAM
[  276.647288][T14169] 0 pages HighMem/MovableOnly
[  276.649331][T14169] 241332 pages reserved
[  276.651983][T14169] 0 pages cma reserved
[  276.917892][T14188] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3142'.
[  276.921977][T14188] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  276.935245][T14188] batman_adv: batadv0: Removing interface: batadv_slave_1
[  277.125037][T14204] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3150'.
[  277.150653][T14206] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3151'.
[  277.350090][T14216] loop3: detected capacity change from 0 to 32768
[  277.353067][T14216] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.3156 (14216)
[  277.360314][T14216] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  277.366813][T14216] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  277.393255][T14233] netlink: 146780 bytes leftover after parsing attributes in process `syz.1.3161'.
[  277.404769][T14216] BTRFS info (device loop3): enabling ssd optimizations
[  277.407229][T14216] BTRFS info (device loop3): enabling free space tree
[  277.441056][ T9993] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  277.794486][T14259] loop3: detected capacity change from 0 to 32768
[  277.801556][T14259] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.3169 (14259)
[  277.827805][T14259] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  277.838269][T14259] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  277.876870][T14275] ip6erspan0: entered promiscuous mode
[  277.964226][T14277] tipc: Cannot configure node identity twice
[  277.989802][ T5238] Bluetooth: hci2: command 0x0406 tx timeout
[  278.024335][T14259] BTRFS info (device loop3): rebuilding free space tree
[  278.041423][T14259] BTRFS info (device loop3): enabling ssd optimizations
[  278.046051][T14259] BTRFS info (device loop3): turning on sync discard
[  278.054257][T14259] BTRFS info (device loop3): enabling free space tree
[  278.056988][T14259] BTRFS info (device loop3): force clearing of disk cache
[  278.060219][T14259] BTRFS info (device loop3): enabling auto defrag
[  278.063085][T14259] BTRFS info (device loop3): max_inline set to 0
[  278.078210][   T33] audit: type=1800 audit(2000000069.280:344): pid=14259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3169" name="file1" dev="loop3" ino=260 res=0 errno=0
[  278.479214][ T9993] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  278.718094][T14315] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3188'.
[  278.727499][T14313] loop3: detected capacity change from 0 to 2048
[  278.767908][T14313] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  278.805528][ T9993] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  278.843033][T14331] macvlan2: entered promiscuous mode
[  278.845263][T14331] macvlan2: entered allmulticast mode
[  279.413543][T14360] loop3: detected capacity change from 0 to 32768
[  279.423456][T14360] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  279.437365][T14360] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  279.445842][   T33] audit: type=1800 audit(2000000070.650:345): pid=14360 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3207" name="bus" dev="loop3" ino=17058 res=0 errno=0
[  279.469733][ T9993] ocfs2: Unmounting device (7,3) on (node local)
[  279.535389][T14364] loop3: detected capacity change from 0 to 1024
[  279.581888][T14364] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6
[  279.595548][T14364] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3208'.
[  280.108188][T14407] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3227'.
[  280.944924][   T33] audit: type=1326 audit(2000000072.051:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14372 comm="syz.3.3211" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff87878ebe9 code=0x7fc00000
[  281.435943][T14461] syz_tun: entered allmulticast mode
[  281.485023][   T47] syz_tun: left allmulticast mode
[  282.264655][T14521] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  282.268165][T14521] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  282.865609][T14530] bond1: entered promiscuous mode
[  282.868039][T14530] 8021q: adding VLAN 0 to HW filter on device bond1
[  282.952909][T14537] tipc: New replicast peer: 10.1.1.2
[  282.955406][T14537] tipc: Enabled bearer <udp:syz2>, priority 10
[  283.097624][T14550] overlayfs: failed to clone upperpath
[  283.116473][T14552] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  283.213226][T14562] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3296'.
[  283.433731][    T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  283.596491][    T9] usb 4-1: Using ep0 maxpacket: 16
[  283.600612][    T9] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  283.605191][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  283.608926][    T9] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  283.612833][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  283.617536][    T9] usb 4-1: config 0 descriptor??
[  284.059634][    T9] nzxt-smart2 0003:1E71:2009.000F: unknown main item tag 0x0
[  284.065827][    T9] nzxt-smart2 0003:1E71:2009.000F: unknown main item tag 0x0
[  284.068380][    T9] nzxt-smart2 0003:1E71:2009.000F: unknown main item tag 0x0
[  284.070948][    T9] nzxt-smart2 0003:1E71:2009.000F: unknown main item tag 0x0
[  284.073891][    T9] nzxt-smart2 0003:1E71:2009.000F: unknown main item tag 0x0
[  284.078509][    T9] nzxt-smart2 0003:1E71:2009.000F: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.3-1/input0
[  284.170648][ T5923] tipc: Node number set to 2490162269
[  284.279644][    C0] usb 4-1: input irq status -75 received
[  284.496989][ T5923] usb 4-1: USB disconnect, device number 14
[  285.106435][T14615] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3321'.
[  285.228882][T14619] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3323'.
[  285.395064][    T9] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  285.559879][    T9] usb 4-1: New USB device found, idVendor=0545, idProduct=808b, bcdDevice=31.ad
[  285.563207][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.566904][    T9] usb 4-1: config 0 descriptor??
[  285.571430][    T9] gspca_main: tv8532-2.14.0 probing 0545:808b
[  285.806781][    T9] usb 4-1: USB disconnect, device number 15
[  286.653953][T14669] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3346'.
[  286.757359][T14677] loop3: detected capacity change from 0 to 128
[  286.776094][T14677] loop3: detected capacity change from 0 to 8
[  286.785704][T14677] SQUASHFS error: Unable to read inode 0x127
[  287.630358][   T33] audit: type=1804 audit(2000000084.253:347): pid=14690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3356" name="file0" dev="tmpfs" ino=6434 res=1 errno=0
[  288.158549][T14720] netlink: 6 bytes leftover after parsing attributes in process `syz.1.3370'.
[  288.630268][T14754] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3386'.
[  289.903629][T14797] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3405'.
[  289.907510][T14797] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3405'.
[  290.274423][T14818] overlayfs: failed to clone upperpath
[  291.350042][T14861] mac80211_hwsim hwsim10 wlan0: entered promiscuous mode
[  291.353497][T14861] macvtap1: entered allmulticast mode
[  291.355740][T14861] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode
[  291.412043][T14861] mac80211_hwsim hwsim10 wlan0: left allmulticast mode
[  291.415264][T14861] mac80211_hwsim hwsim10 wlan0: left promiscuous mode
[  291.741997][T14881] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3442'.
[  291.749786][T14881] gretap0: entered promiscuous mode
[  291.753355][T14881] gretap0: left promiscuous mode
[  292.471911][T14923] netlink: 'syz.1.3462': attribute type 2 has an invalid length.
[  292.512066][   T55] Bluetooth: hci2: ACL packet too small
[  292.764702][T14943] sctp: [Deprecated]: syz.3.3472 (pid 14943) Use of int in maxseg socket option.
[  292.764702][T14943] Use struct sctp_assoc_value instead
[  293.808484][T14994] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3492'.
[  293.812582][T14994] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3492'.
[  294.069385][T15006] virtio-fs: tag </dev/md0> not found
[  294.379475][T15034] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3513'.
[  294.456242][T15042] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  294.884223][    C1] hrtimer: interrupt took 15349 ns
[  295.475910][T15098] netlink: 'syz.2.3540': attribute type 3 has an invalid length.
[  295.642828][T15111] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3547'.
[  295.653790][T15111] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3547'.
[  295.749949][T15130] overlayfs: failed to clone upperpath
[  295.996264][T15147] netlink: 452 bytes leftover after parsing attributes in process `syz.2.3558'.
[  297.727132][T15241] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3580'.
[  297.757982][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  298.874388][T15285] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  298.923545][T15295] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3605'.
[  298.946193][T15299] netlink: 'syz.3.3606': attribute type 15 has an invalid length.
[  298.967418][T15302] overlayfs: failed to clone upperpath
[  299.112095][T15303] tipc: Failed to remove unknown binding: 66,1,1/2490162269:3323996299/3323996301
[  299.115974][T15303] tipc: Failed to remove unknown binding: 66,1,1/2490162269:3323996299/3323996301
[  300.071337][T15366] netlink: 'syz.1.3639': attribute type 11 has an invalid length.
[  300.444245][T15377] 9pnet: p9_errstr2errno: server reported unknown error @L	O!L+
[  300.556454][T15383] netlink: 'syz.2.3647': attribute type 34 has an invalid length.
[  302.882190][T15479] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3684'.
[  302.886235][T15479] netlink: 'syz.2.3684': attribute type 18 has an invalid length.
[  302.911424][T15479] vxlan0: entered promiscuous mode
[  302.916038][ T5920] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  302.920638][ T5920] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  302.928026][ T5920] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  302.933080][ T5920] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  303.984818][T15499] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3693'.
[  304.711672][T15529] (unnamed net_device) (uninitialized): option arp_validate: invalid value (18446744073709551614)
[  304.802708][T15535] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.3709'.
[  305.078560][T15543] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3712'.
[  305.308787][   T33] audit: type=1326 audit(2000000100.563:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15548 comm="syz.1.3715" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd1dcd8ebe9 code=0x0
[  306.323849][T15600] dvmrp5: entered allmulticast mode
[  306.333521][T15600] pimreg: entered allmulticast mode
[  306.620810][T15616] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3746'.
[  307.009278][T15643] netlink: 'syz.3.3759': attribute type 2 has an invalid length.
[  307.022137][T15643] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3759'.
[  308.116066][T15689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3779'.
[  308.756905][T15717] overlayfs: failed to clone upperpath
[  308.843941][T15723] overlayfs: failed to clone upperpath
[  308.860572][T15724] netlink: 'syz.2.3794': attribute type 4 has an invalid length.
[  308.874889][T15724] netlink: 'syz.2.3794': attribute type 4 has an invalid length.
[  310.131603][T15779] overlayfs: failed to resolve './file0': -2
[  310.754972][T15790] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 3946
[  310.816149][T15798] overlayfs: failed to clone upperpath
[  311.269852][   T33] audit: type=1326 audit(2000000106.073:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15839 comm="syz.2.3847" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4ea1b8ebe9 code=0x0
[  311.538517][T15865] netlink: 'syz.2.3858': attribute type 1 has an invalid length.
[  311.669122][T15879] vcan0: tx address claim with dest, not broadcast
[  311.721892][T15885] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3868'.
[  312.394731][T15907] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3878'.
[  312.496305][T15915] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3882'.
[  312.499861][T15915] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3882'.
[  312.503740][T15915] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3882'.
[  313.502665][   T33] audit: type=1326 audit(2000000108.131:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15957 comm="syz.3.3902" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff87878ebe9 code=0x7ffc0000
[  313.513168][   T33] audit: type=1326 audit(2000000108.131:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15957 comm="syz.3.3902" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff87878ebe9 code=0x7ffc0000
[  313.522707][   T33] audit: type=1326 audit(2000000108.131:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15957 comm="syz.3.3902" exe="/syz-executor" sig=0 arch=c000003e syscall=127 compat=0 ip=0x7ff87878ebe9 code=0x7ffc0000
[  313.533837][   T33] audit: type=1326 audit(2000000108.131:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15957 comm="syz.3.3902" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff87878ebe9 code=0x7ffc0000
[  313.688743][T15979] netlink: 'syz.1.3911': attribute type 1 has an invalid length.
[  314.181360][T16012] bond1 (unregistering): Released all slaves
[  314.213258][   T12] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  314.221419][   T12] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  314.225142][   T12] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  314.228240][   T12] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  314.592284][   T55] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  314.765145][T16055] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  316.490826][T16132] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3974'.
[  316.520100][T16136] netlink: 'syz.2.3976': attribute type 13 has an invalid length.
[  316.548964][T16136] erspan0: refused to change device tx_queue_len
[  316.551818][T16136] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  316.875484][   T55] Bluetooth: hci1: adv larger than maximum supported
[  316.875504][   T55] Bluetooth: hci1: Malformed LE Event: 0x0d
[  317.170442][T16187] pimreg: left allmulticast mode
[  317.173483][T16187] dvmrp5: left allmulticast mode
[  317.420437][T16201] netlink: 'syz.1.4007': attribute type 1 has an invalid length.
[  317.450365][T16201] 8021q: adding VLAN 0 to HW filter on device bond3
[  317.459041][T16201] bond2: (slave bond3): making interface the new active one
[  317.462248][T16201] bond2: (slave bond3): Enslaving as an active interface with an up link
[  317.468664][T16201] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4007'.
[  317.473145][T16201] bond2: entered promiscuous mode
[  317.482286][T16201] bond3: entered promiscuous mode
[  317.484598][T16201] bond2: entered allmulticast mode
[  317.489198][T16201] bond3: entered allmulticast mode
[  317.491913][T16201] 8021q: adding VLAN 0 to HW filter on device bond2
[  317.541049][T16216] mac80211_hwsim hwsim6 `: renamed from wlan1 (while UP)
[  317.841015][T16260] netlink: 'syz.3.4034': attribute type 3 has an invalid length.
[  317.844687][T16260] netlink: 156 bytes leftover after parsing attributes in process `syz.3.4034'.
[  317.848643][T16260] netlink: 'syz.3.4034': attribute type 3 has an invalid length.
[  317.852171][T16260] netlink: 156 bytes leftover after parsing attributes in process `syz.3.4034'.
[  318.011664][T16276] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4043'.
[  318.015485][T16276] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4043'.
[  318.064994][T16282] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4045'.
[  318.068843][T16282] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4045'.
[  318.271923][   T33] audit: type=1326 audit(2000000112.534:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16298 comm="syz.1.4054" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1dcd8ebe9 code=0x7ffc0000
[  318.284887][   T33] audit: type=1326 audit(2000000112.534:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16298 comm="syz.1.4054" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1dcd8ebe9 code=0x7ffc0000
[  318.296659][   T33] audit: type=1326 audit(2000000112.534:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16298 comm="syz.1.4054" exe="/syz-executor" sig=0 arch=c000003e syscall=234 compat=0 ip=0x7fd1dcd8ebe9 code=0x7ffc0000
[  318.306252][   T33] audit: type=1326 audit(2000000112.534:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16298 comm="syz.1.4054" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1dcd8ebe9 code=0x7ffc0000
[  318.323236][   T33] audit: type=1326 audit(2000000112.543:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16298 comm="syz.1.4054" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1dcd8ebe9 code=0x7ffc0000
[  318.971021][T16331] overlayfs: conflicting options: userxattr,redirect_dir=follow
[  319.778406][T16375] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4088'.
[  319.781621][T16375] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4088'.
[  319.785627][T16375] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4088'.
[  319.948380][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[  319.951242][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[  320.067375][T16377] netlink: 'syz.2.4089': attribute type 27 has an invalid length.
[  322.839325][T16506] mmap: syz.1.4150 (16506): VmData 37470208 exceed data ulimit 9868. Update limits or use boot option ignore_rlimit_data.
[  322.894118][T16509] __nla_validate_parse: 5 callbacks suppressed
[  322.894136][T16509] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4152'.
[  322.924877][T16509] bond4: (slave ipvlan1): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  322.930056][T16509] bond4: (slave ipvlan1): The slave device specified does not support setting the MAC address
[  322.947000][T16509] bond4: (slave ipvlan1): Error -95 calling set_mac_address
[  323.080085][T16518] netlink: 'syz.2.4153': attribute type 10 has an invalid length.
[  323.083280][T16518] netlink: 1948 bytes leftover after parsing attributes in process `syz.2.4153'.
[  323.108779][T16518] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4153'.
[  323.843409][T16575] overlayfs: failed to resolve './file1': -2
[  323.859331][T16585] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4189'.
[  323.877248][T16585] netlink: 336 bytes leftover after parsing attributes in process `syz.3.4189'.
[  324.252367][T16624] openvswitch: netlink: Multiple metadata blocks provided
[  324.277160][T16630] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4210'.
[  324.652478][T16680] netlink: 6 bytes leftover after parsing attributes in process `syz.1.4234'.
[  324.761877][T16690] netlink: 'syz.1.4239': attribute type 1 has an invalid length.
[  324.774580][T16690] bond5: entered promiscuous mode
[  324.776714][T16690] 8021q: adding VLAN 0 to HW filter on device bond5
[  324.788090][T16690] 8021q: adding VLAN 0 to HW filter on device bond5
[  324.790429][T16690] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address
[  324.793924][T16690] bond5: (slave vxcan3): Setting fail_over_mac to active for active-backup mode
[  324.798203][T16690] bond5: (slave vxcan3): making interface the new active one
[  324.800812][T16690] vxcan3: entered promiscuous mode
[  324.802949][T16690] bond5: (slave vxcan3): Enslaving as an active interface with an up link
[  325.104452][T16699] netlink: 'syz.1.4243': attribute type 10 has an invalid length.
[  325.107595][T16699] openvswitch: netlink: Flow key attr not present in new flow.
[  325.870892][T16731] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4258'.
[  326.163319][T16773] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4277'.
[  326.173844][T16773] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4277'.
[  326.405320][T16801] syz_tun: entered promiscuous mode
[  326.409407][T16801] syz_tun: left promiscuous mode
[  326.481720][T16805] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  326.507810][T16809] cifs: Unknown parameter 'IT&:"1:ӭ'4,Zz-#F<]%gC
[  326.507810][T16809] SȘȞZ6'
[  326.895153][T16825] (unnamed net_device) (uninitialized): peer notification delay (9) is not a multiple of miimon (100), value rounded to 0 ms
[  326.899648][T16825] (unnamed net_device) (uninitialized): option use_carrier: invalid value (5)
[  327.152902][T16847] veth1_macvtap: left promiscuous mode
[  327.155275][T16847] macsec0: entered promiscuous mode
[  328.838299][T16947] netlink: 'syz.1.4357': attribute type 2 has an invalid length.
[  328.843365][T16947] netlink: 'syz.1.4357': attribute type 1 has an invalid length.
[  328.958491][   T33] audit: type=1326 audit(2000000122.391:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16956 comm="syz.2.4363" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  328.980995][   T33] audit: type=1326 audit(2000000122.391:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16956 comm="syz.2.4363" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  328.993838][   T33] audit: type=1326 audit(2000000122.391:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16956 comm="syz.2.4363" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  329.001540][   T33] audit: type=1326 audit(2000000122.391:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16956 comm="syz.2.4363" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  329.010051][   T33] audit: type=1326 audit(2000000122.391:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16956 comm="syz.2.4363" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  329.020553][   T33] audit: type=1326 audit(2000000122.391:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16956 comm="syz.2.4363" exe="/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  329.041527][   T33] audit: type=1326 audit(2000000122.391:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16956 comm="syz.2.4363" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  329.052161][   T33] audit: type=1326 audit(2000000122.391:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16956 comm="syz.2.4363" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  329.062109][   T33] audit: type=1326 audit(2000000122.391:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16956 comm="syz.2.4363" exe="/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  329.072297][   T33] audit: type=1326 audit(2000000122.391:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16956 comm="syz.2.4363" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ea1b8ebe9 code=0x7ffc0000
[  329.169938][T16968] netlink: 'syz.3.4367': attribute type 29 has an invalid length.
[  329.173869][T16968] netlink: 'syz.3.4367': attribute type 29 has an invalid length.
[  329.177764][T16968] netlink: 'syz.3.4367': attribute type 29 has an invalid length.
[  331.924354][T17070] sctp: [Deprecated]: syz.3.4412 (pid 17070) Use of int in max_burst socket option.
[  331.924354][T17070] Use struct sctp_assoc_value instead
[  331.955317][T17072] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  333.598358][T17156] syz_tun: entered allmulticast mode
[  333.613401][T17155] syz_tun: left allmulticast mode
[  333.745722][T17168] syz_tun: entered promiscuous mode
[  333.748941][T17168] batadv_slave_0: entered promiscuous mode
[  333.752116][T17168] batadv_slave_0: left promiscuous mode
[  333.754964][T17168] syz_tun: left promiscuous mode
[  334.920826][T17219] __nla_validate_parse: 3 callbacks suppressed
[  334.920876][T17219] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4476'.
[  335.009457][T17219] dummy0 (unregistering): left promiscuous mode
[  335.239926][T17227] pim6reg: entered allmulticast mode
[  335.334385][T17233] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4483'.
[  335.339603][T17233] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4483'.
[  335.520174][T17241] IPv6: NLM_F_CREATE should be specified when creating new route
[  335.523184][T17241] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  335.526072][T17241] IPv6: NLM_F_CREATE should be set when creating new route
[  335.529115][T17241] IPv6: NLM_F_CREATE should be set when creating new route
[  335.532055][T17241] IPv6: NLM_F_CREATE should be set when creating new route
[  335.537250][T17241] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  335.743221][T17259] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4496'.
[  336.247862][T17288] all: renamed from bridge_slave_0 (while UP)
[  336.278331][T17290] geneve3: entered promiscuous mode
[  336.280184][T17290] geneve3: entered allmulticast mode
[  336.516872][T17310] overlayfs: failed to clone upperpath
[  336.755488][   T55] Bluetooth: hci1: unexpected event for opcode 0x200a
[  337.736966][T17416] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4572'.
[  337.740824][T17416] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4572'.
[  338.038790][T17439] netlink: 129704 bytes leftover after parsing attributes in process `syz.2.4583'.
[  338.155864][T17458] netlink: 6 bytes leftover after parsing attributes in process `syz.1.4591'.
[  339.189787][T17483] batadv1: entered promiscuous mode
[  339.253259][T17486] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4604'.
[  339.880818][T17541] overlayfs: failed to clone upperpath
[  343.116152][ T5920] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  343.799526][T17680] 9pnet_fd: Insufficient options for proto=fd
[  343.866866][   T55] Bluetooth: hci1: unexpected event for opcode 0x0401
[  343.891731][T17697] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4696'.
[  345.403879][T17744] overlayfs: failed to clone upperpath
[  345.883117][T17787] netlink: 384 bytes leftover after parsing attributes in process `syz.3.4730'.
[  345.886244][T17787] netlink: 'syz.3.4730': attribute type 2 has an invalid length.
[  346.051853][T17791] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4737'.
[  346.191701][T17797] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  346.231369][T17810] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  346.709183][T17842] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4761'.
[  346.766448][T17854] 9pnet_fd: Insufficient options for proto=fd
[  346.937998][T17864] overlayfs: failed to clone lowerpath
[  346.951320][T17864] overlayfs: failed to clone upperpath
[  347.134970][T17872] vlan2: entered promiscuous mode
[  347.137116][T17872] macvtap0: entered promiscuous mode
[  347.681214][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  348.764460][T17931] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4802'.
[  348.774667][T17931] macvtap1: entered allmulticast mode
[  348.901729][T17948] netlink: 'syz.1.4810': attribute type 3 has an invalid length.
[  348.904410][T17948] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4810'.
[  348.907907][T17948] netlink: 'syz.1.4810': attribute type 1 has an invalid length.
[  349.190376][T17958] ceph: No mds server is up or the cluster is laggy
[  349.438423][T17970] delete_channel: no stack
[  349.486814][T17976] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  349.756844][T17997] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  350.973168][   T33] kauditd_printk_skb: 20 callbacks suppressed
[  350.973181][   T33] audit: type=1326 audit(2000000142.716:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18031 comm="syz.3.4844" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff87878ebe9 code=0x7ffc0000
[  350.984301][   T33] audit: type=1326 audit(2000000142.716:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18031 comm="syz.3.4844" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff87878ebe9 code=0x7ffc0000
[  350.993940][   T33] audit: type=1326 audit(2000000142.725:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18031 comm="syz.3.4844" exe="/syz-executor" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7ff87878ebe9 code=0x7ffc0000
[  351.003540][   T33] audit: type=1326 audit(2000000142.725:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18031 comm="syz.3.4844" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff87878ebe9 code=0x7ffc0000
[  351.013255][   T33] audit: type=1326 audit(2000000142.725:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18031 comm="syz.3.4844" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff87878ebe9 code=0x7ffc0000
[  351.031920][T18034] vlan3: entered allmulticast mode
[  351.219159][   T33] audit: type=1800 audit(2000000142.947:394): pid=18044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4850" name="bus" dev="tmpfs" ino=5208 res=0 errno=0
[  353.341620][T18096] proc: Bad value for 'gid'
[  353.435266][T18106] netlink: 'syz.2.4878': attribute type 10 has an invalid length.
[  353.439167][T18106] macvlan0: entered promiscuous mode
[  353.441645][T18106] macvlan0: entered allmulticast mode
[  353.448339][T18106] veth1_vlan: entered allmulticast mode
[  353.453213][T18106] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  353.978521][T18160] netlink: 'syz.3.4904': attribute type 3 has an invalid length.
[  353.981855][T18160] netlink: 'syz.3.4904': attribute type 3 has an invalid length.
[  353.989412][T18160] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4904'.
[  354.017704][T18166] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4907'.
[  354.022167][T18166] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4907'.
[  354.788687][T18203] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4922'.
[  355.041862][T18206] Invalid ELF header magic: != ELF
[  355.259697][T18214] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  355.263315][T18214] team0: Device macvtap1 is already an upper device of the team interface
[  355.680028][T18240] o2cb: This node has not been configured.
[  355.682728][T18240] o2cb: Cluster check failed. Fix errors before retrying.
[  355.685839][T18240] (syz.1.4938,18240,1):user_dlm_register:674 ERROR: status = -22
[  355.689341][T18240] (syz.1.4938,18240,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1"
[  355.816805][T18244] 9pnet_fd: Insufficient options for proto=fd
[  356.000725][T18262] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4948'.
[  356.004657][T18262] tc_dump_action: action bad kind
[  356.447654][T18274] netlink: 256 bytes leftover after parsing attributes in process `syz.1.4954'.
[  356.450875][T18274] unsupported nlmsg_type 40
[  357.388200][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  357.937332][T18321] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4975'.
[  358.023242][T18328] gtp0: entered promiscuous mode
[  358.031944][T18328] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4978'.
[  359.463539][T18388] A link change request failed with some changes committed already. Interface macvlan0 may have been left with an inconsistent configuration, please check.
[  359.818133][T18431] openvswitch: netlink: IPv4 tun info is not correct
[  361.362501][T18480] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5044'.
[  361.391952][T18482] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5045'.
[  362.130658][T18509] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  362.137533][T18509] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  362.920768][T18559] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5082'.
[  363.061120][T18592] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5095'.
[  363.065036][T18592] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5095'.
[  363.073997][T18590] overlayfs: failed to clone upperpath
[  363.078139][T18592] netlink: 'syz.2.5095': attribute type 6 has an invalid length.
[  363.105990][T18598] overlayfs: failed to clone upperpath
[  363.138326][   T33] audit: type=1326 audit(2000000153.940:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18604 comm="syz.3.5101" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff87878ebe9 code=0x0
[  363.728460][T18642] overlayfs: failed to clone upperpath
[  363.971580][   T33] audit: type=1400 audit(2000000154.715:396): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=18648 comm="syz.3.5120"
[  364.153430][T18663] netlink: 'syz.3.5127': attribute type 6 has an invalid length.
[  364.243904][T18671] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  364.349260][T18677] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5133'.
[  364.615124][T18708] netlink: 'syz.2.5148': attribute type 4 has an invalid length.
[  364.620531][T18708] netlink: 'syz.2.5148': attribute type 4 has an invalid length.
[  364.863392][T18744] netlink: 72 bytes leftover after parsing attributes in process `syz.2.5166'.
[  364.884668][T18748] overlayfs: failed to clone upperpath
[  365.011344][T18770] netlink: 176 bytes leftover after parsing attributes in process `syz.2.5179'.
[  365.184902][T18787] overlayfs: failed to clone upperpath
[  365.694095][T18806] overlayfs: failed to clone upperpath
[  365.956851][   T33] audit: type=1326 audit(2000000156.542:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18813 comm="syz.1.5199" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1dcd8ebe9 code=0x7fc00000
[  366.398461][T18831] netlink: 264 bytes leftover after parsing attributes in process `syz.3.5206'.
[  366.405689][T18831] netlink: 56 bytes leftover after parsing attributes in process `syz.3.5206'.
[  366.689623][   T33] audit: type=1326 audit(2000000157.216:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18813 comm="syz.1.5199" exe="/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd1dcd85ba7 code=0x7fc00000
[  367.194679][T18893] netlink: 'syz.2.5232': attribute type 2 has an invalid length.
[  367.199134][T18893] : entered promiscuous mode
[  367.474047][T18912] netlink: 'syz.3.5240': attribute type 1 has an invalid length.
[  367.482179][T18912] 8021q: adding VLAN 0 to HW filter on device bond2
[  368.045895][T18920] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5242'.
[  368.759227][   T33] audit: type=1800 audit(2000000159.136:399): pid=18991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.5278" name="bus" dev="tmpfs" ino=9561 res=0 errno=0
[  369.145614][T19022] netlink: 830 bytes leftover after parsing attributes in process `syz.1.5291'.
[  370.111823][T19115] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (8)
[  370.550841][T19143] 8021q: adding VLAN 0 to HW filter on device bond6
[  370.999489][T19165] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  371.019502][T19167] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5354'.
[  371.642517][T19211] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5374'.
[  371.906315][T19228] ==================================================================
[  371.909676][T19228] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x570/0xf30
[  371.912871][T19228] Read of size 4 at addr ffff88802e315744 by task syz.2.5382/19228
[  371.917117][T19228] 
[  371.918131][T19228] CPU: 1 UID: 0 PID: 19228 Comm: syz.2.5382 Not tainted syzkaller #0 PREEMPT(full) 
[  371.918148][T19228] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  371.918156][T19228] Call Trace:
[  371.918162][T19228]  <TASK>
[  371.918168][T19228]  dump_stack_lvl+0x189/0x250
[  371.918190][T19228]  ? __pfx_dump_stack_lvl+0x10/0x10
[  371.918233][T19228]  ? lock_release+0x4b/0x3e0
[  371.918254][T19228]  ? __virt_addr_valid+0x4a5/0x5c0
[  371.918272][T19228]  print_report+0xca/0x240
[  371.918284][T19228]  ? xfrm_alloc_spi+0x570/0xf30
[  371.918297][T19228]  kasan_report+0x118/0x150
[  371.918312][T19228]  ? lock_acquire+0x5f/0x360
[  371.918328][T19228]  ? xfrm_alloc_spi+0x570/0xf30
[  371.918342][T19228]  xfrm_alloc_spi+0x570/0xf30
[  371.918355][T19228]  ? xfrm_alloc_spi+0x2a0/0xf30
[  371.918370][T19228]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  371.918382][T19228]  ? xfrm_find_acq+0x87/0xa0
[  371.918395][T19228]  xfrm_alloc_userspi+0x70b/0xc90
[  371.918413][T19228]  ? apparmor_capable+0x137/0x1b0
[  371.918427][T19228]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  371.918441][T19228]  ? __nla_parse+0x40/0x60
[  371.918459][T19228]  xfrm_user_rcv_msg+0x7a3/0xab0
[  371.918474][T19228]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  371.918495][T19228]  ? __pfx___mutex_trylock_common+0x10/0x10
[  371.918508][T19228]  ? rcu_is_watching+0x15/0xb0
[  371.918519][T19228]  ? trace_contention_end+0x39/0x120
[  371.918531][T19228]  ? __mutex_lock+0x335/0x1350
[  371.918548][T19228]  netlink_rcv_skb+0x208/0x470
[  371.918564][T19228]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  371.918577][T19228]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  371.918595][T19228]  ? lock_release+0x4b/0x3e0
[  371.918612][T19228]  ? netlink_deliver_tap+0x2e/0x1b0
[  371.918629][T19228]  xfrm_netlink_rcv+0x79/0x90
[  371.918641][T19228]  netlink_unicast+0x82f/0x9e0
[  371.918659][T19228]  ? __pfx_netlink_unicast+0x10/0x10
[  371.918682][T19228]  ? netlink_sendmsg+0x642/0xb30
[  371.918697][T19228]  ? skb_put+0x11b/0x210
[  371.918709][T19228]  netlink_sendmsg+0x805/0xb30
[  371.918729][T19228]  ? __pfx_netlink_sendmsg+0x10/0x10
[  371.918745][T19228]  ? futex_unqueue+0x22/0x240
[  371.918757][T19228]  ? aa_sock_msg_perm+0xf1/0x1d0
[  371.918768][T19228]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  371.918780][T19228]  ? __pfx_netlink_sendmsg+0x10/0x10
[  371.918795][T19228]  __sock_sendmsg+0x21c/0x270
[  371.918812][T19228]  ____sys_sendmsg+0x505/0x830
[  371.918823][T19228]  ? __pfx_____sys_sendmsg+0x10/0x10
[  371.918836][T19228]  ? import_iovec+0x74/0xa0
[  371.918850][T19228]  ___sys_sendmsg+0x21f/0x2a0
[  371.918860][T19228]  ? __pfx____sys_sendmsg+0x10/0x10
[  371.918871][T19228]  ? futex_wait+0x285/0x360
[  371.918893][T19228]  ? __fget_files+0x2a/0x420
[  371.918911][T19228]  ? __fget_files+0x3a0/0x420
[  371.918930][T19228]  __x64_sys_sendmsg+0x19b/0x260
[  371.918943][T19228]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  371.918959][T19228]  ? rcu_is_watching+0x15/0xb0
[  371.918971][T19228]  do_syscall_64+0xfa/0x3b0
[  371.918989][T19228]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.919001][T19228]  ? exc_page_fault+0x9f/0xf0
[  371.919016][T19228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.919029][T19228] RIP: 0033:0x7f4ea1b8ebe9
[  371.919042][T19228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  371.919054][T19228] RSP: 002b:00007f4ea29f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  371.919069][T19228] RAX: ffffffffffffffda RBX: 00007f4ea1db5fa0 RCX: 00007f4ea1b8ebe9
[  371.919078][T19228] RDX: 0000000000000000 RSI: 0000200000000a80 RDI: 0000000000000003
[  371.919086][T19228] RBP: 00007f4ea1c11e19 R08: 0000000000000000 R09: 0000000000000000
[  371.919093][T19228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  371.919101][T19228] R13: 00007f4ea1db6038 R14: 00007f4ea1db5fa0 R15: 00007fffba739d88
[  371.919115][T19228]  </TASK>
[  371.919119][T19228] 
[  372.068902][T19228] Allocated by task 15147:
[  372.070742][T19228]  kasan_save_track+0x3e/0x80
[  372.072551][T19228]  __kasan_slab_alloc+0x6c/0x80
[  372.074101][T19228]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  372.075994][T19228]  xfrm_state_alloc+0x24/0x2f0
[  372.077862][T19228]  __find_acq_core+0x8a7/0x1c00
[  372.079589][T19228]  xfrm_find_acq+0x78/0xa0
[  372.081127][T19228]  xfrm_alloc_userspi+0x6b3/0xc90
[  372.082829][T19228]  xfrm_user_rcv_msg+0x7a3/0xab0
[  372.084513][T19228]  netlink_rcv_skb+0x208/0x470
[  372.086073][T19228]  xfrm_netlink_rcv+0x79/0x90
[  372.087712][T19228]  netlink_unicast+0x82f/0x9e0
[  372.089693][T19228]  netlink_sendmsg+0x805/0xb30
[  372.091557][T19228]  __sock_sendmsg+0x21c/0x270
[  372.093305][T19228]  ____sys_sendmsg+0x505/0x830
[  372.095375][T19228]  ___sys_sendmsg+0x21f/0x2a0
[  372.097492][T19228]  __x64_sys_sendmsg+0x19b/0x260
[  372.099572][T19228]  do_syscall_64+0xfa/0x3b0
[  372.101422][T19228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.103424][T19228] 
[  372.104244][T19228] Freed by task 975:
[  372.105557][T19228]  kasan_save_track+0x3e/0x80
[  372.107154][T19228]  kasan_save_free_info+0x46/0x50
[  372.108975][T19228]  __kasan_slab_free+0x5b/0x80
[  372.110577][T19228]  kmem_cache_free+0x18f/0x400
[  372.112190][T19228]  xfrm_state_gc_task+0x52d/0x6b0
[  372.113925][T19228]  process_scheduled_works+0xae1/0x17b0
[  372.115996][T19228]  worker_thread+0x8a0/0xda0
[  372.117540][T19228]  kthread+0x711/0x8a0
[  372.118864][T19228]  ret_from_fork+0x3fc/0x770
[  372.120432][T19228]  ret_from_fork_asm+0x1a/0x30
[  372.121970][T19228] 
[  372.122720][T19228] The buggy address belongs to the object at ffff88802e315680
[  372.122720][T19228]  which belongs to the cache xfrm_state of size 928
[  372.127075][T19228] The buggy address is located 196 bytes inside of
[  372.127075][T19228]  freed 928-byte region [ffff88802e315680, ffff88802e315a20)
[  372.131988][T19228] 
[  372.132888][T19228] The buggy address belongs to the physical page:
[  372.135446][T19228] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802e314000 pfn:0x2e314
[  372.139620][T19228] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  372.142965][T19228] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  372.146453][T19228] page_type: f5(slab)
[  372.148136][T19228] raw: 00fff00000000240 ffff888104e9d500 ffffea000082b710 ffffea0000cc4510
[  372.151787][T19228] raw: ffff88802e314000 00000000000e0001 00000000f5000000 0000000000000000
[  372.155425][T19228] head: 00fff00000000240 ffff888104e9d500 ffffea000082b710 ffffea0000cc4510
[  372.159095][T19228] head: ffff88802e314000 00000000000e0001 00000000f5000000 0000000000000000
[  372.162783][T19228] head: 00fff00000000002 ffffea0000b8c501 00000000ffffffff 00000000ffffffff
[  372.166454][T19228] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  372.170098][T19228] page dumped because: kasan: bad access detected
[  372.172807][T19228] page_owner tracks the page as allocated
[  372.175177][T19228] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6167, tgid 6166 (syz.1.104), ts 59615723726, free_ts 59578093425
[  372.182958][T19228]  post_alloc_hook+0x240/0x2a0
[  372.184964][T19228]  get_page_from_freelist+0x21e4/0x22c0
[  372.187307][T19228]  __alloc_frozen_pages_noprof+0x181/0x370
[  372.189780][T19228]  alloc_pages_mpol+0x232/0x4a0
[  372.191828][T19228]  allocate_slab+0x8a/0x370
[  372.193749][T19228]  ___slab_alloc+0xbeb/0x1410
[  372.195774][T19228]  kmem_cache_alloc_noprof+0x283/0x3c0
[  372.198051][T19228]  xfrm_state_alloc+0x24/0x2f0
[  372.200093][T19228]  __find_acq_core+0x8a7/0x1c00
[  372.202224][T19228]  xfrm_find_acq+0x78/0xa0
[  372.204139][T19228]  pfkey_getspi+0x65d/0xee0
[  372.206088][T19228]  pfkey_sendmsg+0xbfe/0x1090
[  372.208128][T19228]  __sock_sendmsg+0x21c/0x270
[  372.210153][T19228]  ____sys_sendmsg+0x505/0x830
[  372.212252][T19228]  ___sys_sendmsg+0x21f/0x2a0
[  372.214304][T19228]  __x64_sys_sendmsg+0x19b/0x260
[  372.216430][T19228] page last free pid 6162 tgid 6161 stack trace:
[  372.219134][T19228]  __free_frozen_pages+0xbc4/0xd30
[  372.221348][T19228]  stack_depot_save_flags+0x436/0x860
[  372.223684][T19228]  kasan_save_track+0x4f/0x80
[  372.225710][T19228]  __kasan_kmalloc+0x93/0xb0
[  372.227717][T19228]  __kmalloc_cache_noprof+0x230/0x3d0
[  372.230167][T19228]  dev_ethtool+0x126/0x19b0
[  372.232189][T19228]  dev_ioctl+0x392/0x1150
[  372.234104][T19228]  sock_do_ioctl+0x22c/0x300
[  372.236149][T19228]  sock_ioctl+0x576/0x790
[  372.238009][T19228]  __se_sys_ioctl+0xfc/0x170
[  372.240016][T19228]  do_syscall_64+0xfa/0x3b0
[  372.241996][T19228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.244532][T19228] 
[  372.245547][T19228] Memory state around the buggy address:
[  372.247910][T19228]  ffff88802e315600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  372.251318][T19228]  ffff88802e315680: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  372.254714][T19228] >ffff88802e315700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  372.258090][T19228]                                            ^
[  372.260730][T19228]  ffff88802e315780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  372.264310][T19228]  ffff88802e315800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  372.267714][T19228] ==================================================================
[  372.271551][T19228] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  372.274676][T19228] CPU: 1 UID: 0 PID: 19228 Comm: syz.2.5382 Not tainted syzkaller #0 PREEMPT(full) 
[  372.278682][T19228] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  372.282959][T19228] Call Trace:
[  372.284381][T19228]  <TASK>
[  372.285663][T19228]  dump_stack_lvl+0x99/0x250
[  372.287696][T19228]  ? __asan_memcpy+0x40/0x70
[  372.289654][T19228]  ? __pfx_dump_stack_lvl+0x10/0x10
[  372.291857][T19228]  ? __pfx__printk+0x10/0x10
[  372.293856][T19228]  vpanic+0x281/0x750
[  372.295599][T19228]  ? __pfx_vpanic+0x10/0x10
[  372.297541][T19228]  ? rcu_is_watching+0x15/0xb0
[  372.299601][T19228]  panic+0xb9/0xc0
[  372.301224][T19228]  ? __pfx_panic+0x10/0x10
[  372.303225][T19228]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  372.305853][T19228]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  372.308556][T19228]  ? xfrm_alloc_spi+0x570/0xf30
[  372.310716][T19228]  check_panic_on_warn+0x89/0xb0
[  372.312799][T19228]  ? xfrm_alloc_spi+0x570/0xf30
[  372.314869][T19228]  end_report+0x78/0x160
[  372.316679][T19228]  kasan_report+0x129/0x150
[  372.318685][T19228]  ? lock_acquire+0x5f/0x360
[  372.320757][T19228]  ? xfrm_alloc_spi+0x570/0xf30
[  372.322938][T19228]  xfrm_alloc_spi+0x570/0xf30
[  372.325031][T19228]  ? xfrm_alloc_spi+0x2a0/0xf30
[  372.327233][T19228]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  372.329454][T19228]  ? xfrm_find_acq+0x87/0xa0
[  372.331440][T19228]  xfrm_alloc_userspi+0x70b/0xc90
[  372.333555][T19228]  ? apparmor_capable+0x137/0x1b0
[  372.335605][T19228]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  372.337924][T19228]  ? __nla_parse+0x40/0x60
[  372.339908][T19228]  xfrm_user_rcv_msg+0x7a3/0xab0
[  372.342103][T19228]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  372.344537][T19228]  ? __pfx___mutex_trylock_common+0x10/0x10
[  372.347321][T19228]  ? rcu_is_watching+0x15/0xb0
[  372.349421][T19228]  ? trace_contention_end+0x39/0x120
[  372.351745][T19228]  ? __mutex_lock+0x335/0x1350
[  372.353839][T19228]  netlink_rcv_skb+0x208/0x470
[  372.355910][T19228]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  372.358238][T19228]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  372.360520][T19228]  ? lock_release+0x4b/0x3e0
[  372.362498][T19228]  ? netlink_deliver_tap+0x2e/0x1b0
[  372.364714][T19228]  xfrm_netlink_rcv+0x79/0x90
[  372.366721][T19228]  netlink_unicast+0x82f/0x9e0
[  372.368724][T19228]  ? __pfx_netlink_unicast+0x10/0x10
[  372.370874][T19228]  ? netlink_sendmsg+0x642/0xb30
[  372.373048][T19228]  ? skb_put+0x11b/0x210
[  372.374891][T19228]  netlink_sendmsg+0x805/0xb30
[  372.376964][T19228]  ? __pfx_netlink_sendmsg+0x10/0x10
[  372.379189][T19228]  ? futex_unqueue+0x22/0x240
[  372.381169][T19228]  ? aa_sock_msg_perm+0xf1/0x1d0
[  372.383304][T19228]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  372.385479][T19228]  ? __pfx_netlink_sendmsg+0x10/0x10
[  372.387654][T19228]  __sock_sendmsg+0x21c/0x270
[  372.389650][T19228]  ____sys_sendmsg+0x505/0x830
[  372.391698][T19228]  ? __pfx_____sys_sendmsg+0x10/0x10
[  372.393928][T19228]  ? import_iovec+0x74/0xa0
[  372.395877][T19228]  ___sys_sendmsg+0x21f/0x2a0
[  372.397885][T19228]  ? __pfx____sys_sendmsg+0x10/0x10
[  372.400013][T19228]  ? futex_wait+0x285/0x360
[  372.401946][T19228]  ? __fget_files+0x2a/0x420
[  372.403871][T19228]  ? __fget_files+0x3a0/0x420
[  372.405810][T19228]  __x64_sys_sendmsg+0x19b/0x260
[  372.407885][T19228]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  372.410117][T19228]  ? rcu_is_watching+0x15/0xb0
[  372.412154][T19228]  do_syscall_64+0xfa/0x3b0
[  372.414133][T19228]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.416779][T19228]  ? exc_page_fault+0x9f/0xf0
[  372.418804][T19228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.421336][T19228] RIP: 0033:0x7f4ea1b8ebe9
[  372.423279][T19228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  372.430402][T19228] RSP: 002b:00007f4ea29f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  372.433442][T19228] RAX: ffffffffffffffda RBX: 00007f4ea1db5fa0 RCX: 00007f4ea1b8ebe9
[  372.436768][T19228] RDX: 0000000000000000 RSI: 0000200000000a80 RDI: 0000000000000003
[  372.440101][T19228] RBP: 00007f4ea1c11e19 R08: 0000000000000000 R09: 0000000000000000
[  372.443345][T19228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  372.446673][T19228] R13: 00007f4ea1db6038 R14: 00007f4ea1db5fa0 R15: 00007fffba739d88
[  372.449896][T19228]  </TASK>
[  372.451773][T19228] Kernel Offset: disabled
[  372.453295][T19228] Rebooting in 86400 seconds..

VM DIAGNOSIS:
17:39:49  Registers:
info registers vcpu 0

CPU#0
RAX=1fee9cd94292c000 RBX=ffffffff819683b8 RCX=1fee9cd94292c000 RDX=0000000000000001
RSI=ffffffff8be33660 RDI=ffffffff819683b8 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f9b R9 =1ffff110096065f3 R10=dffffc0000000000 R11=ffffed10096065f4
R12=ffffffff8fa38330 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a20
RIP=ffffffff8b7973f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32c1dff8 CR3=0000000125e3a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007ff878987498 00007ff878987470 XMM03=00007ff8789874a8 00007ff8789874a0
XMM04=00007ff8794ed100 00007ff878987460 XMM05=00007ff878987478 00007ff8789874c0
XMM06=00007ff8789874b8 00007ff8789874b0 XMM07=00007ff8789874a8 00007ff8789874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007ff878812fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000032 RBX=0000000000000032 RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000000117c RDI=000000000000117d RBP=00000000000003f8 RSP=ffffc90002f2e9f0
R8 =ffff88801f430237 R9 =1ffff11003e86046 R10=dffffc0000000000 R11=ffffffff854f1d00
R12=dffffc0000000000 R13=ffffffff99afa916 R14=ffffffff99def3e0 R15=0000000000000000
RIP=ffffffff854f1d7c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f4ea29f86c0 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f4ea29f7fc8 CR3=000000012c112000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f4ea1d87498 00007f4ea1d87470 XMM03=00007f4ea1d874a8 00007f4ea1d874a0
XMM04=00007f4ea28ed100 00007f4ea1d87460 XMM05=00007f4ea1d87478 00007f4ea1d874c0
XMM06=00007f4ea1d874b8 00007f4ea1d874b0 XMM07=00007f4ea1d874a8 00007f4ea1d874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f4ea1c12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
