last executing test programs:

9m13.472365052s ago: executing program 1 (id=16):
r0 = socket(0xa, 0x3, 0xff)
setsockopt$inet6_int(r0, 0x29, 0x24, 0xfffffffffffffffe, 0x41)

9m13.381904987s ago: executing program 1 (id=17):
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='io\x00')
preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/17, 0x11}], 0x1, 0x5, 0x6b)

9m13.261423927s ago: executing program 1 (id=18):
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty, 0x4}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000480)={0x6, {{0xa, 0x0, 0x3, @mcast2}}, {{0xa, 0x0, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x181}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0xffffff03}}, {{0xa, 0x4e23, 0xa4ffffff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x108)

9m13.201604498s ago: executing program 1 (id=19):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f0000000200)={[{@jqfmt_vfsold}, {@orlov}, {@debug}, {@noload}, {@nombcache}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000}}]}, 0xfa, 0x47c, &(0x7f0000000a80)="$eJzs3M1vFOUfAPDvTLulwI9fK+ILCFJFI/GlpeVFDl40mnDQxEQPGE+1LaRSqKE1EUK0esCjIfFu/C+MJ70Y9aKJV70bEmK4gHpZMzsztLS77ZZud4H9fJLZfZ6Z2X2e78w8O8/Ms7sBdK2h7CGJ+F9E/B4RA3n29hWG8qeb1y9N/H390kQS1epbfyW19W5cvzRRrlq+bnueqVaL/JY65V5+N2J8ZmbqfJEfmT/7wcjchYsvTJ8dPz11eurc2PHjRw7v6zs2drQlcWZx3djz8eze3SfeufLGxMkr7/2UpJHHHcviaJWhfOvW9XSrC+uwHUvSSW/22F/k9v+yuKTekUAn9UREtrsqtfY/ED2x9daygXjts45WDthU1Wq1usqn8kIVuI8l0ekaAJ1Rnuiz699yalPX465w7eX8AiiL+2Yx5Ut6I80T+yvLrm9baSgiTi7881U2xSbdhwAAWOq7rP/zfL3+XxoP54m+7OH/xRjKYEQ8EBE7I+LBiNgVEQ9F1NZ9JCIeXWf5y0dIVvZ/0qt3HFwTsv7fS8XY1u39v7RcZbCnyO2oxV9JTk3PTB0qtsnBqGw5NZ1Mja5Sxvev/vZFo2VL+3/ZlJVf9gWLelztXXaDbnJ8fnwjMS917dOIPb314k9q4wJRjOvtjog9d1jG9LO9DZetHf8qGr9t06pfRzyT7/+FWBZ/KWk4Pjn64rGxoyP9MTN1aKQ8Klb6+dfLbzYqf0Pxt0C2/7fVPf5vxT+Y9EfMXbh4pjZeO7f+Mi7/8XnDa5p1Hv8ndhTHf1/ydm1GX7Hgo/H5+fOjEX3J6yvnjy2+W5kv18/iP3igfvvfGYtb4rGI2BsR+yLi8eyisKj7ExHxZEQcWCX+H1956v31x9+esdIs/sm19n8s3f/rT/Sc+eHbtePvj4hG+/9ILXWwmNPM51+zFdzItgMAAIB7Rf4d+CQdXkwnw8P5d/h3xbZ0ZnZu/rlTsx+em8y/Kz8YlbS80zWw5H7oaHFvuMyPLcsfLu4bf9mztZYfnpidmex08NDltq9o/2matf/Mnz2drh2w6Vowjgbco7R/6F7aP3SnZM32X2lbXYD2c/6H7lWv/X/ScO3hbza1MkBbOf9D92qi/S/kT417BcC9yfkfupf2D12p4W/j0w395L/tiX+L/zO8W+pz/ycivSuqcf8nepv+M4tGicrKtlwdyNt/NmdL3Vd1+pMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNf4LAAD///R05PQ=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f00000001c0)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

9m12.799986249s ago: executing program 1 (id=21):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x7})
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBSENT(r0, 0x5602, 0x0)

9m11.509601049s ago: executing program 1 (id=35):
bind$bt_l2cap(0xffffffffffffffff, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

9m11.114092633s ago: executing program 32 (id=35):
bind$bt_l2cap(0xffffffffffffffff, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

6m59.524601897s ago: executing program 3 (id=1421):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000100)={{0x80}, {0xe}, 0xbefc, 0xbf})

6m59.52341889s ago: executing program 3 (id=1423):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f00000000c0)={{@any, 0xff}, 0x1, 0x1, 0xfffffffd})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000040)={{@host, 0x5}, 0x7f90878f7e9834f0, 0x2, 0x3})

6m59.465298821s ago: executing program 3 (id=1426):
r0 = socket(0x10, 0x2, 0x2)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x4, 0x54, 0x4, 0x69, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2={0xff, 0x5}, 0x1, 0x90, 0x5d, 0x6}})

6m59.396165323s ago: executing program 3 (id=1428):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x24000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000300)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

6m59.346392297s ago: executing program 3 (id=1429):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x7c, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_PEERS={0x54, 0x8, 0x0, 0x1, [{0x50, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x20, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x3}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x300}]}]}]}, 0x7c}}, 0x40000)

6m59.095542146s ago: executing program 3 (id=1430):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f00000000c0)={0x2})

6m58.915851728s ago: executing program 33 (id=1430):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f00000000c0)={0x2})

5m12.904194139s ago: executing program 4 (id=2924):
setreuid(0xffffffffffffffff, 0xee00)
setgroups(0x0, 0x0)

5m12.806577608s ago: executing program 4 (id=2927):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/net\x00')
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10008}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r1, 0x1, 0x70bd29, 0x25dfdbff, {}, [@NL802154_ATTR_NETNS_FD={0x8, 0x1d, r2}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4844}, 0x4)

5m12.583063838s ago: executing program 4 (id=2929):
syz_emit_ethernet(0xb9, &(0x7f0000002440)={@local, @empty, @void, {@ipv6={0x86dd, @generic={0x3, 0x6, "9291dd", 0x83, 0x0, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, {[@hopopts={0x2b, 0x0, '\x00', [@pad1]}], "34680a046c1b0ea8fcb9ddd4ca77b8ddf1218df1edfef4b5e81ae35c0f8a33032cac3295e8d3c7c7ccc533578f199158093955fb2e08df9f93f4543bb9cb6699780987aa02112713b2ddac0af671b782a3eba9db512cff3f5cf6deeaf73d94cd905bb71542a7707769dfae984212e227992e49"}}}}}, 0x0)

5m12.503024097s ago: executing program 4 (id=2933):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100), 0x1, 0x500, &(0x7f0000000500)="$eJzs3U9sI1cZAPBvJn/sTdMmhR4AFbqUwoJWayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHohInOHHmgMQBqSfuSBzgxqUckAqsQA0SByOP7V3njzfWbmzvxr+fNJo38+L53tvRvGd91s4LYGJdj4ijiJiNiPcjYqFzPuls8XZ7a/3dZ/fvrh3fv7uWRLP53j+TrL51Lno+0/Jc55r5iPjBOxE/Sk4F/VNE/eBwe7VSKe91ThUb1d1i/eDw1lZ1dbO8Wd4plVaWV5bevP1G6dL6+kr1N59ei4jf/+7Ln/zx6Fs/aTVrvlPX24/L1O76zIM4LdMR8b1hBBuDqU5/Zh/nw4/1IS5TGhGfi4hXs+d/Iaayu3nSydv07RG2DgAYhmZzIZoLvccAwFWXZjmwJC10cgHzkaaFQjuH91LMpZVavXFzo7a/s97OlS3GTLqxVSkvdXKFizGTbGxNl5ezcve4Ui6dOr4dES9GxM9y17Ljwlqtsj7OLz4AMMGeOzX//yfXnv8BgCsu/7CYG2c7AIDRyY+7AQDAyJn/AWDymP8BYPKY/wFg8pj/AWDymP8BYKJ8/913W1vzuPP+6/UPDva3ax/cWi/XtwvV/bXCWm1vt7BZq21m7+ypXnS9Sq22u/x67H9YbJTrjWL94PBOtba/07iTvdf7TnlmJL0CAB7lxVc+/ksSEUdvXcu26Hnf/4Vz9cvDbh0wTOm4GwCMzdS4GwCMzdnVvoBJIR8P9CzRe6/ndP5M4bSPBrp8at1QePrc+OIT5P+BZ5r8P0yux8v/+y4PV4H8P0yuZjOx5j8ATBg5fiC5oL739/+lZs/BYL//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJU0n21JWuisBT4faVooRDwfEYsxk2xsVcpLEfFCRPw5N5NrHS9HhHWDAOBZlv496az/dWPhtfnTtbO5/+ayfUT8+Bfv/fzD1UZjbzliNvnXg/ONjzrnS+NoPwBwke483Z3Huz67f3etu42yPZ9+p724aCvucWdr10zHdLbPZ7mGuX8nneO21veVqUuIf3QvIr5wXv+TLDey2Fn59HT8VuznRxo/PRE/zera+9a/xecvoS0waT5ujT9vn/f8pXE925///OezEerJdce/4zPjX/pg/JvqM/5dHzTG63/47pmTzYV23b2IL01HHHcv3jP+dOMnfeK/NmD8v778lVf71TV/GXEjzut/ciJWsVHdLdYPDm9tVVc3y5vlnVJpZXll6c3bb5SKWY662M1Un/WPt26+0C9+q/9zfeLnL+j/1wfs/6/+9/4Pv/qI+N/82vn3/6VHxG/Nid8YMP7q3G/z/epa8df79P+i+39zwPif/O1wfcA/BQBGoH5wuL1aqZT3hl1Ihx8iKyQRRyPoTruQ+/VP3xlVrCEW4ulohsLTVBj3yAQM28OHftwtAQAAAAAAAAAAAAAA+hnFfycadx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//5iA1Hs=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}})
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000100)='./file0\x00')
mount$bind(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0)

5m12.431891959s ago: executing program 4 (id=2938):
r0 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newqdisc={0x68, 0x14, 0xf0b, 0x70bd25, 0x0, {0x2, 0x0, 0x0, 0x0, {0x10, 0x7}, {0x0, 0x8}, {0x1, 0xffe0}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x7e}}, {0x4}}, {{0x1c, 0x1, {0xa, 0xa5, 0x18, 0x88, 0x2, 0x0, 0x3}}, {0x4}}]}]}, 0x68}}, 0x0)

5m12.0625893s ago: executing program 4 (id=2951):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x4)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0xd)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$notify(r2, 0x402, 0x5)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1cb)

5m11.937776181s ago: executing program 34 (id=2951):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x4)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0xd)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$notify(r2, 0x402, 0x5)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1cb)

3m2.015477639s ago: executing program 5 (id=4882):
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x5, 0x4, &(0x7f0000000e80)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@call={0x85, 0x0, 0x0, 0x19}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3m1.81463254s ago: executing program 5 (id=4885):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x18, 0x0, &(0x7f0000000000)=[@request_death={0x400c6313}, @decrefs], 0x0, 0x1000000, 0x0})

3m1.814387317s ago: executing program 5 (id=4886):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10)

3m1.767625835s ago: executing program 5 (id=4888):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r1, &(0x7f0000000200)={'b', ' *:* ', 'rw\x00'}, 0x9)

3m1.699655665s ago: executing program 5 (id=4890):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x243014, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x4000, 0x0)

3m1.61584878s ago: executing program 5 (id=4893):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
getpgid(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x804e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = fsopen(&(0x7f0000000100)='ocfs2_dlmfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)

2m45.912105502s ago: executing program 35 (id=4893):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
getpgid(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x804e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = fsopen(&(0x7f0000000100)='ocfs2_dlmfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)

2m19.780380717s ago: executing program 6 (id=5511):
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')

2m19.780219768s ago: executing program 6 (id=5512):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_DEV_CREATE(r0, 0x5501)
ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x6)

2m19.675490941s ago: executing program 6 (id=5514):
socket$inet6(0xa, 0x3, 0x4)
syz_open_dev$MSR(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x3, &(0x7f0000000540)=""/181, 0xffffffffffffffce)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000001c0)='usrquota')
chdir(&(0x7f0000000140)='./file1\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_GETINFO(r3, 0xffffffff80000500, 0x0, &(0x7f00000002c0))

2m18.67376727s ago: executing program 6 (id=5531):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000000, 0x13, 0xffffffffffffffff, 0x36dee000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

2m18.255493257s ago: executing program 6 (id=5533):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x801, 0x0, 0x0, {0x7, 0x0, 0xa}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xb}}}, 0x78}, 0x1, 0x0, 0x0, 0x4800}, 0x40c0)

2m17.366639284s ago: executing program 6 (id=5543):
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x1)
fchdir(r1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents64(r2, 0x0, 0x0)

2m17.19123525s ago: executing program 36 (id=5543):
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x1)
fchdir(r1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents64(r2, 0x0, 0x0)

1.243713013s ago: executing program 2 (id=7490):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
listen(r0, 0x3)
syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd608a35f200200600fe8000000000000000000000000000bbfe8000000010000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYBLOB="8007000090"], 0x0)

1.135732634s ago: executing program 2 (id=7492):
r0 = io_uring_setup(0x653, &(0x7f00000000c0))
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0xf, &(0x7f0000000540)={0x1002, 0x0, 0x0, 0x0, 0x28}, 0x20)

1.075082254s ago: executing program 2 (id=7494):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_TYPE={0x8}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

993.302596ms ago: executing program 2 (id=7498):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x760d, 0x3010, 0x4, 0x1d6}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0xe8}, 0x0, 0x24040092})
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)="a196ab90854fa3b9850fef4ef1814de8900615d7105974c3c6981d9b6597eec02418ec7220f1ee6d8ab6243412ed601eba12a54036c6f070fcfd379f901e9c35b493b10b7dde3310095e2fd741cdab740c32b441199344838714700522e04d50aec7328f9463ef0b18301ab1612f28c94ed3c4e034e10a8d2c47f2e1d85a22cba51f823ba98a1a4ceb50665d931e1e088c0ad30594295ffe6a1d3f6526770304df3b1aae7f7e102d7de8b0a221779031f35bea74a743e489e4ce228190eeb79a95d51c07dc96629264aa0167ad6c3e25cab5ede0ed9afd1d9f100779d04393928ccde37ff23ff8573c2c2ffc814f6353b96b485356f66e8fd4a9c94d309c553a87d14000685898e3f287702fdc7366e937dac4869150fbf697a61a00987400ade145030a3d6ce7fc75b61ca23b69779cce4d5665f50101fce5a08ecbb7cc836f8168d0ee9fcc313aae3ebc705635a4458e213c48d4cd6975f9cb30be305c8073c6496e72e89a870e3aa2623717836f5d6442ba9ec8fb7eefc800cba1dff87ffc47c51ad167876f1c6c541fc9297df090a540cf3db6171c3aa882bf2df1c2973008a3a360b24b4ec89cde75", 0x1ab, 0x400c090}, 0x40)
io_uring_enter(r2, 0x47ba, 0xe15e, 0x0, 0x0, 0x0)

712.983901ms ago: executing program 7 (id=7502):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000a00)=@newtaction={0x6c, 0x30, 0x1, 0x0, 0x0, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_TTL={0x5, 0x7, 0x6b}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x2b, 0xffffffff, 0x3, 0x5, 0x3}, 0x4}}]}, {0x4, 0x4}, {0x2}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40041}, 0x1010)

712.772327ms ago: executing program 0 (id=7503):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
inotify_rm_watch(r0, 0x0)

637.357142ms ago: executing program 7 (id=7504):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, r2, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)

637.171976ms ago: executing program 0 (id=7505):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000300)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x12, 0x1, {0x2, 0x100, 0x0, 0x401, 0x9, 0x80, 0xef, 0x2, 0x9}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000400}, 0x0)

530.192425ms ago: executing program 0 (id=7506):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@deltaction={0x50, 0x18, 0x1, 0x70bd2a, 0x25dfdc00, {0xa}, [@TCA_ACT_TAB={0x3c, 0x1, [{0xc, 0x8f, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0x14, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x14, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xb8a}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x44000}, 0x20040844)

529.726711ms ago: executing program 7 (id=7507):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00')
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0)
read$FUSE(r0, &(0x7f00000005c0)={0x2020}, 0x2020)

528.276533ms ago: executing program 7 (id=7508):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000080000000000010000008500000020000000850000005000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e000790b6462272963484d3e4206", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

301.382499ms ago: executing program 0 (id=7509):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xa, 0x3, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f0000000140)={r0, 0x0, 0x42, 0x0, &(0x7f0000000000)="3df7dab2742a1a61f6c362232d1ca21713228ebba21c414bd429d05f93b3b6cd1fcb7f9bbfbb1bc905d11583e1b93b5cd88a4c7d371f222aa269619b660c7d4f6187", 0x0, 0xd, 0x0, 0xa1, 0x0, &(0x7f0000000080)="6cda76a0cb69aa9286472dff66c8ffbd0b0cb7a6d5e68e91e0d6ed6a60fabc09fcb4dd1383593edef59da099eacb822a2749d7f0dc2c487e30da87d739e82a08e123f9b53e1e4b3a4eb01a1f659b8de567c570b02c918227d7e87a25870af1719286c055ad197c32b7104373fe5ea1c91bb58e20bbf4359770e5905ed5a8b4a48138db5835e1ea1b40218c71f5d3a2dccbf596e61e54e0ab32f9bec2c115c4f342", 0x0, 0x2, 0x0, 0x4}, 0x37)

301.145274ms ago: executing program 7 (id=7510):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, 0x0, 0x0)

300.957612ms ago: executing program 0 (id=7511):
syz_mount_image$ocfs2(&(0x7f0000000140), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000080)=ANY=[@ANYBLOB='acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noacl,\x00'/119], 0x1, 0x4447, &(0x7f000000cd80)="$eJzs3c9vG1kdAPA3k0CT0h9J6aFISFiiEgiqyOkJSCXSNG2atKGo0B64uE7itgEnrhIHcegh3CpxQuKAOFQg9RZxqPIPlD+BC8feOFSCwx52pZW665XtcZIZxxtvZCfb6POR6ud5837FX8/zm8P0xYnq0+X13PJ6rriaqyw+Xr+a+32lvLFSCvEROe7+6U4/4iT2x+fejVu/eng1hH8t/eddrVarhbrBsK/xPe8/+ej54t60Jc7Uqbe7f2u98psQwsW2cdUNhM8qrffXk3QqSYdDCOdCCFEI4eHzPz3K9Wg0r9+WrhXez7/Ynrg8t/Vyu/PfHoXwt/J3rjxZ+d/3Byb++6MedQ8AAAAAAAAAAAAAAAAAwAdu5v69B7/Mj4c3URjcitqf151J0k7Px9Z65nv9/2MBAAAAAAAAAAAAAAAAAADga2r3+f9cdGGf5/+nk3Sy/vLP9vq1n39Z6x/XejpYem72F/emb+bHk/3fo7bzP0my/n99IIzus+97dv/365n6++//3t7PYbXG1+p3JETxWOo4jsfGQvhHsvH7peh0XK6sV3/8uLKxutSzYXyw0vFv7t6fik6yoX+38Z/KtN///f+/3fZtqh8/6t1X7ERrxb82UI//QMdyr/4YdRX/G5l6RxF/Di99/Q828ob3FphsTgD1+P958OD4T2fa71f8z4UQclF9rLnUDFBfw9TzJ/vR6QmUjv83GnmpqTP5IDtd/59m4n8z0/5xzf+b2R8i9pWO/zcbeUOpErvX/2h88PV/K9P+ccS/Pv5Nv/9dScf/VDNzMFWk8Ul2O//PZNrvV/wfxMk4z0Wpb8BW1Mxv/X91Q/3o/ARJx7/909q9/4u7Wv/dztQ/qvu/Vr+t+7/W9P/DqHn/x/7S8R/uWK7b6382U6/T9V8735Phh8nG+o/DSsf/dCMvvXYeabx2G/+5TPs9mv8HsxmNVclQK/6788nnp5r5f7f+60o6/t9qZsZ7S2w2Xhvrv+jg9f+dTPvHsf6rj38z7m+vJ0U6/mc6lnt1JR/+3cXv/91Mvf7HP4S8tf6hpeN/tmO5xvU/dHD85zP1+h3/H/SzcQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPwFSSjoQoHksdx/HYWAg3kuNL4XS0UFwqLJQri79bD2E6yc+FC9GTcmWhWC4sr1aWSoViuVxZDOFmcv5iGIrWy5VqYaX47NZOW8PR01JxrbpQKlZDCDNJ/nfD2VZbC8vVleKzEMLtnXPn48ras6fF1cLS8trP8vl8PszujGE0Kv2hWlqtNntvng1hbqfuSLRncI3Td3bGcib6bWVjbbVYbuTf3VOnXFkslvfUmU/O/SWMRtW1jdXFYrVUKFeetPo7TpNJOj17/9f37463nX8UNdOpox0WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF/Rm4mf/jWEMNg8ikMIuSh5EyX/Ul6/LV0rvJ9/sT1xeW7r5fa7ZpmhYxg5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwBTtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYpX+UBoIoDsBvxkJLj2G17Ha2K4po4YrgCfQYHkaP4iW8g0WKtClCIJmFsH8gTVKE72sezI+Z92AeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOfh8a17f62biBRX68uI38+///38udTvu+n7FyeYkeN5eunuH+qm/Hsa5bflaNHmbbpafn3ERO39DPZkuE874z5Dc/s2N1/f9zpSriKiLflNyrmqDnsLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2LADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgWAAAAABDmbx1F3wYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvwIAAP//dp8jLg==")

237.654469ms ago: executing program 7 (id=7512):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000003c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000640)=@deltfilter={0x24, 0x2d, 0x400, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x6}, {0xb, 0xffff}, {0xe, 0xfff9}}}, 0x24}, 0x1, 0x0, 0x0, 0x40040}, 0x800)
recvmmsg(r1, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000440)=""/37, 0x25}, {&(0x7f0000000540)=""/234, 0xea}], 0x2}, 0x7}], 0x1, 0x1, 0x0)
sendmsg$ETHTOOL_MSG_WOL_SET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)={0x24, 0x0, 0x800, 0x70bd2d, 0x25dfdbfc, {}, [@ETHTOOL_A_WOL_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_WOL_HEADER={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x4000090)

786.141µs ago: executing program 0 (id=7513):
rt_sigtimedwait(&(0x7f0000000040)={[0x76]}, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x8)

635.205µs ago: executing program 2 (id=7514):
syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000300)='.\x02\x00', 0x2000800, &(0x7f0000000040)=ANY=[], 0x1, 0x2da, &(0x7f0000000340)="$eJzs3U9r02AYAPCnf9Z1Q9zO4qHgRS9DPXspMkEsDCY9qBcLU5BNhO5SBaFfwYv4ATz5kTz4IXYaeKikydZu7RyMNNmf3w+yPcmzvXkS0rw5vG/69u7H3Z1P++9Hv39Es9mKejQjDiPWoxq1SFWSH82juBHThrUTq7EcAMBlt73da5+VGxZbCrmoz2zp99u9pbnPZt1fBRUFAAAAAAAAAABAzmbH/8dw7vj/iKieHP8/DowRBICr53/j/7ke+v12bzV9fjs1W9P4fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA89RitjUajB7fS1SSeLI1YK7s+ACB/h9P9/fHyd5TR/wPANTS//58sZdcHAORvqv+POKf/r5VXJgCQo5evXr9odzqb261WM+JgOOgOuunvNP/seWfzYWtsPSKq6daDwaBbO84/SvOtSatJfilWs/zjuflG3L+X5pPc063Oqfxy7BRzCgAAAAAAAAAAAAAAAAAAAKB0G0cv9Unn92cm8/s3Nra+//lwPP9/Kp9G2fsBqnFqfv/Xn/W4Uz9v78t5HQYAAAAAAAAAAAAAAAAAAABcafufv+z29vbe9YsJKhGRb8u1iBgH9WxLLfddTAWLazkJmjEOKjGTakTEhVtOTvr8VJK5aM3f0iDiIv/+5E3EuX9c2V2JmdRK8RftYoOV7JN4Weq5nV0tZ90xGsXdnAAAAAAAAAAAAAAAAAAA4IaZzP4tuxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKM/k+/8XF5R9jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDN8C8AAP//WY11Gg==")
syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x200000, 0x0, 0x20, 0x0, 0x0)

0s ago: executing program 2 (id=7515):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff3}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x5c, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xc, 0x4}, {}, {0xb, 0x9}}, [@filter_kind_options=@f_u32={{0x8}, {0x30, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0x3, 0xa, 0x1, 0xed8, 0x7, 0x8c, 0x80, 0x925e, [{0x101, 0xffffffa9, 0x200, 0x43}]}}, @TCA_U32_LINK={0x8, 0x3, 0xa}]}}]}, 0x5c}}, 0x20040054)

kernel console output (not intermixed with test programs):

sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bbb18ec29 code=0x7ffc0000
[  421.527617][   T24] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  421.681995][   T24] usb 6-1: Using ep0 maxpacket: 16
[  421.693898][   T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  421.701412][   T24] usb 6-1: config 0 has no interfaces?
[  421.703812][   T24] usb 6-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00
[  421.707854][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.718496][   T24] usb 6-1: config 0 descriptor??
[  422.248345][   T10] usb 6-1: USB disconnect, device number 16
[  422.261210][   T33] audit: type=1326 audit(1758862001.003:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17241 comm="syz.0.4601" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  422.274114][   T33] audit: type=1326 audit(1758862001.003:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17241 comm="syz.0.4601" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  422.285093][   T33] audit: type=1326 audit(1758862001.003:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17241 comm="syz.0.4601" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  422.295091][   T33] audit: type=1326 audit(1758862001.003:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17241 comm="syz.0.4601" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  422.310332][   T33] audit: type=1326 audit(1758862001.003:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17241 comm="syz.0.4601" exe="/syz-executor" sig=0 arch=c000003e syscall=306 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  422.740184][T17264] PKCS8: Unsupported PKCS#8 version
[  423.018537][T17270] loop5: detected capacity change from 0 to 32768
[  423.038872][T17270] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.4614 (17270)
[  423.058823][T17270] BTRFS info (device loop5): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  423.063273][T17270] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm
[  423.087458][T17270] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  423.187724][T17270] BTRFS info (device loop5): rebuilding free space tree
[  423.219068][T17270] BTRFS info (device loop5): disabling free space tree
[  423.221995][T17270] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  423.239417][T17270] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  423.247516][T17270] BTRFS info (device loop5): enabling ssd optimizations
[  423.250408][T17270] BTRFS info (device loop5): turning off barriers
[  423.252979][T17270] BTRFS info (device loop5): enabling disk space caching
[  423.256131][T17270] BTRFS info (device loop5): force clearing of disk cache
[  423.259763][T17270] BTRFS info (device loop5): doing ref verification
[  423.262350][T17270] BTRFS info (device loop5): force zlib compression, level 3
[  423.430348][T17270] BTRFS info (device loop5): balance: start -f -sdrange=0..0
[  423.438845][T17270] BTRFS info (device loop5): balance: ended with status: 0
[  423.732259][T13333] BTRFS info (device loop5): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  423.823306][T17302] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  423.983733][T17306] loop5: detected capacity change from 0 to 64
[  424.263875][T17313] loop5: detected capacity change from 0 to 1024
[  424.343174][T17313] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  424.356353][T17313] EXT4-fs error (device loop5): __ext4_remount:6740: comm syz.5.4626: Abort forced by user
[  424.362487][T17313] EXT4-fs (loop5): Remounting filesystem read-only
[  424.365241][T17313] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  424.401275][T13333] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  424.577070][T17329] netlink: 'syz.0.4631': attribute type 7 has an invalid length.
[  424.580789][T17329] netlink: 'syz.0.4631': attribute type 8 has an invalid length.
[  424.584153][T17329] netlink: 'syz.0.4631': attribute type 9 has an invalid length.
[  425.908292][ T5919] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  426.074188][ T5919] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  426.079171][ T5919] usb 6-1: config 220 has 1 interface, different from the descriptor's value: 3
[  426.083306][ T5919] usb 6-1: config 220 interface 0 has no altsetting 0
[  426.090660][ T5919] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  426.099490][ T5919] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.103575][ T5919] usb 6-1: Product: syz
[  426.105643][ T5919] usb 6-1: Manufacturer: syz
[  426.114124][ T5919] usb 6-1: SerialNumber: syz
[  426.151489][T17390] netlink: 'syz.0.4659': attribute type 1 has an invalid length.
[  426.154663][T17390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4659'.
[  426.342104][ T5919] uvcvideo 6-1:220.0: probe with driver uvcvideo failed with error -22
[  426.354858][ T5919] usb 6-1: USB disconnect, device number 17
[  426.403920][T17402] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4665'.
[  426.486682][T17406] netlink: 100 bytes leftover after parsing attributes in process `syz.0.4667'.
[  426.557168][T17410] netlink: 76 bytes leftover after parsing attributes in process `syz.0.4669'.
[  426.560293][T17410] netlink: 76 bytes leftover after parsing attributes in process `syz.0.4669'.
[  428.174995][T17487] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744073709551613)
[  428.189591][T17487] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647
[  428.546257][T17510] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.627236][T17510] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.702883][T17510] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.789405][T17510] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.924769][ T5865] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  428.933982][ T5865] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  428.944519][ T5865] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  428.965382][ T5880] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  429.440621][T17532] veth0: entered promiscuous mode
[  429.442861][T17531] veth0: left promiscuous mode
[  429.537690][T17536] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4727'.
[  429.542263][T17536] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4727'.
[  429.687005][T17546] sctp: [Deprecated]: syz.0.4731 (pid 17546) Use of int in max_burst socket option deprecated.
[  429.687005][T17546] Use struct sctp_assoc_value instead
[  430.728283][ T5884] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  431.060152][ T5884] usb 6-1: Using ep0 maxpacket: 16
[  431.065315][ T5884] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  431.070938][ T5884] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  431.077802][ T5884] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  431.084918][ T5884] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.089163][ T5884] usb 6-1: Product: syz
[  431.091013][ T5884] usb 6-1: Manufacturer: syz
[  431.093132][ T5884] usb 6-1: SerialNumber: syz
[  431.097789][ T5884] usb 6-1: config 0 descriptor??
[  431.109075][ T5884] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  431.113162][ T5884] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  431.527315][T17611] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4759'.
[  431.532540][T17611] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4759'.
[  431.587557][T17614] netlink: 'syz.2.4760': attribute type 10 has an invalid length.
[  431.593540][T17614] team0: Port device netdevsim0 added
[  431.664259][T17618] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4763'.
[  431.670801][T17618] veth1_macvtap: left promiscuous mode
[  431.722125][ T5884] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  431.725893][ T5884] em28xx 6-1:0.0: Config register raw data: 0xbb
[  431.729733][ T5884] em28xx 6-1:0.0: I2S Audio (3 sample rate(s))
[  431.732482][ T5884] em28xx 6-1:0.0: No AC97 audio processor
[  431.887151][T17627] sctp: [Deprecated]: syz.2.4766 (pid 17627) Use of int in max_burst socket option.
[  431.887151][T17627] Use struct sctp_assoc_value instead
[  432.831465][  T794] usb 6-1: USB disconnect, device number 18
[  433.400384][T17655] openvswitch: netlink: Tunnel attr 171 out of range max 16
[  433.528189][T17661] loop5: detected capacity change from 0 to 8
[  433.549002][T17661] SQUASHFS error: zlib decompression failed, data probably corrupt
[  433.556882][T17661] SQUASHFS error: Failed to read block 0x9b: -5
[  433.560592][T17661] SQUASHFS error: Unable to read metadata cache entry [99]
[  433.567753][T17661] SQUASHFS error: Unable to read inode 0x127
[  433.911956][T17675] cgroup: none used incorrectly
[  434.006310][T17679] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4782'.
[  434.010627][T17679] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4782'.
[  434.332770][T17679] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4782'.
[  434.336503][T17679] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4782'.
[  434.430796][T17679] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4782'.
[  434.434675][T17679] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4782'.
[  434.858685][  T794] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  435.018793][  T794] usb 6-1: Using ep0 maxpacket: 32
[  435.025065][  T794] usb 6-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  435.029119][  T794] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.032344][  T794] usb 6-1: Product: syz
[  435.034037][  T794] usb 6-1: Manufacturer: syz
[  435.036184][  T794] usb 6-1: SerialNumber: syz
[  435.042058][  T794] usb 6-1: config 0 descriptor??
[  435.048117][  T794] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  435.915564][T17735] netlink: 52 bytes leftover after parsing attributes in process `syz.2.4809'.
[  435.922697][T17735] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  436.461559][  T794] gspca_topro: reg_r err -71
[  436.464864][  T794] gspca_topro: Sensor soi763a
[  436.477872][  T794] usb 6-1: USB disconnect, device number 19
[  436.897743][T17785] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4833'.
[  437.722982][T17804] loop5: detected capacity change from 0 to 65536
[  437.766187][T17804] XFS (loop5): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  437.790215][T17804] XFS (loop5): Ending clean mount
[  437.793894][T17804] XFS (loop5): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  439.824381][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  440.062186][T17860] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4860'.
[  440.066369][T17860] netlink: 84 bytes leftover after parsing attributes in process `syz.2.4860'.
[  440.085352][T17861] loop5: detected capacity change from 0 to 1024
[  440.111607][T17861] EXT4-fs: Ignoring removed nobh option
[  440.118052][T17861] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  440.175821][T17861] EXT4-fs error (device loop5): ext4_ext_check_inode:523: inode #11: comm syz.5.4861: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  440.205159][T17861] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.4861: couldn't read orphan inode 11 (err -117)
[  440.216873][T17861] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  440.244827][T17861] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:483: comm syz.5.4861: Invalid block bitmap block 0 in block_group 0
[  440.265728][T17867] 9pnet_fd: Insufficient options for proto=fd
[  440.282808][T17861] __quota_error: 12 callbacks suppressed
[  440.282827][T17861] Quota error (device loop5): write_blk: dquota write failed
[  440.302824][T17861] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  440.322522][T17861] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.4861: Failed to acquire dquot type 0
[  440.993397][T13333] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  441.074213][T17888] loop5: detected capacity change from 0 to 1024
[  441.106378][T17888] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  441.133735][T13333] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  441.316210][T17896] loop5: detected capacity change from 0 to 32768
[  441.326586][T17896] (syz.5.4875,17896,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  441.341768][T17896] (syz.5.4875,17896,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  441.365117][T17904] netlink: 'syz.0.4879': attribute type 11 has an invalid length.
[  441.373578][T17904] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4879'.
[  441.378678][T17896] JBD2: Ignoring recovery information on journal
[  441.416681][T17896] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  441.469540][T13333] ocfs2: Unmounting device (7,5) on (node local)
[  441.877143][T17935] netlink: 'syz.0.4894': attribute type 1 has an invalid length.
[  441.882030][T17935] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4894'.
[  441.918514][T17937] netlink: 'syz.0.4895': attribute type 1 has an invalid length.
[  441.969041][T17939] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4896'.
[  442.137541][T17953] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4903'.
[  443.389825][T17970] kAFS: No cell specified
[  443.427807][T17974] macvlan0: entered promiscuous mode
[  443.429964][T17974] netlink: 'syz.2.4912': attribute type 2 has an invalid length.
[  444.710722][   T33] audit: type=1326 audit(1758862023.450:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18020 comm="syz.0.4934" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  444.741825][   T33] audit: type=1326 audit(1758862023.450:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18020 comm="syz.0.4934" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  444.750883][   T33] audit: type=1326 audit(1758862023.460:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18020 comm="syz.0.4934" exe="/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  444.762394][   T33] audit: type=1326 audit(1758862023.460:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18020 comm="syz.0.4934" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  444.806026][   T33] audit: type=1326 audit(1758862023.460:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18020 comm="syz.0.4934" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  444.822382][   T33] audit: type=1326 audit(1758862023.460:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18020 comm="syz.0.4934" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  444.850403][   T33] audit: type=1326 audit(1758862023.460:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18020 comm="syz.0.4934" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  444.870117][   T33] audit: type=1326 audit(1758862023.460:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18020 comm="syz.0.4934" exe="/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  446.321835][T18076] netlink: 'syz.2.4958': attribute type 1 has an invalid length.
[  446.845344][T18104] overlayfs: failed to clone upperpath
[  448.879165][T18164] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4996'.
[  450.848073][T18195] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5009'.
[  452.636814][T18222] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5021'.
[  452.665671][T18224] netlink: 'syz.0.5022': attribute type 11 has an invalid length.
[  452.939161][T18242] netlink: 'syz.0.5030': attribute type 1 has an invalid length.
[  453.558559][T18271] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5040'.
[  453.663168][T18283] overlayfs: failed to resolve './file0': -2
[  453.925172][T18303] netlink: 2 bytes leftover after parsing attributes in process `syz.2.5056'.
[  454.180411][T18319] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5064'.
[  454.188497][T18319] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5064'.
[  454.193759][T18319] netlink: 34 bytes leftover after parsing attributes in process `syz.2.5064'.
[  457.972679][ T5236] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  457.980937][ T5236] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  457.985445][ T5236] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  457.991306][ T5236] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  458.017373][ T5236] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  458.020755][T16385] team0: Port device syz_tun removed
[  458.061893][T18380] sctp: [Deprecated]: syz.2.5086 (pid 18380) Use of struct sctp_assoc_value in delayed_ack socket option.
[  458.061893][T18380] Use struct sctp_sack_info instead
[  458.115467][ T5880] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.207774][ T5880] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.256730][ T5880] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.288605][T18373] chnl_net:caif_netlink_parms(): no params data found
[  458.310137][ T5880] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.397642][T18373] bridge0: port 1(bridge_slave_0) entered blocking state
[  458.400735][T18373] bridge0: port 1(bridge_slave_0) entered disabled state
[  458.404401][T18373] bridge_slave_0: entered allmulticast mode
[  458.408383][T18373] bridge_slave_0: entered promiscuous mode
[  458.413546][T18373] bridge0: port 2(bridge_slave_1) entered blocking state
[  458.416438][T18373] bridge0: port 2(bridge_slave_1) entered disabled state
[  458.419448][T18373] bridge_slave_1: entered allmulticast mode
[  458.425978][T18373] bridge_slave_1: entered promiscuous mode
[  458.468897][T18373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  458.510990][T18373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  458.578813][T18373] team0: Port device team_slave_0 added
[  458.586991][T18373] team0: Port device team_slave_1 added
[  458.627045][ T5880] bridge_slave_1: left allmulticast mode
[  458.629821][ T5880] bridge_slave_1: left promiscuous mode
[  458.637826][ T5880] bridge0: port 2(bridge_slave_1) entered disabled state
[  458.652377][ T5880] bridge_slave_0: left allmulticast mode
[  458.664655][ T5880] bridge_slave_0: left promiscuous mode
[  458.667226][ T5880] bridge0: port 1(bridge_slave_0) entered disabled state
[  458.697738][T18405] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5093'.
[  458.788737][T18410] netlink: 'syz.0.5094': attribute type 8 has an invalid length.
[  459.238993][ T5880] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  459.246471][ T5880] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  459.250602][ T5880] bond0 (unregistering): Released all slaves
[  459.271832][T18373] batman_adv: batadv0: Adding interface: batadv_slave_0
[  459.275504][T18373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  459.286344][T18373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  459.364748][T18373] batman_adv: batadv0: Adding interface: batadv_slave_1
[  459.367807][T18373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  459.379589][T18373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  459.392411][ T5880] : left promiscuous mode
[  459.459362][T18373] hsr_slave_0: entered promiscuous mode
[  459.463536][T18373] hsr_slave_1: entered promiscuous mode
[  459.466067][T18373] debugfs: 'hsr0' already exists in 'hsr'
[  459.468238][T18373] Cannot create hsr debugfs directory
[  459.500952][T18425] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  459.517288][ T5880] tipc: Left network mode
[  460.101933][ T5860] Bluetooth: hci3: command tx timeout
[  460.223461][ T5880] hsr_slave_0: left promiscuous mode
[  460.233759][ T5880] hsr_slave_1: left promiscuous mode
[  460.236622][ T5880] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  460.239796][ T5880] batman_adv: batadv0: Removing interface: batadv_slave_0
[  460.245517][ T5880] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  460.248465][ T5880] batman_adv: batadv0: Removing interface: batadv_slave_1
[  460.263860][ T5880] veth1_macvtap: left promiscuous mode
[  460.266090][ T5880] veth0_macvtap: left promiscuous mode
[  460.268101][ T5880] veth1_vlan: left promiscuous mode
[  460.270307][ T5880] veth0_vlan: left promiscuous mode
[  460.798721][ T5880] team0 (unregistering): Port device team_slave_1 removed
[  460.871210][ T5880] team0 (unregistering): Port device team_slave_0 removed
[  460.989612][T18471] overlayfs: failed to clone upperpath
[  461.356994][T18463] batadv_slave_0: entered promiscuous mode
[  461.359583][T18463] batadv_slave_0: entered allmulticast mode
[  461.363314][T18463] netlink: 'syz.2.5113': attribute type 8 has an invalid length.
[  461.370697][T18475] geneve2: entered allmulticast mode
[  461.406457][T18373] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  461.418792][T18373] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  461.441337][T18373] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  461.483617][T18373] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  461.533297][T18488] netlink: 'syz.0.5122': attribute type 21 has an invalid length.
[  461.543373][T18488] netlink: 'syz.0.5122': attribute type 1 has an invalid length.
[  461.553105][T18488] netlink: 144 bytes leftover after parsing attributes in process `syz.0.5122'.
[  461.650443][T18373] 8021q: adding VLAN 0 to HW filter on device bond0
[  461.679281][T18373] 8021q: adding VLAN 0 to HW filter on device team0
[  461.704657][ T9261] bridge0: port 1(bridge_slave_0) entered blocking state
[  461.707394][ T9261] bridge0: port 1(bridge_slave_0) entered forwarding state
[  461.745016][ T9261] bridge0: port 2(bridge_slave_1) entered blocking state
[  461.747514][ T9261] bridge0: port 2(bridge_slave_1) entered forwarding state
[  461.795534][T18373] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  462.008158][T18373] 8021q: adding VLAN 0 to HW filter on device batadv0
[  462.162377][ T5860] Bluetooth: hci3: command tx timeout
[  462.283428][T18533] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5134'.
[  462.302674][T18373] veth0_vlan: entered promiscuous mode
[  462.320698][T18373] veth1_vlan: entered promiscuous mode
[  462.365899][T18373] veth0_macvtap: entered promiscuous mode
[  462.370633][T18373] veth1_macvtap: entered promiscuous mode
[  462.385121][T18373] batman_adv: batadv0: Interface activated: batadv_slave_0
[  462.395628][T18373] batman_adv: batadv0: Interface activated: batadv_slave_1
[  462.408665][ T5880] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  462.417061][ T5880] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  462.444274][ T5880] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  462.456439][ T5880] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  462.492865][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  462.496142][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  462.523573][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  462.527806][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  462.805145][T18562] netlink: 296 bytes leftover after parsing attributes in process `syz.6.5146'.
[  463.177796][T18590] loop6: detected capacity change from 0 to 4096
[  463.197913][T18590] ntfs3(loop6): Different NTFS sector size (1024) and media sector size (512).
[  463.255888][T18590] ntfs3(loop6): ino=1e, "file1" ntfs_sync_inode failed, -22.
[  463.259226][T18590] ntfs3(loop6): Mark volume as dirty due to NTFS errors
[  463.279086][   T36] ntfs3(loop6): ino=1e, ntfs3_write_inode failed, -22.
[  463.440459][T18604] netlink: 'syz.6.5165': attribute type 11 has an invalid length.
[  463.444478][T18604] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5165'.
[  463.627974][T18618] syz_tun: entered allmulticast mode
[  463.635575][T18617] syz_tun: left allmulticast mode
[  463.996503][T18625] loop6: detected capacity change from 0 to 40427
[  464.000989][T18625] F2FS-fs (loop6): Image doesn't support compression
[  464.011201][T18625] F2FS-fs (loop6): invalid crc value
[  464.032109][T18625] F2FS-fs (loop6): SIT is corrupted node# 2 vs 7
[  464.051720][T18625] F2FS-fs (loop6): Failed to initialize F2FS segment manager (-117)
[  464.245127][ T5860] Bluetooth: hci3: command tx timeout
[  464.446853][T18668] loop6: detected capacity change from 0 to 1024
[  464.449865][T18668] EXT4-fs: Invalid commit interval -2147483647, must be smaller than 21474836
[  464.628999][T18670] loop6: detected capacity change from 0 to 32768
[  464.635736][T18670] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.5194 (18670)
[  464.654927][T18670] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  464.668880][T18670] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  464.734807][T18670] BTRFS info (device loop6): rebuilding free space tree
[  464.750013][T18670] BTRFS info (device loop6): enabling ssd optimizations
[  464.754097][T18670] BTRFS info (device loop6): turning on sync discard
[  464.756436][T18670] BTRFS info (device loop6): enabling free space tree
[  464.758681][T18670] BTRFS info (device loop6): force clearing of disk cache
[  464.761571][T18670] BTRFS info (device loop6): doing ref verification
[  464.764837][T18670] BTRFS info (device loop6): max_inline set to 0
[  464.955359][T18373] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  465.394622][T18708] netlink: 'syz.6.5201': attribute type 1 has an invalid length.
[  465.398703][T18708] netlink: 'syz.6.5201': attribute type 2 has an invalid length.
[  465.408889][T18708] netlink: 'syz.6.5201': attribute type 1 has an invalid length.
[  465.415889][T18708] netlink: 'syz.6.5201': attribute type 2 has an invalid length.
[  465.948677][T18718] 8021q: adding VLAN 0 to HW filter on device 
[  465.959989][T18718] 8021q: adding VLAN 0 to HW filter on device team0
[  466.004751][T18718] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  466.040532][T18714] loop6: detected capacity change from 0 to 131072
[  466.044368][T18714] F2FS-fs (loop6): Invalid log sectorsize (67108873)
[  466.046481][T18714] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  466.056387][T18714] F2FS-fs (loop6): invalid crc value
[  466.087578][T18714] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  466.098964][T18714] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  466.101919][T18714] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4
[  466.323103][ T5860] Bluetooth: hci3: command tx timeout
[  466.653627][ T5860] Bluetooth: hci3: SCO packet too small
[  466.891220][T18752] loop6: detected capacity change from 0 to 1024
[  466.901504][T18752] EXT4-fs: Ignoring removed nobh option
[  466.908717][T18752] EXT4-fs: Ignoring removed bh option
[  466.940414][T18752] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  467.120511][T18373] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  467.469410][T18767] loop6: detected capacity change from 0 to 32768
[  467.485552][T18767] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.5225 (18767)
[  467.542857][T18782] netlink: 'syz.2.5227': attribute type 27 has an invalid length.
[  467.861097][T18767] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  467.866662][T18767] BTRFS info (device loop6): using crc32c (crc32c-lib) checksum algorithm
[  467.960896][T18767] BTRFS info (device loop6): allowing degraded mounts
[  467.975054][T18767] BTRFS info (device loop6): enabling ssd optimizations
[  467.987221][T18767] BTRFS info (device loop6): enabling free space tree
[  467.998276][T18767] BTRFS info (device loop6): force zlib compression, level 3
[  468.071412][T18373] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  468.667248][T18822] loop6: detected capacity change from 0 to 32768
[  468.675811][T18822] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.5241 (18822)
[  468.710319][T18822] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  468.716435][T18822] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  468.782089][T18822] BTRFS info (device loop6): enabling ssd optimizations
[  468.797973][T18822] BTRFS info (device loop6): enabling free space tree
[  468.822347][T18373] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  469.462222][T18889] netlink: 'syz.6.5266': attribute type 2 has an invalid length.
[  469.469530][T18889] netlink: 16 bytes leftover after parsing attributes in process `syz.6.5266'.
[  469.509253][T18891] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5267'.
[  469.527264][T18891] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5267'.
[  471.474245][T18956] delete_channel: no stack
[  471.476961][T18955] delete_channel: no stack
[  471.978164][T18989] netlink: 'syz.0.5314': attribute type 30 has an invalid length.
[  472.384694][T19003] netlink: 'syz.2.5320': attribute type 14 has an invalid length.
[  472.484896][T19012] erspan0: entered promiscuous mode
[  472.691200][T19028] A link change request failed with some changes committed already. Interface wg0 may have been left with an inconsistent configuration, please check.
[  473.700666][T19086] netlink: 'syz.2.5350': attribute type 7 has an invalid length.
[  473.705762][T19086] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5350'.
[  473.825611][T19095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5354'.
[  475.456570][T19166] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  475.724847][ T5919] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  475.883313][ T5919] usb 7-1: Using ep0 maxpacket: 32
[  475.886966][ T5919] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  475.892831][ T5919] usb 7-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[  475.896874][ T5919] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.900242][ T5919] usb 7-1: Product: syz
[  475.902140][ T5919] usb 7-1: Manufacturer: syz
[  475.904254][ T5919] usb 7-1: SerialNumber: syz
[  475.908646][ T5919] usb 7-1: config 0 descriptor??
[  475.914676][ T5919] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  475.929239][ T5919] snd-usb-audio 7-1:0.0: probe with driver snd-usb-audio failed with error -2
[  475.957865][T18377] udevd[18377]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  476.125844][ T5919] usb 7-1: USB disconnect, device number 2
[  476.389132][T19172] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5385'.
[  476.394153][T19172] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5385'.
[  478.088479][T19238] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5415'.
[  478.617468][T19276] netlink: 104 bytes leftover after parsing attributes in process `syz.0.5434'.
[  481.408603][   T10] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  481.571195][   T10] usb 7-1: Using ep0 maxpacket: 32
[  481.577010][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64
[  481.581446][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  481.588524][   T10] usb 7-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  481.592177][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  481.596967][   T10] usb 7-1: Product: syz
[  481.599252][   T10] usb 7-1: Manufacturer: syz
[  481.601342][   T10] usb 7-1: SerialNumber: syz
[  481.616858][   T10] usb 7-1: config 0 descriptor??
[  481.642716][   T10] usb 7-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  481.856902][   T13] usb 7-1: Failed to submit usb control message: -71
[  481.861766][   T10] usb 7-1: USB disconnect, device number 3
[  481.868477][   T13] usb 7-1: unable to send the bmi data to the device: -71
[  481.875129][   T13] usb 7-1: unable to get target info from device
[  481.877707][   T13] usb 7-1: could not get target info (-71)
[  481.880198][   T13] usb 7-1: could not probe fw (-71)
[  482.110497][   T33] kauditd_printk_skb: 1 callbacks suppressed
[  482.110511][   T33] audit: type=1326 audit(1758862060.546:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19384 comm="syz.0.5478" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  482.122550][   T33] audit: type=1326 audit(1758862060.546:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19384 comm="syz.0.5478" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  482.132238][   T33] audit: type=1326 audit(1758862060.555:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19384 comm="syz.0.5478" exe="/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  482.143408][   T33] audit: type=1326 audit(1758862060.555:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19384 comm="syz.0.5478" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  482.154371][   T33] audit: type=1326 audit(1758862060.555:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19384 comm="syz.0.5478" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  482.300607][   T33] audit: type=1326 audit(1758862060.722:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19394 comm="syz.0.5483" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  482.313006][   T33] audit: type=1326 audit(1758862060.722:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19394 comm="syz.0.5483" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  482.323349][   T33] audit: type=1326 audit(1758862060.740:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19394 comm="syz.0.5483" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  482.332340][   T33] audit: type=1326 audit(1758862060.740:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19394 comm="syz.0.5483" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  482.341641][   T33] audit: type=1326 audit(1758862060.740:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19394 comm="syz.0.5483" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  482.513961][T19405] loop6: detected capacity change from 0 to 4096
[  482.517207][T19405] ntfs3(loop6): Different NTFS sector size (1024) and media sector size (512).
[  482.996915][T19419] netlink: 'syz.0.5491': attribute type 32 has an invalid length.
[  483.038940][T19421] loop6: detected capacity change from 0 to 1024
[  483.074380][T19421] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  483.103588][T19421] EXT4-fs error (device loop6): ext4_xattr_inode_iget:437: inode #11: comm syz.6.5493: missing EA_INODE flag
[  483.118305][T19421] EXT4-fs (loop6): Remounting filesystem read-only
[  483.141831][T18373] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  483.408509][T19443] netdevsim netdevsim6 netdevsim0: entered promiscuous mode
[  483.616697][T19457] netlink: 'syz.6.5509': attribute type 11 has an invalid length.
[  483.878252][T19472] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5515'.
[  484.948380][T19512] loop6: detected capacity change from 0 to 40427
[  484.975550][T19512] F2FS-fs (loop6): invalid crc value
[  485.020323][T19512] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  485.024893][T19512] F2FS-fs (loop6): Start checkpoint disabled!
[  485.030308][T19512] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  485.130107][T18373] syz-executor: attempt to access beyond end of device
[  485.130107][T18373] loop6: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  485.162018][T18373] syz-executor: attempt to access beyond end of device
[  485.162018][T18373] loop6: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  485.326536][ T9248] kworker/u10:13: attempt to access beyond end of device
[  485.326536][ T9248] loop6: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[  485.349403][ T9248] CPU: 1 UID: 0 PID: 9248 Comm: kworker/u10:13 Not tainted syzkaller #0 PREEMPT(full) 
[  485.349445][ T9248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  485.349455][ T9248] Workqueue: writeback wb_workfn (flush-7:6)
[  485.349480][ T9248] Call Trace:
[  485.349486][ T9248]  <TASK>
[  485.349493][ T9248]  dump_stack_lvl+0x189/0x250
[  485.349514][ T9248]  ? __pfx_dump_stack_lvl+0x10/0x10
[  485.349529][ T9248]  ? __pfx_queue_work_on+0x10/0x10
[  485.349542][ T9248]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  485.349562][ T9248]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  485.349590][ T9248]  f2fs_handle_critical_error+0x37c/0x540
[  485.349614][ T9248]  f2fs_write_end_io+0x886/0xb60
[  485.349644][ T9248]  __submit_merged_bio+0x27a/0x6a0
[  485.349667][ T9248]  __submit_merged_write_cond+0x255/0x530
[  485.349692][ T9248]  f2fs_write_data_pages+0x261d/0x3000
[  485.349733][ T9248]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  485.349758][ T9248]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  485.349803][ T9248]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  485.349831][ T9248]  ? trace_f2fs_writepages+0x7f/0x200
[  485.349850][ T9248]  ? f2fs_write_node_pages+0x478/0x6e0
[  485.349871][ T9248]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  485.349900][ T9248]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  485.349914][ T9248]  do_writepages+0x32e/0x550
[  485.349936][ T9248]  ? reacquire_held_locks+0x127/0x1d0
[  485.349949][ T9248]  ? writeback_sb_inodes+0x384/0x1010
[  485.349972][ T9248]  __writeback_single_inode+0x145/0xff0
[  485.349988][ T9248]  ? do_raw_spin_unlock+0x4d/0x240
[  485.350005][ T9248]  writeback_sb_inodes+0x6c7/0x1010
[  485.350071][ T9248]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  485.350124][ T9248]  ? rcu_is_watching+0x15/0xb0
[  485.350147][ T9248]  wb_writeback+0x43b/0xaf0
[  485.350169][ T9248]  ? queue_io+0x381/0x590
[  485.350188][ T9248]  ? __pfx_wb_writeback+0x10/0x10
[  485.350211][ T9248]  ? _raw_spin_unlock_irq+0x23/0x50
[  485.350234][ T9248]  wb_workfn+0x409/0xef0
[  485.350269][ T9248]  ? __pfx_wb_workfn+0x10/0x10
[  485.350287][ T9248]  ? __lock_acquire+0xab9/0xd20
[  485.350315][ T9248]  ? process_scheduled_works+0x9ef/0x17b0
[  485.350334][ T9248]  ? _raw_spin_unlock_irq+0x23/0x50
[  485.350350][ T9248]  ? process_scheduled_works+0x9ef/0x17b0
[  485.350361][ T9248]  ? process_scheduled_works+0x9ef/0x17b0
[  485.350375][ T9248]  process_scheduled_works+0xae1/0x17b0
[  485.350413][ T9248]  ? __pfx_process_scheduled_works+0x10/0x10
[  485.350441][ T9248]  worker_thread+0x8a0/0xda0
[  485.350467][ T9248]  ? __kthread_parkme+0x7b/0x200
[  485.350489][ T9248]  kthread+0x711/0x8a0
[  485.350507][ T9248]  ? __pfx_worker_thread+0x10/0x10
[  485.350519][ T9248]  ? __pfx_kthread+0x10/0x10
[  485.350536][ T9248]  ? _raw_spin_unlock_irq+0x23/0x50
[  485.350553][ T9248]  ? lockdep_hardirqs_on+0x9c/0x150
[  485.350564][ T9248]  ? __pfx_kthread+0x10/0x10
[  485.350580][ T9248]  ret_from_fork+0x439/0x7d0
[  485.350597][ T9248]  ? __pfx_ret_from_fork+0x10/0x10
[  485.350615][ T9248]  ? __switch_to_asm+0x39/0x70
[  485.350629][ T9248]  ? __switch_to_asm+0x33/0x70
[  485.350643][ T9248]  ? __pfx_kthread+0x10/0x10
[  485.350659][ T9248]  ret_from_fork_asm+0x1a/0x30
[  485.350688][ T9248]  </TASK>
[  485.354111][ T9248] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  485.354188][ T9248] CPU: 0 UID: 0 PID: 9248 Comm: kworker/u10:13 Not tainted syzkaller #0 PREEMPT(full) 
[  485.354202][ T9248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  485.354209][ T9248] Workqueue: writeback wb_workfn (flush-7:6)
[  485.354228][ T9248] Call Trace:
[  485.354233][ T9248]  <TASK>
[  485.354238][ T9248]  dump_stack_lvl+0x189/0x250
[  485.354257][ T9248]  ? __pfx_dump_stack_lvl+0x10/0x10
[  485.354270][ T9248]  ? __pfx_queue_work_on+0x10/0x10
[  485.354281][ T9248]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  485.354299][ T9248]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  485.354322][ T9248]  f2fs_handle_critical_error+0x37c/0x540
[  485.354344][ T9248]  f2fs_write_end_io+0x886/0xb60
[  485.354368][ T9248]  __submit_merged_bio+0x27a/0x6a0
[  485.354388][ T9248]  __submit_merged_write_cond+0x255/0x530
[  485.354408][ T9248]  f2fs_write_data_pages+0x261d/0x3000
[  485.354443][ T9248]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  485.354464][ T9248]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  485.354502][ T9248]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  485.354528][ T9248]  ? trace_f2fs_writepages+0x7f/0x200
[  485.354545][ T9248]  ? f2fs_write_node_pages+0x478/0x6e0
[  485.354564][ T9248]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  485.354591][ T9248]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  485.354603][ T9248]  do_writepages+0x32e/0x550
[  485.354623][ T9248]  ? reacquire_held_locks+0x127/0x1d0
[  485.354635][ T9248]  ? writeback_sb_inodes+0x384/0x1010
[  485.354656][ T9248]  __writeback_single_inode+0x145/0xff0
[  485.354671][ T9248]  ? do_raw_spin_unlock+0x4d/0x240
[  485.354689][ T9248]  writeback_sb_inodes+0x6c7/0x1010
[  485.354723][ T9248]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  485.354768][ T9248]  ? rcu_is_watching+0x15/0xb0
[  485.354788][ T9248]  wb_writeback+0x43b/0xaf0
[  485.354808][ T9248]  ? queue_io+0x381/0x590
[  485.354825][ T9248]  ? __pfx_wb_writeback+0x10/0x10
[  485.354846][ T9248]  ? _raw_spin_unlock_irq+0x23/0x50
[  485.354867][ T9248]  wb_workfn+0x409/0xef0
[  485.354890][ T9248]  ? __pfx_wb_workfn+0x10/0x10
[  485.354907][ T9248]  ? __lock_acquire+0xab9/0xd20
[  485.354932][ T9248]  ? process_scheduled_works+0x9ef/0x17b0
[  485.354948][ T9248]  ? _raw_spin_unlock_irq+0x23/0x50
[  485.354964][ T9248]  ? process_scheduled_works+0x9ef/0x17b0
[  485.354975][ T9248]  ? process_scheduled_works+0x9ef/0x17b0
[  485.354988][ T9248]  process_scheduled_works+0xae1/0x17b0
[  485.355018][ T9248]  ? __pfx_process_scheduled_works+0x10/0x10
[  485.355073][ T9248]  worker_thread+0x8a0/0xda0
[  485.355097][ T9248]  ? __kthread_parkme+0x7b/0x200
[  485.355123][ T9248]  kthread+0x711/0x8a0
[  485.355141][ T9248]  ? __pfx_worker_thread+0x10/0x10
[  485.355153][ T9248]  ? __pfx_kthread+0x10/0x10
[  485.355169][ T9248]  ? _raw_spin_unlock_irq+0x23/0x50
[  485.355185][ T9248]  ? lockdep_hardirqs_on+0x9c/0x150
[  485.355196][ T9248]  ? __pfx_kthread+0x10/0x10
[  485.355211][ T9248]  ret_from_fork+0x439/0x7d0
[  485.355226][ T9248]  ? __pfx_ret_from_fork+0x10/0x10
[  485.355243][ T9248]  ? __switch_to_asm+0x39/0x70
[  485.355257][ T9248]  ? __switch_to_asm+0x33/0x70
[  485.355271][ T9248]  ? __pfx_kthread+0x10/0x10
[  485.355285][ T9248]  ret_from_fork_asm+0x1a/0x30
[  485.355311][ T9248]  </TASK>
[  485.355316][ T9248] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  485.544589][T19523] bad cache= option: no%e
[  485.544589][T19523] 
[  485.546286][ T9248] CPU: 0 UID: 0 PID: 9248 Comm: kworker/u10:13 Not tainted syzkaller #0 PREEMPT(full) 
[  485.546304][ T9248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  485.546314][ T9248] Workqueue: writeback wb_workfn (flush-7:6)
[  485.546333][ T9248] Call Trace:
[  485.546338][ T9248]  <TASK>
[  485.546344][ T9248]  dump_stack_lvl+0x189/0x250
[  485.546364][ T9248]  ? __pfx_dump_stack_lvl+0x10/0x10
[  485.546379][ T9248]  ? __pfx_queue_work_on+0x10/0x10
[  485.546397][ T9248]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  485.546422][ T9248]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  485.546448][ T9248]  f2fs_handle_critical_error+0x37c/0x540
[  485.546472][ T9248]  f2fs_write_end_io+0x886/0xb60
[  485.546499][ T9248]  __submit_merged_bio+0x27a/0x6a0
[  485.546522][ T9248]  __submit_merged_write_cond+0x255/0x530
[  485.546545][ T9248]  f2fs_write_data_pages+0x261d/0x3000
[  485.546586][ T9248]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  485.546609][ T9248]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  485.546652][ T9248]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  485.546679][ T9248]  ? trace_f2fs_writepages+0x7f/0x200
[  485.546696][ T9248]  ? f2fs_write_node_pages+0x478/0x6e0
[  485.546717][ T9248]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  485.546745][ T9248]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  485.546758][ T9248]  do_writepages+0x32e/0x550
[  485.546778][ T9248]  ? reacquire_held_locks+0x127/0x1d0
[  485.546790][ T9248]  ? writeback_sb_inodes+0x384/0x1010
[  485.546812][ T9248]  __writeback_single_inode+0x145/0xff0
[  485.546848][ T9248]  ? do_raw_spin_unlock+0x4d/0x240
[  485.546866][ T9248]  writeback_sb_inodes+0x6c7/0x1010
[  485.546903][ T9248]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  485.546955][ T9248]  ? rcu_is_watching+0x15/0xb0
[  485.546975][ T9248]  wb_writeback+0x43b/0xaf0
[  485.546997][ T9248]  ? queue_io+0x381/0x590
[  485.547015][ T9248]  ? __pfx_wb_writeback+0x10/0x10
[  485.547037][ T9248]  ? _raw_spin_unlock_irq+0x23/0x50
[  485.547086][ T9248]  wb_workfn+0x409/0xef0
[  485.547110][ T9248]  ? __pfx_wb_workfn+0x10/0x10
[  485.547128][ T9248]  ? __lock_acquire+0xab9/0xd20
[  485.547152][ T9248]  ? process_scheduled_works+0x9ef/0x17b0
[  485.547169][ T9248]  ? _raw_spin_unlock_irq+0x23/0x50
[  485.547185][ T9248]  ? process_scheduled_works+0x9ef/0x17b0
[  485.547197][ T9248]  ? process_scheduled_works+0x9ef/0x17b0
[  485.547209][ T9248]  process_scheduled_works+0xae1/0x17b0
[  485.547246][ T9248]  ? __pfx_process_scheduled_works+0x10/0x10
[  485.547272][ T9248]  worker_thread+0x8a0/0xda0
[  485.547297][ T9248]  ? __kthread_parkme+0x7b/0x200
[  485.547319][ T9248]  kthread+0x711/0x8a0
[  485.547336][ T9248]  ? __pfx_worker_thread+0x10/0x10
[  485.547347][ T9248]  ? __pfx_kthread+0x10/0x10
[  485.547364][ T9248]  ? _raw_spin_unlock_irq+0x23/0x50
[  485.547380][ T9248]  ? lockdep_hardirqs_on+0x9c/0x150
[  485.547398][ T9248]  ? __pfx_kthread+0x10/0x10
[  485.547415][ T9248]  ret_from_fork+0x439/0x7d0
[  485.547429][ T9248]  ? __pfx_ret_from_fork+0x10/0x10
[  485.547447][ T9248]  ? __switch_to_asm+0x39/0x70
[  485.547461][ T9248]  ? __switch_to_asm+0x33/0x70
[  485.547479][ T9248]  ? __pfx_kthread+0x10/0x10
[  485.547494][ T9248]  ret_from_fork_asm+0x1a/0x30
[  485.547523][ T9248]  </TASK>
[  485.548501][ T9248] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  485.554691][T19523] CIFS: VFS: bad cache= option: no%e
[  485.884660][T19530] ip6gretap1: entered promiscuous mode
[  485.887290][T19530] ip6gretap1: entered allmulticast mode
[  485.993845][T19535] 8021q: adding VLAN 0 to HW filter on device bond1
[  485.998410][T19535] bond0: (slave bond1): Enslaving as an active interface with a down link
[  486.133179][   T13] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  486.243816][   T13] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  486.371696][   T13] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  486.502006][   T13] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  486.627211][ T5236] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  486.654600][ T5236] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  486.664074][ T5236] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  486.670848][ T5236] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  486.677355][ T5236] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  487.116420][   T13] bridge_slave_1: left allmulticast mode
[  487.120216][   T13] bridge_slave_1: left promiscuous mode
[  487.122241][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  487.129901][   T13] bridge_slave_0: left allmulticast mode
[  487.131730][   T13] bridge_slave_0: left promiscuous mode
[  487.133755][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  487.913399][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  487.917550][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  487.921973][   T13] bond0 (unregistering): Released all slaves
[  488.130376][T19550] chnl_net:caif_netlink_parms(): no params data found
[  488.295153][   T13] hsr_slave_0: left promiscuous mode
[  488.297717][   T13] hsr_slave_1: left promiscuous mode
[  488.300062][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  488.302617][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  488.305864][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  488.308479][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  488.336087][   T13] veth1_macvtap: left promiscuous mode
[  488.338674][   T13] veth0_macvtap: left promiscuous mode
[  488.340633][   T13] veth1_vlan: left promiscuous mode
[  488.345445][   T13] veth0_vlan: left promiscuous mode
[  488.843891][   T13] team0 (unregistering): Port device team_slave_1 removed
[  488.889162][   T13] team0 (unregistering): Port device team_slave_0 removed
[  488.924898][ T5236] Bluetooth: hci1: command tx timeout
[  489.347864][T19550] bridge0: port 1(bridge_slave_0) entered blocking state
[  489.351542][T19550] bridge0: port 1(bridge_slave_0) entered disabled state
[  489.354523][T19550] bridge_slave_0: entered allmulticast mode
[  489.358391][T19550] bridge_slave_0: entered promiscuous mode
[  489.383831][T19550] bridge0: port 2(bridge_slave_1) entered blocking state
[  489.389775][T19550] bridge0: port 2(bridge_slave_1) entered disabled state
[  489.392512][T19550] bridge_slave_1: entered allmulticast mode
[  489.398679][T19550] bridge_slave_1: entered promiscuous mode
[  489.478968][T19550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  489.494480][T19550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  489.583613][T19550] team0: Port device team_slave_0 added
[  489.606523][T19550] team0: Port device team_slave_1 added
[  489.649599][T19550] batman_adv: batadv0: Adding interface: batadv_slave_0
[  489.652602][T19550] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  489.664902][T19550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  489.670659][T19550] batman_adv: batadv0: Adding interface: batadv_slave_1
[  489.673493][T19550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  489.687277][T19550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  489.742571][T19550] hsr_slave_0: entered promiscuous mode
[  489.745685][T19550] hsr_slave_1: entered promiscuous mode
[  489.928648][T19550] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  489.933501][T19550] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  489.939654][T19550] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  489.948366][T19550] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  489.996822][T19550] bridge0: port 2(bridge_slave_1) entered blocking state
[  489.999548][T19550] bridge0: port 2(bridge_slave_1) entered forwarding state
[  490.040237][T19550] 8021q: adding VLAN 0 to HW filter on device bond0
[  490.052164][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  490.070409][T19550] 8021q: adding VLAN 0 to HW filter on device team0
[  490.079125][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  490.081457][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  490.088754][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  490.091115][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  490.225291][T19550] 8021q: adding VLAN 0 to HW filter on device batadv0
[  490.398260][T19550] veth0_vlan: entered promiscuous mode
[  490.404583][T19550] veth1_vlan: entered promiscuous mode
[  490.432884][T19550] veth0_macvtap: entered promiscuous mode
[  490.439826][T19550] veth1_macvtap: entered promiscuous mode
[  490.450611][T19550] batman_adv: batadv0: Interface activated: batadv_slave_0
[  490.463134][T19550] batman_adv: batadv0: Interface activated: batadv_slave_1
[  490.475569][T18423] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  490.480993][T18423] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  490.487497][T18423] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  490.502853][T18423] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  490.571257][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  490.573879][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  490.599082][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  490.602482][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  490.629726][T19677] netlink: 92 bytes leftover after parsing attributes in process `syz.2.5575'.
[  491.159275][ T5236] Bluetooth: hci1: command tx timeout
[  492.142905][T19739] nfs: Deprecated parameter 'nointr'
[  492.216689][T19746] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5606'.
[  492.418789][T19758] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5611'.
[  492.431147][T19758] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5611'.
[  492.436891][T19758] netlink: 'syz.2.5611': attribute type 7 has an invalid length.
[  493.414092][ T5236] Bluetooth: hci1: command tx timeout
[  494.279580][    T9] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  494.582314][    T9] usb 8-1: Using ep0 maxpacket: 32
[  494.587349][    T9] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  494.591219][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  494.603439][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  494.607271][    T9] usb 8-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  494.610220][    T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.622061][    T9] usb 8-1: config 0 descriptor??
[  494.625307][T19815] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  494.641026][    T9] hub 8-1:0.0: USB hub found
[  494.856707][    T9] hub 8-1:0.0: config failed, can't read hub descriptor (err -22)
[  494.881884][    T9] usbhid 8-1:0.0: can't add hid device: -71
[  494.884596][    T9] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  494.930335][    T9] usb 8-1: USB disconnect, device number 2
[  495.675407][T19874] loop7: detected capacity change from 0 to 256
[  495.678510][ T5236] Bluetooth: hci1: command tx timeout
[  495.726554][T19874] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x18620e94, utbl_chksum : 0xe619d30d)
[  495.755478][T19874] exFAT-fs (loop7): start_clu is invalid cluster(0x0)
[  496.157421][T19886] overlayfs: failed to create directory ./bus/work (errno: 28); mounting read-only
[  496.161733][T19886] overlayfs: failed to set uuid (/file1, err=-28); falling back to uuid=null.
[  496.538088][T19902] i801_smbus 0000:00:1f.3: Illegal SMBus block read size 0
[  496.623464][T19910] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5674'.
[  496.654935][T19912] loop7: detected capacity change from 0 to 16
[  496.658829][T19912] erofs (device loop7): mounted with root inode @ nid 36.
[  496.735801][T19915] netlink: 'syz.7.5676': attribute type 4 has an invalid length.
[  496.786804][T19921] overlayfs: failed to clone upperpath
[  496.819165][T19923] loop7: detected capacity change from 0 to 256
[  496.839348][T19923] FAT-fs (loop7): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  496.843629][T19923] FAT-fs (loop7): Filesystem has been set read-only
[  496.849538][T19923] FAT-fs (loop7): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  496.854798][T19923] FAT-fs (loop7): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  497.028069][T19931] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  497.188900][T19933] loop7: detected capacity change from 0 to 32768
[  497.292783][T19933] bcachefs (loop7): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,str_hash=crc32c,noacl,usrquota,grpquota,nojournal_transaction_names,allocator_stuck_timeout=256
[  497.292803][T19933]   allowing incompatible features above 0.0: (unknown version)
[  497.292810][T19933]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  497.311371][T19933] bcachefs (loop7): Using encoding defined by superblock: utf8-12.1.0
[  497.315300][T19933] bcachefs (loop7): initializing new filesystem
[  497.325435][T19933] bcachefs (loop7): going read-write
[  497.334807][T19933] bcachefs (loop7): marking superblocks
[  497.349247][T19933] bcachefs (loop7): initializing freespace
[  497.355843][T19933] bcachefs (loop7): done initializing freespace
[  497.362436][T19933] bcachefs (loop7): reading snapshots table
[  497.365039][T19933] bcachefs (loop7): reading snapshots done
[  497.426886][T19933] bcachefs (loop7): done starting filesystem
[  497.528345][T19933] syz.7.5685 (19933) used greatest stack depth: 16584 bytes left
[  497.559466][T19550] bcachefs (loop7): shutting down
[  497.562379][T19550] bcachefs (loop7): going read-only
[  497.569045][T19550] bcachefs (loop7): finished waiting for writes to stop
[  497.586682][T19550] bcachefs (loop7): flushing journal and stopping allocators, journal seq 2
[  497.802231][T19550] bcachefs (loop7): flushing journal and stopping allocators complete, journal seq 3
[  497.814620][T19550] bcachefs (loop7): clean shutdown complete, journal seq 4
[  497.818390][T19550] bcachefs (loop7): marking filesystem clean
[  498.174479][T19550] bcachefs (loop7): shutdown complete
[  498.227633][   T33] kauditd_printk_skb: 18 callbacks suppressed
[  498.227651][   T33] audit: type=1326 audit(1758862075.425:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19966 comm="syz.0.5694" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x0
[  498.649727][T19980] 9pnet_fd: Insufficient options for proto=fd
[  498.990730][T19996] netlink: 424 bytes leftover after parsing attributes in process `syz.2.5704'.
[  498.995825][T19996] netlink: 'syz.2.5704': attribute type 1 has an invalid length.
[  501.788982][T20083] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5733'.
[  501.816291][T20082] loop7: detected capacity change from 0 to 1024
[  502.007075][T20082] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  502.018909][T20082] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  502.055826][T19550] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  502.174619][T20090] loop7: detected capacity change from 0 to 1024
[  502.289718][   T33] audit: type=1800 audit(1758862079.172:168): pid=20090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.5736" name="file1" dev="loop7" ino=20 res=0 errno=0
[  502.318616][   T33] audit: type=1800 audit(1758862079.172:169): pid=20090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.5736" name="file1" dev="loop7" ino=20 res=0 errno=0
[  503.128200][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  503.982356][T20134] loop7: detected capacity change from 0 to 256
[  505.112195][T20164] loop7: detected capacity change from 0 to 32768
[  505.158911][T20164] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  505.236568][T20164] XFS (loop7): Ending clean mount
[  505.281090][   T33] audit: type=1800 audit(1758862081.932:170): pid=20164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.5765" name="file2" dev="loop7" ino=4423 res=0 errno=0
[  505.425122][T19550] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  505.606226][T20196] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  506.011877][T20217] new mount options do not match the existing superblock, will be ignored
[  507.443887][   T10] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  507.492182][T20262] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  507.691452][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  507.696670][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  507.707851][   T10] usb 8-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[  507.711882][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  507.826107][   T10] usb 8-1: config 0 descriptor??
[  508.338022][   T10] petalynx 0003:18B1:0037.0011: hidraw0: USB HID v0.00 Device [HID 18b1:0037] on usb-dummy_hcd.7-1/input0
[  508.552900][T20275] tmpfs: Bad value for 'mpol'
[  508.560589][   T10] usb 8-1: USB disconnect, device number 3
[  509.202024][T20295] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5814'.
[  509.486466][T20293] loop7: detected capacity change from 0 to 32768
[  509.789719][   T33] audit: type=1107 audit(1758862086.012:171): pid=20306 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  509.850304][T20293] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  509.877064][T20293] XFS (loop7): Ending clean mount
[  509.883985][T20293] XFS (loop7): Quotacheck needed: Please wait.
[  509.920087][T20293] XFS (loop7): Quotacheck: Done.
[  509.963292][T19550] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  510.298816][T20321] loop7: detected capacity change from 0 to 1024
[  510.345336][T20321] hfsplus: xattr search failed
[  510.497098][T20326] loop7: detected capacity change from 0 to 4096
[  510.729952][T20334] loop7: detected capacity change from 0 to 2048
[  510.770035][T18377] Alternate GPT is invalid, using primary GPT.
[  510.772795][T18377]  loop7: p2 p3 p7
[  510.801636][T20334] Alternate GPT is invalid, using primary GPT.
[  510.804616][T20334]  loop7: p2 p3 p7
[  510.905664][T18374] udevd[18374]: inotify_add_watch(7, /dev/loop7p3, 10) failed: No such file or directory
[  510.905895][T18376] udevd[18376]: inotify_add_watch(7, /dev/loop7p7, 10) failed: No such file or directory
[  510.913047][T18377] udevd[18377]: inotify_add_watch(7, /dev/loop7p2, 10) failed: No such file or directory
[  511.388075][T20360] ptrace attach of "/syz-executor exec"[20362] was attempted by "/syz-executor exec"[20360]
[  511.867065][  T793] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  512.042130][  T793] usb 8-1: Using ep0 maxpacket: 8
[  512.049461][  T793] usb 8-1: config 179 has an invalid interface number: 65 but max is 0
[  512.052995][  T793] usb 8-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[  512.057319][  T793] usb 8-1: config 179 has no interface number 0
[  512.068675][  T793] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 0, changing to 7
[  512.077937][  T793] usb 8-1: config 179 interface 65 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[  512.084518][  T793] usb 8-1: config 179 interface 65 has no altsetting 0
[  512.087293][  T793] usb 8-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  512.090375][  T793] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  512.119328][T20419] netlink: 'syz.0.5867': attribute type 21 has an invalid length.
[  512.122315][T20419] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5867'.
[  512.330501][  T793] usb 8-1: USB disconnect, device number 4
[  512.936119][  T793] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  513.098522][  T793] usb 8-1: Using ep0 maxpacket: 8
[  513.102878][  T793] usb 8-1: config 162 has an invalid interface number: 97 but max is 0
[  513.106523][  T793] usb 8-1: config 162 has no interface number 0
[  513.109447][  T793] usb 8-1: config 162 interface 97 has no altsetting 0
[  513.115284][  T793] usb 8-1: New USB device found, idVendor=0c2e, idProduct=0700, bcdDevice=e1.3b
[  513.119188][  T793] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.123530][  T793] usb 8-1: Product: syz
[  513.125388][  T793] usb 8-1: Manufacturer: syz
[  513.127461][  T793] usb 8-1: SerialNumber: syz
[  513.360371][  T793] metro_usb 8-1:162.97: interrupt-out endpoint missing
[  513.366481][  T793] usb 8-1: USB disconnect, device number 5
[  514.093552][T20488] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5899'.
[  514.455272][T20492] loop7: detected capacity change from 0 to 32768
[  514.510180][T20492] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  514.551938][T20492] XFS (loop7): Ending clean mount
[  514.577948][T20492] XFS (loop7): User initiated shutdown received.
[  514.581091][T20492] XFS (loop7): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:472).  Shutting down filesystem.
[  514.594131][T20492] XFS (loop7): Please unmount the filesystem and rectify the problem(s)
[  514.633844][T19550] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  515.121230][T20525] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5912'.
[  515.125567][T20525] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5912'.
[  516.029532][T20572] loop7: detected capacity change from 0 to 256
[  516.048623][T20572] FAT-fs (loop7): bogus logical sector size 2238
[  516.051681][T20572] FAT-fs (loop7): Can't find a valid FAT filesystem
[  516.201473][T20572] binder: Bad value for 'stats'
[  516.647781][T20588] unknown channel width for channel at 909000KHz?
[  516.650564][T20588] unknown channel width for channel at 909000KHz?
[  516.658519][T20588] unknown channel width for channel at 909000KHz?
[  516.666378][T20579] loop7: detected capacity change from 0 to 32768
[  516.680109][T20579] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  516.735864][T20579] XFS (loop7): Ending clean mount
[  516.828338][T19550] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  517.985703][T20618] 9pnet_fd: Insufficient options for proto=fd
[  518.925522][T20658] netlink: 392 bytes leftover after parsing attributes in process `syz.0.5970'.
[  518.930748][T20646] loop7: detected capacity change from 0 to 32768
[  518.949639][T20646] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.5964 (20646)
[  518.962832][T20646] BTRFS info (device loop7): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  518.972191][T20646] BTRFS info (device loop7): using sha256 (sha256-lib) checksum algorithm
[  519.123051][T20646] BTRFS info (device loop7): rebuilding free space tree
[  519.179281][T20646] BTRFS info (device loop7): disabling free space tree
[  519.192712][T20646] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  519.230783][T20646] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  519.243861][T20646] BTRFS info (device loop7): enabling ssd optimizations
[  519.248803][T20646] BTRFS info (device loop7): force clearing of disk cache
[  519.251934][T20646] BTRFS info (device loop7): enabling auto defrag
[  519.259410][T20646] BTRFS info (device loop7): doing ref verification
[  519.824948][T19550] BTRFS info (device loop7): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  520.077322][ T5236] Bluetooth: hci1: ISO packet for unknown connection handle 0
[  521.867817][T20726] netlink: 'syz.7.5992': attribute type 1 has an invalid length.
[  522.208151][T20752] loop7: detected capacity change from 0 to 2048
[  522.231927][T20755] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  522.279150][T20755] NILFS (loop7): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  522.284518][T20755] NILFS error (device loop7): nilfs_bmap_propagate: broken bmap (inode number=4)
[  522.291446][T20755] Remounting filesystem read-only
[  522.294217][T19550] NILFS (loop7): disposed unprocessed dirty file(s) when stopping log writer
[  522.429677][T20761] loop7: detected capacity change from 0 to 1024
[  522.474997][T20761] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  522.573215][T19550] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  522.801871][T20785] IPv6: NLM_F_CREATE should be specified when creating new route
[  522.833244][T20789] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6018'.
[  522.837240][T20789] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6018'.
[  522.845979][T20789] tipc: MTU too low for tipc bearer
[  523.988341][T20821] Invalid ELF header magic: != ELF
[  524.789018][T20850] atomic_op ffff88803ab9e998 conn xmit_atomic 0000000000000000
[  525.291520][T20871] netlink: 'syz.7.6054': attribute type 2 has an invalid length.
[  527.179444][T20912] overlayfs: failed to clone upperpath
[  528.412617][T20951] netfs: Couldn't get user pages (rc=-14)
[  528.861632][T20977] loop7: detected capacity change from 0 to 32768
[  528.867980][T20977] XFS: noikeep mount option is deprecated.
[  528.877790][T20977] XFS: noikeep mount option is deprecated.
[  528.884393][T20977] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  528.914249][T20977] XFS (loop7): Ending clean mount
[  528.924045][T20977] XFS (loop7): Quotacheck needed: Please wait.
[  528.967175][T20977] XFS (loop7): Quotacheck: Done.
[  529.017114][T19550] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  529.510679][T21008] loop7: detected capacity change from 0 to 1024
[  529.520102][T21008] EXT4-fs: Ignoring removed bh option
[  529.522017][T21008] EXT4-fs: inline encryption not supported
[  529.529018][T21008] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  529.534256][T21008] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  529.553609][T21008] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 2: comm syz.7.6110: lblock 2 mapped to illegal pblock 2 (length 1)
[  529.566029][T21008] EXT4-fs (loop7): Remounting filesystem read-only
[  529.572507][T21008] Quota error (device loop7): qtree_write_dquot: dquota write failed
[  529.576061][T21008] Quota error (device loop7): v2_write_file_info: Can't write info structure
[  529.605459][T21008] EXT4-fs (loop7): 1 orphan inode deleted
[  529.706089][T21008] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  529.726164][T21008] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  529.884756][T21018] netlink: 64 bytes leftover after parsing attributes in process `syz.7.6113'.
[  529.955065][T21024] syz_tun: refused to change device tx_queue_len
[  530.086136][T21029] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6117'.
[  530.220036][T21031] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.6119'.
[  532.751840][ T5919] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  532.914323][ T5919] usb 8-1: Using ep0 maxpacket: 8
[  532.919555][ T5919] usb 8-1: unable to get BOS descriptor or descriptor too short
[  532.923638][ T5919] usb 8-1: config 11 has an invalid interface number: 158 but max is 1
[  532.927415][ T5919] usb 8-1: config 11 has 1 interface, different from the descriptor's value: 2
[  532.931064][ T5919] usb 8-1: config 11 has no interface number 0
[  532.933675][ T5919] usb 8-1: config 11 interface 158 altsetting 81 endpoint 0x1 has invalid maxpacket 9224, setting to 1024
[  532.943236][ T5919] usb 8-1: config 11 interface 158 altsetting 81 has an invalid descriptor for endpoint zero, skipping
[  532.947289][ T5919] usb 8-1: config 11 interface 158 altsetting 81 has 6 endpoint descriptors, different from the interface descriptor's value: 2
[  532.951716][ T5919] usb 8-1: config 11 interface 158 has no altsetting 0
[  532.956438][ T5919] usb 8-1: New USB device found, idVendor=0c72, idProduct=0011, bcdDevice=3b.0d
[  532.960488][ T5919] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.963500][ T5919] usb 8-1: Product: syz
[  532.965326][ T5919] usb 8-1: Manufacturer: syz
[  532.967005][ T5919] usb 8-1: SerialNumber: syz
[  533.202661][ T5919] usb 8-1: USB disconnect, device number 6
[  533.931112][T21144] netlink: 'syz.0.6170': attribute type 11 has an invalid length.
[  534.112431][ T5918] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  534.293125][ T5918] usb 8-1: Using ep0 maxpacket: 32
[  534.297408][ T5918] usb 8-1: config 0 has an invalid interface number: 152 but max is 0
[  534.297826][T21178] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6188'.
[  534.313162][ T5918] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  534.317380][ T5918] usb 8-1: config 0 has no interface number 0
[  534.319966][ T5918] usb 8-1: config 0 interface 152 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  534.329563][ T5918] usb 8-1: config 0 interface 152 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 11
[  534.338593][ T5918] usb 8-1: New USB device found, idVendor=1943, idProduct=2255, bcdDevice= 6.d2
[  534.341099][T21182] IPVS: Error connecting to the multicast addr
[  534.342928][ T5918] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  534.354816][ T5918] usb 8-1: config 0 descriptor??
[  534.369311][ T5918] s2255 8-1:0.152: Could not find bulk-in endpoint
[  534.372902][ T5918] Sensoray 2255 driver load failed: 0xfffffff4
[  534.375491][ T5918] s2255 8-1:0.152: probe with driver s2255 failed with error -12
[  534.603307][  T794] usb 8-1: USB disconnect, device number 7
[  535.497735][T21221] loop7: detected capacity change from 0 to 32768
[  535.503366][T21221] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.6208 (21221)
[  535.510670][T21221] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  535.515249][T21221] BTRFS info (device loop7): using crc32c (crc32c-lib) checksum algorithm
[  535.518260][T21221] BTRFS warning (device loop7): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  535.625543][T21221] BTRFS info (device loop7): rebuilding free space tree
[  535.645090][T21221] BTRFS info (device loop7): disabling free space tree
[  535.648040][T21221] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  535.652036][T21221] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  535.659349][T21221] BTRFS info (device loop7): setting nodatasum
[  535.661962][T21221] BTRFS info (device loop7): allowing degraded mounts
[  535.664802][T21221] BTRFS info (device loop7): enabling ssd optimizations
[  535.667987][T21221] BTRFS info (device loop7): turning off barriers
[  535.670721][T21221] BTRFS info (device loop7): disabling tree log
[  535.673384][T21221] BTRFS info (device loop7): turning on flush-on-commit
[  535.676303][T21221] BTRFS info (device loop7): enabling disk space caching
[  535.679294][T21221] BTRFS info (device loop7): force clearing of disk cache
[  535.736339][T19550] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  536.630404][T21264] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  536.636046][T21264] overlayfs: missing 'lowerdir'
[  537.686728][T21281] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6227'.
[  537.699878][T21281] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6227'.
[  537.726862][T21285] loop7: detected capacity change from 0 to 256
[  537.729666][T21285] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  537.738800][T21285] FAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  538.015997][T21297] netlink: 116 bytes leftover after parsing attributes in process `syz.2.6234'.
[  538.059021][T21299] sctp: [Deprecated]: syz.2.6235 (pid 21299) Use of int in max_burst socket option.
[  538.059021][T21299] Use struct sctp_assoc_value instead
[  538.229610][ T5919] usb 8-1: new full-speed USB device number 8 using dummy_hcd
[  538.414667][ T5919] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  538.428925][ T5919] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  538.433455][ T5919] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 65535, setting to 64
[  538.437720][ T5919] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  538.449631][ T5919] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  538.453877][ T5919] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  538.458164][ T5919] usb 8-1: Manufacturer: syz
[  538.463211][ T5919] usb 8-1: config 0 descriptor??
[  538.595506][T21326] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6248'.
[  538.746547][ T5919] rc_core: IR keymap rc-hauppauge not found
[  538.749525][ T5919] Registered IR keymap rc-empty
[  538.758022][ T5919] mceusb 8-1:0.0: Error: mce write urb status = -71
[  538.792383][ T5919] mceusb 8-1:0.0: Error: mce write urb status = -71
[  538.809679][ T5919] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0
[  538.816753][ T5919] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0/input23
[  538.836724][ T5919] mceusb 8-1:0.0: Error: mce write urb status = -71
[  538.852246][ T5919] mceusb 8-1:0.0: Error: mce write urb status = -71
[  538.877053][ T5919] mceusb 8-1:0.0: Error: mce write urb status = -71
[  538.895072][ T5919] mceusb 8-1:0.0: Error: mce write urb status = -71
[  538.927822][ T5919] mceusb 8-1:0.0: Error: mce write urb status = -71
[  538.960069][ T5919] mceusb 8-1:0.0: Error: mce write urb status = -71
[  538.982830][ T5919] mceusb 8-1:0.0: Error: mce write urb status = -71
[  539.004447][ T5919] mceusb 8-1:0.0: Error: mce write urb status = -71
[  539.035839][ T5919] mceusb 8-1:0.0: Error: mce write urb status = -71
[  539.058256][ T5919] mceusb 8-1:0.0: Error: mce write urb status = -71
[  539.081695][ T5919] mceusb 8-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  539.085203][ T5919] mceusb 8-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  539.174001][   T10] usb 8-1: USB disconnect, device number 8
[  539.596399][T21361] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6262'.
[  540.100464][T21389] loop7: detected capacity change from 0 to 512
[  540.117337][T21389] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[  540.144997][T21389] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  540.204410][T19550] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  542.313285][T21413] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6286'.
[  545.103991][  T794] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  545.265448][  T794] usb 8-1: Using ep0 maxpacket: 32
[  545.272883][  T794] usb 8-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  545.281342][  T794] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  545.287283][  T794] usb 8-1: Product: syz
[  545.289151][  T794] usb 8-1: Manufacturer: syz
[  545.291149][  T794] usb 8-1: SerialNumber: syz
[  545.300527][  T794] usb 8-1: config 0 descriptor??
[  545.747997][  T794] airspy 8-1:0.0: Board ID: 00
[  545.750013][  T794] airspy 8-1:0.0: Firmware version: 
[  546.412291][  T794] airspy 8-1:0.0: usb_control_msg() failed -71 request 12
[  546.420276][  T794] airspy 8-1:0.0: Registered as swradio24
[  546.422752][  T794] airspy 8-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  546.437490][  T794] usb 8-1: USB disconnect, device number 9
[  546.803623][T21554] netlink: 'syz.2.6347': attribute type 1 has an invalid length.
[  547.082028][T21566] netlink: 'syz.0.6353': attribute type 75 has an invalid length.
[  547.202349][T21574] loop7: detected capacity change from 0 to 2048
[  547.207178][T21574] NILFS (loop7): broken superblock, retrying with spare superblock (blocksize = 1024)
[  547.214133][T21539] udevd[21539]: incorrect nilfs2 checksum on /dev/loop7
[  547.224781][T21539] udevd[21539]: incorrect nilfs2 checksum on /dev/loop7
[  547.226157][T21575] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  547.231607][T21574] syz.7.6357: attempt to access beyond end of device
[  547.231607][T21574] loop7: rw=524288, sector=65534, nr_sectors = 2 limit=2048
[  547.764824][T21595] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  547.779601][T21595] overlayfs: missing 'lowerdir'
[  547.888586][ T5918] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  548.093612][ T5918] usb 8-1: unable to get BOS descriptor or descriptor too short
[  548.099470][ T5918] usb 8-1: config 2 has an invalid interface number: 218 but max is 0
[  548.103140][ T5918] usb 8-1: config 2 has no interface number 0
[  548.107977][ T5918] usb 8-1: config 2 interface 218 has no altsetting 0
[  548.117319][ T5918] usb 8-1: New USB device found, idVendor=0cf3, idProduct=7015, bcdDevice=95.ef
[  548.121024][ T5918] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  548.135404][ T5918] usb 8-1: Product: syz
[  548.137382][ T5918] usb 8-1: Manufacturer: syz
[  548.139386][ T5918] usb 8-1: SerialNumber: syz
[  548.371812][ T5918] usb 8-1: ath9k_htc: Device endpoint numbers are not the expected ones
[  548.383137][ T5918] usb 8-1: USB disconnect, device number 10
[  550.182029][T21688] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6407'.
[  551.057073][T21718] loop7: detected capacity change from 0 to 2048
[  551.090496][T21718] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  551.163120][T21718] EXT4-fs error (device loop7): ext4_find_extent:939: inode #2: comm syz.7.6420: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  551.175382][T21718] EXT4-fs (loop7): Remounting filesystem read-only
[  551.216782][T19550] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  551.330061][T21725] loop7: detected capacity change from 0 to 4096
[  551.344383][T21725] ntfs3(loop7): Different NTFS sector size (1024) and media sector size (512).
[  551.394060][T21725] ntfs3(loop7): Mark volume as dirty due to NTFS errors
[  551.619925][T21743] loop7: detected capacity change from 0 to 8192
[  551.761954][T21755] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6438'.
[  551.777464][T21758] delete_channel: no stack
[  551.784629][T21755] 8021q: adding VLAN 0 to HW filter on device bond2
[  551.805925][T21755] 8021q: adding VLAN 0 to HW filter on device bond2
[  551.809309][T21755] bond2: (slave vcan1): The slave device specified does not support setting the MAC address
[  551.814732][T21755] bond2: (slave vcan1): Error -95 calling set_mac_address
[  551.948067][T21760] loop7: detected capacity change from 0 to 40427
[  551.954571][T21760] F2FS-fs (loop7): build fault injection rate: 14
[  551.968997][T21760] F2FS-fs (loop7): build fault injection type: 0x0
[  551.985645][T21760] F2FS-fs (loop7): invalid crc value
[  552.051177][   T33] audit: type=1326 audit(1758862125.101:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21771 comm="syz.2.6444" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9bbb18ec29 code=0x0
[  552.081454][T21760] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  552.092240][T21760] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  552.169752][T19550] syz-executor: attempt to access beyond end of device
[  552.169752][T19550] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  552.176218][T19550] CPU: 0 UID: 0 PID: 19550 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  552.176235][T19550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  552.176243][T19550] Call Trace:
[  552.176248][T19550]  <TASK>
[  552.176252][T19550]  dump_stack_lvl+0x189/0x250
[  552.176268][T19550]  ? __pfx_dump_stack_lvl+0x10/0x10
[  552.176277][T19550]  ? __pfx_queue_work_on+0x10/0x10
[  552.176285][T19550]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  552.176297][T19550]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  552.176313][T19550]  f2fs_handle_critical_error+0x37c/0x540
[  552.176327][T19550]  f2fs_write_end_io+0x886/0xb60
[  552.176343][T19550]  __submit_merged_bio+0x27a/0x6a0
[  552.176357][T19550]  __submit_merged_write_cond+0x255/0x530
[  552.176371][T19550]  f2fs_write_data_pages+0x261d/0x3000
[  552.176377][T19550]  ? __lock_acquire+0xab9/0xd20
[  552.176402][T19550]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  552.176428][T19550]  ? __mod_zone_page_state+0xd7/0x140
[  552.176442][T19550]  ? folios_put_refs+0x560/0x640
[  552.176455][T19550]  ? __pfx_folios_put_refs+0x10/0x10
[  552.176462][T19550]  ? rcu_is_watching+0x15/0xb0
[  552.176474][T19550]  ? __lock_acquire+0xab9/0xd20
[  552.176491][T19550]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  552.176499][T19550]  do_writepages+0x32e/0x550
[  552.176514][T19550]  ? do_raw_spin_unlock+0x4d/0x240
[  552.176525][T19550]  filemap_fdatawrite+0x199/0x240
[  552.176535][T19550]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  552.176565][T19550]  ? do_raw_spin_unlock+0x4d/0x240
[  552.176576][T19550]  f2fs_sync_dirty_inodes+0x31f/0x830
[  552.176591][T19550]  f2fs_write_checkpoint+0x95a/0x1df0
[  552.176609][T19550]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  552.176638][T19550]  ? kill_f2fs_super+0x298/0x6c0
[  552.176648][T19550]  kill_f2fs_super+0x2c3/0x6c0
[  552.176658][T19550]  ? __pfx_kill_f2fs_super+0x10/0x10
[  552.176665][T19550]  ? radix_tree_delete_item+0x2b6/0x400
[  552.176676][T19550]  ? shrinker_free+0x2ce/0x3e0
[  552.176684][T19550]  deactivate_locked_super+0xbc/0x130
[  552.176725][T19550]  cleanup_mnt+0x425/0x4c0
[  552.176735][T19550]  ? lockdep_hardirqs_on+0x9c/0x150
[  552.176745][T19550]  task_work_run+0x1d4/0x260
[  552.176755][T19550]  ? __pfx_task_work_run+0x10/0x10
[  552.176769][T19550]  ? __x64_sys_umount+0x122/0x160
[  552.176781][T19550]  ? exit_to_user_mode_loop+0x40/0x110
[  552.176792][T19550]  exit_to_user_mode_loop+0xec/0x110
[  552.176802][T19550]  do_syscall_64+0x2bd/0x3b0
[  552.176826][T19550]  ? lockdep_hardirqs_on+0x9c/0x150
[  552.176834][T19550]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.176841][T19550]  ? exc_page_fault+0x9f/0xf0
[  552.176849][T19550]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.176856][T19550] RIP: 0033:0x7faf28f8ff57
[  552.176864][T19550] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  552.176870][T19550] RSP: 002b:00007ffc07897498 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  552.176878][T19550] RAX: 0000000000000000 RBX: 00007faf29011c2d RCX: 00007faf28f8ff57
[  552.176883][T19550] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc07897550
[  552.176887][T19550] RBP: 00007ffc07897550 R08: 0000000000000000 R09: 0000000000000000
[  552.176891][T19550] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc078985e0
[  552.176896][T19550] R13: 00007faf29011c2d R14: 0000000000085606 R15: 00007ffc07898620
[  552.176908][T19550]  </TASK>
[  552.304558][T19550] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  553.177223][T21790] netlink: 'syz.0.6451': attribute type 4 has an invalid length.
[  553.199006][T21790] netlink: 'syz.0.6451': attribute type 4 has an invalid length.
[  554.248637][T21825] RDS: rds_bind could not find a transport for ::ffff:0.0.0.224, load rds_tcp or rds_rdma?
[  554.294604][T21828] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6466'.
[  554.304036][T21828] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6466'.
[  554.307206][T21828] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6466'.
[  554.310860][T21828] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6466'.
[  554.322345][T21828] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6466'.
[  554.711433][T21849] loop7: detected capacity change from 0 to 8192
[  555.189602][   T24] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  555.429527][   T24] usb 8-1: config 0 has an invalid interface number: 133 but max is 0
[  555.433431][   T24] usb 8-1: config 0 has no interface number 0
[  555.436177][   T24] usb 8-1: config 0 interface 133 altsetting 9 endpoint 0x6 has an invalid bInterval 108, changing to 10
[  555.441247][   T24] usb 8-1: config 0 interface 133 altsetting 9 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  555.446301][   T24] usb 8-1: config 0 interface 133 has no altsetting 0
[  555.449286][   T24] usb 8-1: New USB device found, idVendor=0cf3, idProduct=1006, bcdDevice=8e.0a
[  555.453519][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  555.459443][   T24] usb 8-1: config 0 descriptor??
[  555.691307][   T24] usb 8-1: string descriptor 0 read error: -71
[  555.694579][   T24] usb 8-1: ath9k_htc: Device endpoint numbers are not the expected ones
[  555.703604][   T24] usb 8-1: USB disconnect, device number 11
[  556.311709][T21913] netlink: 68 bytes leftover after parsing attributes in process `syz.7.6503'.
[  556.417208][T21918] loop7: detected capacity change from 0 to 4096
[  556.421320][T21918] ntfs3(loop7): Different NTFS sector size (4096) and media sector size (512).
[  556.444635][T21918] ntfs3(loop7): Failed to initialize $Extend/$Reparse.
[  556.730373][T21939] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6516'.
[  556.924783][T21944] loop7: detected capacity change from 0 to 1024
[  557.047911][T21944] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  557.052336][T21944] ext4 filesystem being mounted at /213/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  557.251934][   T33] audit: type=1326 audit(1758862129.725:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21936 comm="syz.7.6515" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf28f8ec29 code=0x7ffc0000
[  557.329024][   T33] audit: type=1326 audit(1758862129.725:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21936 comm="syz.7.6515" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf28f8ec29 code=0x7ffc0000
[  557.339597][   T33] audit: type=1326 audit(1758862129.725:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21936 comm="syz.7.6515" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf28f8ec29 code=0x7ffc0000
[  557.348449][   T33] audit: type=1326 audit(1758862129.725:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21936 comm="syz.7.6515" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf28f8ec29 code=0x7ffc0000
[  557.358194][   T33] audit: type=1326 audit(1758862129.725:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21936 comm="syz.7.6515" exe="/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7faf28f8ec29 code=0x7ffc0000
[  557.371302][   T33] audit: type=1326 audit(1758862129.974:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21936 comm="syz.7.6515" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf28f8ec29 code=0x7ffc0000
[  557.382100][   T33] audit: type=1326 audit(1758862129.974:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21936 comm="syz.7.6515" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf28f8ec29 code=0x7ffc0000
[  557.391693][T21946] netlink: 48 bytes leftover after parsing attributes in process `syz.2.6514'.
[  557.655638][T19550] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  558.065818][T21971] loop7: detected capacity change from 0 to 1764
[  558.111086][T21971] iso9660: Corrupted directory entry in block 2 of inode 1920
[  558.262968][T21986] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6532'.
[  558.374099][T21994] netlink: 'syz.0.6536': attribute type 3 has an invalid length.
[  558.498089][T21999] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6538'.
[  558.701250][T22022] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6547'.
[  558.704647][T22022] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6547'.
[  558.733106][T22024] netlink: 'syz.7.6548': attribute type 15 has an invalid length.
[  559.020424][T22048] loop7: detected capacity change from 0 to 512
[  559.059616][T22052] netlink: 'syz.0.6561': attribute type 2 has an invalid length.
[  559.060409][T22048] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[  559.062813][T22052] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.6561'.
[  559.066036][T22048] EXT4-fs (loop7): mounting ext2 file system using the ext4 subsystem
[  559.084982][T22052] nbd: must specify at least one socket
[  559.088471][T22048] EXT4-fs (loop7): warning: checktime reached, running e2fsck is recommended
[  559.095964][T22048] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[  559.106972][T22048] System zones: 0-2, 18-18, 34-34
[  559.116517][T22048] EXT4-fs error (device loop7): ext4_orphan_get:1392: inode #15: comm syz.7.6560: iget: bad i_size value: 360287970189639680
[  559.133931][T22048] EXT4-fs error (device loop7): ext4_orphan_get:1397: comm syz.7.6560: couldn't read orphan inode 15 (err -117)
[  559.142785][T22048] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  559.305457][T22062] EXT4-fs error (device loop7): ext4_find_dest_de:2052: inode #2: block 3: comm syz.7.6560: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1
[  559.329067][T22062] EXT4-fs error (device loop7): ext4_readdir:264: inode #2: block 3: comm syz.7.6560: path /220/file2: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1
[  560.436828][T19550] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  560.579475][T22083] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6572'.
[  560.658583][T22079] loop7: detected capacity change from 0 to 32768
[  560.701638][T22079] XFS (loop7): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  560.728053][T22079] XFS (loop7): Ending clean mount
[  560.804999][T19550] XFS (loop7): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  561.617981][T22115] loop7: detected capacity change from 0 to 512
[  561.658881][T22115] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  561.688593][T22115] EXT4-fs (loop7): 1 truncate cleaned up
[  561.700261][T22115] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  561.740344][T22115] EXT4-fs error (device loop7): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.7.6582: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  561.755267][T22115] EXT4-fs (loop7): Remounting filesystem read-only
[  561.775704][T19550] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  562.105876][T22144] netlink: 80 bytes leftover after parsing attributes in process `syz.0.6596'.
[  562.408600][T22159] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6603'.
[  562.439530][T22161] overlayfs: failed to clone upperpath
[  563.027561][T22187] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6617'.
[  563.442218][T22202] 9pnet_fd: Insufficient options for proto=fd
[  565.251618][T22241] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6638'.
[  565.257957][T22241] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  565.260929][T22241] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  565.957112][T22251] netlink: 'syz.2.6643': attribute type 21 has an invalid length.
[  565.968084][T22251] netlink: 164 bytes leftover after parsing attributes in process `syz.2.6643'.
[  566.225968][T22262] netlink: 'syz.0.6648': attribute type 11 has an invalid length.
[  566.229121][T22262] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6648'.
[  566.452305][T22269] ip6gre1: entered promiscuous mode
[  566.647452][T22276] netlink: 504 bytes leftover after parsing attributes in process `syz.7.6654'.
[  566.658126][T22278] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6655'.
[  567.578992][T22313] loop7: detected capacity change from 0 to 32768
[  567.609281][T22313] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  567.622447][T22313] XFS (loop7): Ending clean mount
[  567.647603][T19550] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  567.949764][T22324] loop7: detected capacity change from 0 to 32768
[  567.953917][T22324] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.6673 (22324)
[  567.965943][T22324] BTRFS info (device loop7): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  567.971792][T22324] BTRFS info (device loop7): using sha256 (sha256-lib) checksum algorithm
[  568.029305][T22324] BTRFS info (device loop7): enabling ssd optimizations
[  568.031633][T22324] BTRFS info (device loop7): enabling free space tree
[  568.052951][T19550] BTRFS info (device loop7): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  569.772413][T22384] 9pnet_fd: Insufficient options for proto=fd
[  569.773567][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  569.813120][   T33] audit: type=1326 audit(1758862141.493:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22387 comm="syz.0.6695" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f253398ec29 code=0x0
[  570.214231][T22413] netlink: 280 bytes leftover after parsing attributes in process `syz.2.6707'.
[  571.366120][T22452] netlink: 'syz.2.6725': attribute type 10 has an invalid length.
[  571.377359][T22452] 8021q: adding VLAN 0 to HW filter on device team0
[  571.382462][T22452] .`: (slave team0): Enslaving as an active interface with an up link
[  571.414678][T22454] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6726'.
[  572.315998][T22498] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6747'.
[  572.671160][T22508] netlink: 'syz.7.6750': attribute type 39 has an invalid length.
[  572.792209][T22512] netlink: 'syz.0.6751': attribute type 30 has an invalid length.
[  572.881909][T22517] netlink: 64 bytes leftover after parsing attributes in process `syz.7.6753'.
[  573.239413][   T24] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  573.412776][   T24] usb 8-1: Using ep0 maxpacket: 8
[  573.416681][   T24] usb 8-1: config 0 has an invalid interface number: 74 but max is 0
[  573.423491][   T24] usb 8-1: config 0 has no interface number 0
[  573.428537][   T24] usb 8-1: New USB device found, idVendor=0403, idProduct=da72, bcdDevice=e2.e8
[  573.434472][   T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  573.445115][   T24] usb 8-1: Product: syz
[  573.446952][   T24] usb 8-1: Manufacturer: syz
[  573.449030][   T24] usb 8-1: SerialNumber: syz
[  573.453706][   T24] usb 8-1: config 0 descriptor??
[  573.683814][   T24] usb 8-1: NDI device with a latency value of 1
[  573.686696][   T24] ftdi_sio 8-1:0.74: FTDI USB Serial Device converter detected
[  573.693455][   T24] ftdi_sio ttyUSB0: unknown device type: 0xe2e8
[  573.702951][   T24] usb 8-1: USB disconnect, device number 12
[  573.720559][   T24] ftdi_sio 8-1:0.74: device disconnected
[  574.433426][T22568] overlayfs: failed to clone lowerpath
[  574.448234][T22556] loop7: detected capacity change from 0 to 32768
[  574.491336][T22556] XFS (loop7): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  574.509873][T22582] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6780'.
[  574.530362][T22556] XFS (loop7): Ending clean mount
[  574.587359][T19550] XFS (loop7): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  574.632785][T22592] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6785'.
[  574.931648][T22616] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6796'.
[  574.978305][T22618] wg1: entered promiscuous mode
[  574.979946][T22618] wg1: entered allmulticast mode
[  575.051131][T22620] tipc: Started in network mode
[  575.053192][T22620] tipc: Node identity ac14140f, cluster identity 4711
[  575.062782][T22620] tipc: New replicast peer: 255.255.255.255
[  575.065469][T22620] tipc: Enabled bearer <udp:syz2>, priority 10
[  575.069818][T22620] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6798'.
[  575.083535][T22620] tipc: Disabling bearer <udp:syz2>
[  575.119645][T22614] loop7: detected capacity change from 0 to 32768
[  575.166550][T22629] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6801'.
[  575.170730][T22614] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  575.221778][T22614] XFS (loop7): Ending clean mount
[  575.226936][T22614] XFS (loop7): Quotacheck needed: Please wait.
[  575.269940][T22614] XFS (loop7): Quotacheck: Done.
[  575.297647][T19550] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  575.337279][T22644] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6804'.
[  575.497475][T22650] loop7: detected capacity change from 0 to 1024
[  575.555236][ T9245] hfsplus: b-tree write err: -5, ino 4
[  575.612852][T22657] tap0: tun_chr_ioctl cmd 2147767521
[  575.900458][T22670] loop7: detected capacity change from 0 to 32768
[  575.910215][T22670] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.6816 (22670)
[  575.929531][T22670] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  575.932985][T22670] BTRFS info (device loop7): using crc32c (crc32c-lib) checksum algorithm
[  576.070080][T22670] BTRFS info (device loop7): setting nodatasum
[  576.077955][T22670] BTRFS info (device loop7): setting nodatacow
[  576.080156][T22670] BTRFS info (device loop7): enabling free space tree
[  576.082506][T22670] BTRFS info (device loop7): max_inline set to 0
[  576.142624][T19550] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  576.467250][T22703] syz_tun: entered allmulticast mode
[  576.734357][T22701] syz_tun: left allmulticast mode
[  577.098116][T22728] __nla_validate_parse: 1 callbacks suppressed
[  577.098131][T22728] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6834'.
[  577.187202][T22735] IPVS: set_ctl: invalid protocol: 29 0.0.0.0:20000
[  578.488857][   T33] audit: type=1326 audit(1758862149.505:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22767 comm="syz.2.6854" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bbb18ec29 code=0x7ffc0000
[  578.515978][   T33] audit: type=1326 audit(1758862149.514:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22767 comm="syz.2.6854" exe="/syz-executor" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7f9bbb18ec29 code=0x7ffc0000
[  578.524828][   T33] audit: type=1326 audit(1758862149.514:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22767 comm="syz.2.6854" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bbb18ec29 code=0x7ffc0000
[  578.645186][T22780] overlayfs: failed to clone upperpath
[  579.649399][ T5236] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  580.490388][T22834] loop7: detected capacity change from 0 to 32768
[  580.498855][T22834] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.6880 (22834)
[  580.514754][T22834] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  580.518069][T22834] BTRFS info (device loop7): using crc32c (crc32c-lib) checksum algorithm
[  580.849335][T22834] BTRFS info (device loop7): enabling ssd optimizations
[  580.852301][T22834] BTRFS info (device loop7): enabling free space tree
[  580.882707][T19550] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  581.546625][T22879] sctp: [Deprecated]: syz.2.6892 (pid 22879) Use of int in max_burst socket option deprecated.
[  581.546625][T22879] Use struct sctp_assoc_value instead
[  581.994598][T22916] openvswitch: netlink: IPv4 tun info is not correct
[  583.443235][T22959] overlayfs: failed to clone upperpath
[  583.604699][T22961] loop7: detected capacity change from 0 to 128
[  583.625159][T22961] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  583.635674][T22961] ext4 filesystem being mounted at /298/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  583.680905][T19550] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  583.728377][T22969] loop7: detected capacity change from 0 to 8
[  583.731960][T22969] squashfs: Unknown parameter 'euid>00000000000000060928/2㝆~?]'
[  584.005075][T22969] loop7: detected capacity change from 0 to 32768
[  584.150738][T22969] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  584.199221][T22969] XFS (loop7): Ending clean mount
[  584.242392][T19550] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  584.470764][T23010] overlayfs: failed to clone upperpath
[  584.488599][T23014] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  584.490857][T23014] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  584.493047][T23014] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  584.495300][T23014] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  584.503604][T23014] comedi comedi3: 8255: I/O port conflict (0xb,4)
[  585.121944][T23039] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6961'.
[  585.136280][T23039] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6961'.
[  585.173060][T23045] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  585.245281][   T33] audit: type=1326 audit(1758862155.744:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23052 comm="syz.0.6968" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x0
[  588.266121][T23117] loop7: detected capacity change from 0 to 32768
[  588.281797][T23117] ocfs2: Slot 0 on device (7,7) was already allocated to this node!
[  588.297716][T23117] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  588.446460][T19550] ocfs2: Unmounting device (7,7) on (node local)
[  588.609398][T23134] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  588.816105][  T793] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[  588.840892][  T793] hid-generic 0000:0000:0000.0012: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  588.945867][T23154] IPv6: Can't replace route, no match found
[  589.837527][ T5919] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  590.011190][ T5919] usb 8-1: Using ep0 maxpacket: 8
[  590.017780][ T5919] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 7
[  590.034584][ T5919] usb 8-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  590.038244][ T5919] usb 8-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  590.041470][ T5919] usb 8-1: Product: syz
[  590.049053][ T5919] usb 8-1: Manufacturer: syz
[  590.051027][ T5919] usb 8-1: SerialNumber: syz
[  590.291854][ T5919] usb 8-1: palm_os_3_probe - error -71 getting connection information
[  590.301887][ T5919] visor 8-1:1.0: probe with driver visor failed with error -71
[  590.317164][ T5919] usb 8-1: USB disconnect, device number 13
[  590.387734][   T33] audit: type=1326 audit(1758862160.489:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23196 comm="syz.2.7031" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9bbb18ec29 code=0x0
[  591.208993][T23208] loop7: detected capacity change from 0 to 32768
[  591.216428][T23208] XFS (loop7): invalid logbufsize: 13312 [not 16k,32k,64k,128k or 256k]
[  591.679478][T23242] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.7052'.
[  591.746584][T23244] xt_HMARK: spi-set and port-set can't be combined
[  592.960892][T23273] mac80211_hwsim hwsim17 wlan1: entered allmulticast mode
[  592.993328][T23273] bridge_slave_0: left allmulticast mode
[  592.995334][T23273] bridge_slave_0: left promiscuous mode
[  592.997588][T23273] bridge0: port 1(bridge_slave_0) entered disabled state
[  593.008565][T23273] bridge_slave_1: left allmulticast mode
[  593.011033][T23273] bridge_slave_1: left promiscuous mode
[  593.016593][T23273] bridge0: port 2(bridge_slave_1) entered disabled state
[  593.027832][T23273] bond0: (slave bond_slave_0): Releasing backup interface
[  593.034894][T23273] bond0: (slave bond_slave_1): Releasing backup interface
[  593.043272][T23273] team0: Port device team_slave_0 removed
[  593.052442][T23273] team0: Port device team_slave_1 removed
[  593.054842][T23273] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  593.060072][T23273] batman_adv: batadv0: Removing interface: batadv_slave_0
[  593.064791][T23273] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  593.068576][T23273] batman_adv: batadv0: Removing interface: batadv_slave_1
[  593.981298][T23282] loop7: detected capacity change from 0 to 40427
[  593.985253][T23282] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  593.993578][T23282] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  594.004707][T23282] F2FS-fs (loop7): invalid crc value
[  594.116164][T23282] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  594.124990][T23282] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  594.132512][T23282] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  594.744041][T23321] loop7: detected capacity change from 0 to 32768
[  594.756989][T23321] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.7083 (23321)
[  594.775319][T23321] BTRFS info (device loop7): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  594.784585][T23321] BTRFS info (device loop7): using sha256 (sha256-lib) checksum algorithm
[  594.817747][   T33] audit: type=1800 audit(1758862164.578:186): pid=23339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.7090" name="nullb0" dev="tmpfs" ino=10465 res=0 errno=0
[  594.899323][T23321] BTRFS info (device loop7): enabling ssd optimizations
[  594.905242][T23321] BTRFS info (device loop7): enabling free space tree
[  594.999970][T19550] BTRFS info (device loop7): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  596.682895][T23416] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7117'.
[  597.167326][T23437] netlink: 14 bytes leftover after parsing attributes in process `syz.0.7126'.
[  597.249820][T23442] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7129'.
[  597.626446][T23455] netlink: 104 bytes leftover after parsing attributes in process `syz.2.7134'.
[  598.002088][T23461] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7135'.
[  599.418779][T23483] loop7: detected capacity change from 0 to 32768
[  599.422115][T23483] XFS: ikeep mount option is deprecated.
[  599.424517][T23483] XFS: ikeep mount option is deprecated.
[  599.431985][T23483] XFS: noikeep mount option is deprecated.
[  599.493802][T23483] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  599.535413][T23483] XFS (loop7): Ending clean mount
[  599.569494][T19550] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  600.500761][T23538] netlink: 'syz.7.7169': attribute type 1 has an invalid length.
[  600.538121][T23538] bond1: (slave vti0): The slave device specified does not support setting the MAC address
[  600.545681][T23538] bond1: (slave vti0): Setting fail_over_mac to active for active-backup mode
[  600.553012][T23538] bond1: (slave vti0): making interface the new active one
[  600.556400][T23538] bond1: (slave vti0): Enslaving as an active interface with an up link
[  600.680229][   T33] audit: type=1326 audit(1758862169.986:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23548 comm="syz.7.7174" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf28f8ec29 code=0x7ffc0000
[  600.705872][   T33] audit: type=1326 audit(1758862169.986:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23548 comm="syz.7.7174" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf28f8ec29 code=0x7ffc0000
[  600.734796][   T33] audit: type=1326 audit(1758862169.996:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23548 comm="syz.7.7174" exe="/syz-executor" sig=0 arch=c000003e syscall=279 compat=0 ip=0x7faf28f8ec29 code=0x7ffc0000
[  600.745943][   T33] audit: type=1326 audit(1758862169.996:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23548 comm="syz.7.7174" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf28f8ec29 code=0x7ffc0000
[  600.761506][   T33] audit: type=1326 audit(1758862169.996:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23548 comm="syz.7.7174" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf28f8ec29 code=0x7ffc0000
[  602.787320][T23613] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7202'.
[  602.887868][T23620] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7206'.
[  603.008822][T23626] sch_tbf: burst 19869 is lower than device lo mtu (11337746) !
[  604.267082][T23666] netlink: 'syz.2.7226': attribute type 25 has an invalid length.
[  604.270851][T23666] netlink: 'syz.2.7226': attribute type 8 has an invalid length.
[  605.400929][T23711] ptrace attach of "/syz-executor exec"[5852] was attempted by "\x22"[23711]
[  605.439751][T23717] overlayfs: failed to clone upperpath
[  605.682671][T23734] CIFS: iocharset name too long
[  607.045022][T23770] netlink: 'syz.7.7271': attribute type 5 has an invalid length.
[  607.048479][T23770] netlink: 176 bytes leftover after parsing attributes in process `syz.7.7271'.
[  607.175388][T23780] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7276'.
[  607.586539][T23796] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  608.351382][T23805] batadv_slave_0: entered promiscuous mode
[  608.354686][T23805] batadv_slave_0: entered allmulticast mode
[  608.360353][T23805] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[  608.788820][T23828] 9pnet_fd: p9_fd_create_unix (23828): problem connecting socket: qY3aK: -111
[  608.912661][   T33] audit: type=1326 audit(1758862177.583:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23837 comm="syz.0.7302" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  608.922209][   T33] audit: type=1326 audit(1758862177.583:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23837 comm="syz.0.7302" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  608.932723][   T33] audit: type=1326 audit(1758862177.583:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23837 comm="syz.0.7302" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  608.940732][   T33] audit: type=1326 audit(1758862177.583:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23837 comm="syz.0.7302" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  608.948471][   T33] audit: type=1326 audit(1758862177.583:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23837 comm="syz.0.7302" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  608.957191][   T33] audit: type=1326 audit(1758862177.610:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23837 comm="syz.0.7302" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  608.965445][   T33] audit: type=1326 audit(1758862177.610:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23837 comm="syz.0.7302" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  608.974007][   T33] audit: type=1326 audit(1758862177.610:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23837 comm="syz.0.7302" exe="/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  608.981461][   T33] audit: type=1326 audit(1758862177.610:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23837 comm="syz.0.7302" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  608.988662][   T33] audit: type=1326 audit(1758862177.610:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23837 comm="syz.0.7302" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x7ffc0000
[  609.032231][T23842] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[  609.467241][T23851] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7308'.
[  609.852447][T23869] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  609.856568][T23869] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  611.759586][T23907] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7332'.
[  612.117119][T23940] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7346'.
[  612.204097][T23946] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7349'.
[  612.324233][T23952] overlayfs: failed to clone upperpath
[  613.655239][T23989] netlink: 72 bytes leftover after parsing attributes in process `syz.2.7368'.
[  613.950531][T24009] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  613.956363][T24009] overlayfs: failed to set xattr on upper
[  613.960443][T24009] overlayfs: ...falling back to redirect_dir=nofollow.
[  613.963408][T24009] overlayfs: ...falling back to index=off.
[  613.965981][T24009] overlayfs: ...falling back to uuid=null.
[  615.062481][T24039] macvtap0: refused to change device tx_queue_len
[  615.099304][T24043] tmpfs: Bad value for 'mpol'
[  615.221205][T24051] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7394'.
[  615.229447][T24051] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7394'.
[  615.705850][T24081] program syz.7.7410 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  616.353947][T24095] overlayfs: conflicting options: userxattr,redirect_dir=follow
[  616.380661][T24097] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  616.533679][T24107] libceph: resolve '400' (ret=-3): failed
[  616.658563][T24101] loop7: detected capacity change from 0 to 32768
[  616.663797][T24101] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.7418 (24101)
[  616.678751][T24101] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  616.687050][T24101] BTRFS info (device loop7): using crc32c (crc32c-lib) checksum algorithm
[  616.691705][T24101] BTRFS error (device loop7): ignoresuperflags must be used with ro mount option
[  616.694845][T24101] BTRFS error (device loop7): open_ctree failed: -22
[  616.942609][T24130] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7429'.
[  618.259651][T24164] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7442'.
[  618.517964][T24168] netlink: 'syz.0.7444': attribute type 1 has an invalid length.
[  619.043372][T24196] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7458'.
[  621.051861][   T33] audit: type=1326 audit(1758862188.797:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24208 comm="syz.0.7463" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f253398ec29 code=0x0
[  621.076949][T24211] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7464'.
[  621.080911][T24211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7464'.
[  621.085765][T24211] netlink: 'syz.2.7464': attribute type 6 has an invalid length.
[  621.090557][T24211] netlink: 'syz.2.7464': attribute type 5 has an invalid length.
[  621.161519][T24219] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7468'.
[  621.178852][T24219] netlink: 'syz.2.7468': attribute type 3 has an invalid length.
[  621.355995][T24233] loop7: detected capacity change from 0 to 1024
[  621.392469][ T9262] hfsplus: b-tree write err: -5, ino 4
[  621.438119][T24239] netlink: 'syz.7.7478': attribute type 1 has an invalid length.
[  621.863891][ T5860] Bluetooth: hci1: command 0x0406 tx timeout
[  622.052893][T24252] loop7: detected capacity change from 0 to 32768
[  622.401547][T24277] loop7: detected capacity change from 0 to 256
[  622.596115][T24287] 9pnet_fd: Insufficient options for proto=fd
[  622.737644][T24291] netlink: 24 bytes leftover after parsing attributes in process `syz.7.7502'.
[  622.744286][T24291] netlink: 24 bytes leftover after parsing attributes in process `syz.7.7502'.
[  622.953389][T24301] netlink: 'syz.0.7506': attribute type 20 has an invalid length.
[  622.958635][T24301] IPv6: NLM_F_CREATE should be specified when creating new route
[  622.964561][T24301] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  622.967805][T24301] IPv6: NLM_F_CREATE should be set when creating new route
[  623.542446][T24324] netlink: 'syz.2.7516': attribute type 4 has an invalid length.
[  623.545958][T24323] ==================================================================
[  623.548915][T24323] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x2cf2/0x5400
[  623.550194][T24324] netlink: 'syz.2.7516': attribute type 4 has an invalid length.
[  623.552127][T24323] Read of size 1 at addr ffff88803f0387b0 by task syz.0.7517/24323
[  623.559078][T24323] 
[  623.560077][T24323] CPU: 1 UID: 0 PID: 24323 Comm: syz.0.7517 Not tainted syzkaller #0 PREEMPT(full) 
[  623.560092][T24323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  623.560100][T24323] Call Trace:
[  623.560106][T24323]  <TASK>
[  623.560110][T24323]  dump_stack_lvl+0x189/0x250
[  623.560128][T24323]  ? __kasan_check_byte+0x12/0x40
[  623.560146][T24323]  ? __pfx_dump_stack_lvl+0x10/0x10
[  623.560161][T24323]  ? lock_release+0x4b/0x3e0
[  623.560180][T24323]  ? __virt_addr_valid+0x4a5/0x5c0
[  623.560198][T24323]  print_report+0xca/0x240
[  623.560209][T24323]  ? xfrm_state_find+0x2cf2/0x5400
[  623.560224][T24323]  kasan_report+0x118/0x150
[  623.560238][T24323]  ? xfrm_state_find+0x2cf2/0x5400
[  623.560253][T24323]  xfrm_state_find+0x2cf2/0x5400
[  623.560271][T24323]  ? xfrm_state_find+0x1da/0x5400
[  623.560287][T24323]  ? __pfx_xfrm_state_find+0x10/0x10
[  623.560305][T24323]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  623.560353][T24323]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  623.560371][T24323]  ? xfrm_policy_lookup_bytype+0x123/0x1250
[  623.560386][T24323]  ? xfrm_policy_lookup_bytype+0x11ef/0x1250
[  623.560411][T24323]  ? xfrm_expand_policies+0x41f/0x6a0
[  623.560430][T24323]  xfrm_lookup_with_ifid+0x58a/0x1a70
[  623.560449][T24323]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  623.560468][T24323]  xfrm_lookup_route+0x3c/0x1c0
[  623.560482][T24323]  ? sctp_v6_get_dst+0x57e/0x1bc0
[  623.560494][T24323]  sctp_v6_get_dst+0x7cc/0x1bc0
[  623.560505][T24323]  ? crng_make_state+0x13a/0x700
[  623.560518][T24323]  ? __pfx_crng_make_state+0x10/0x10
[  623.560534][T24323]  ? __pfx_sctp_v6_get_dst+0x10/0x10
[  623.560544][T24323]  ? __asan_memset+0x22/0x50
[  623.560562][T24323]  ? dst_release+0x72/0x1b0
[  623.560578][T24323]  sctp_transport_route+0x118/0x2f0
[  623.560595][T24323]  sctp_assoc_add_peer+0x657/0x13b0
[  623.560611][T24323]  sctp_connect_new_asoc+0x30a/0x690
[  623.560626][T24323]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  623.560645][T24323]  ? __local_bh_enable_ip+0x12d/0x1c0
[  623.560659][T24323]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  623.560673][T24323]  ? security_sctp_bind_connect+0x7e/0x2e0
[  623.560688][T24323]  sctp_sendmsg+0x155c/0x2810
[  623.560706][T24323]  ? __pfx_sctp_sendmsg+0x10/0x10
[  623.560718][T24323]  ? aa_sk_perm+0x81e/0x950
[  623.560737][T24323]  ? __pfx_aa_sk_perm+0x10/0x10
[  623.560751][T24323]  ? sock_rps_record_flow+0x19/0x410
[  623.560769][T24323]  ? inet_sendmsg+0x2f4/0x370
[  623.560782][T24323]  __sock_sendmsg+0x19c/0x270
[  623.560798][T24323]  __sys_sendto+0x3bd/0x520
[  623.560811][T24323]  ? __pfx___sys_sendto+0x10/0x10
[  623.560821][T24323]  ? do_futex+0x333/0x420
[  623.560842][T24323]  ? rcu_is_watching+0x15/0xb0
[  623.560854][T24323]  __x64_sys_sendto+0xde/0x100
[  623.560866][T24323]  do_syscall_64+0xfa/0x3b0
[  623.560879][T24323]  ? lockdep_hardirqs_on+0x9c/0x150
[  623.560889][T24323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  623.560900][T24323]  ? exc_page_fault+0x9f/0xf0
[  623.560911][T24323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  623.560921][T24323] RIP: 0033:0x7f253398ec29
[  623.560931][T24323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  623.560941][T24323] RSP: 002b:00007f25348db038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  623.560953][T24323] RAX: ffffffffffffffda RBX: 00007f2533bd5fa0 RCX: 00007f253398ec29
[  623.560961][T24323] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003
[  623.560969][T24323] RBP: 00007f2533a11e41 R08: 0000200000000080 R09: 000000000000001c
[  623.560975][T24323] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000000
[  623.560982][T24323] R13: 00007f2533bd6038 R14: 00007f2533bd5fa0 R15: 00007ffce2b26ff8
[  623.560993][T24323]  </TASK>
[  623.560996][T24323] 
[  623.704353][T24323] Allocated by task 20658:
[  623.706142][T24323]  kasan_save_track+0x3e/0x80
[  623.707725][T24323]  __kasan_slab_alloc+0x6c/0x80
[  623.709293][T24323]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  623.711051][T24323]  xfrm_state_alloc+0x24/0x2f0
[  623.712667][T24323]  __find_acq_core+0x8a7/0x1c00
[  623.714236][T24323]  xfrm_find_acq+0x78/0xa0
[  623.715646][T24323]  xfrm_alloc_userspi+0x6b3/0xc90
[  623.717392][T24323]  xfrm_user_rcv_msg+0x7a3/0xab0
[  623.719396][T24323]  netlink_rcv_skb+0x208/0x470
[  623.721102][T24323]  xfrm_netlink_rcv+0x79/0x90
[  623.722721][T24323]  netlink_unicast+0x82f/0x9e0
[  623.724567][T24323]  netlink_sendmsg+0x805/0xb30
[  623.726342][T24323]  __sock_sendmsg+0x21c/0x270
[  623.728186][T24323]  ____sys_sendmsg+0x505/0x830
[  623.730225][T24323]  ___sys_sendmsg+0x21f/0x2a0
[  623.732186][T24323]  __x64_sys_sendmsg+0x19b/0x260
[  623.734222][T24323]  do_syscall_64+0xfa/0x3b0
[  623.736261][T24323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  623.738402][T24323] 
[  623.739252][T24323] Freed by task 5918:
[  623.740674][T24323]  kasan_save_track+0x3e/0x80
[  623.742185][T24323]  kasan_save_free_info+0x46/0x50
[  623.743884][T24323]  __kasan_slab_free+0x5b/0x80
[  623.745707][T24323]  kmem_cache_free+0x18f/0x400
[  623.747718][T24323]  xfrm_state_gc_task+0x52d/0x6b0
[  623.749807][T24323]  process_scheduled_works+0xae1/0x17b0
[  623.752101][T24323]  worker_thread+0x8a0/0xda0
[  623.754024][T24323]  kthread+0x711/0x8a0
[  623.755738][T24323]  ret_from_fork+0x439/0x7d0
[  623.757651][T24323]  ret_from_fork_asm+0x1a/0x30
[  623.759348][T24323] 
[  623.760289][T24323] The buggy address belongs to the object at ffff88803f038480
[  623.760289][T24323]  which belongs to the cache xfrm_state of size 928
[  623.765009][T24323] The buggy address is located 816 bytes inside of
[  623.765009][T24323]  freed 928-byte region [ffff88803f038480, ffff88803f038820)
[  623.769474][T24323] 
[  623.770284][T24323] The buggy address belongs to the physical page:
[  623.772451][T24323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803f038480 pfn:0x3f038
[  623.775731][T24323] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  623.778495][T24323] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  623.780951][T24323] page_type: f5(slab)
[  623.782281][T24323] raw: 00fff00000000040 ffff888104ec7640 dead000000000122 0000000000000000
[  623.785019][T24323] raw: ffff88803f038480 00000000800e0004 00000000f5000000 0000000000000000
[  623.787901][T24323] head: 00fff00000000040 ffff888104ec7640 dead000000000122 0000000000000000
[  623.790760][T24323] head: ffff88803f038480 00000000800e0004 00000000f5000000 0000000000000000
[  623.793557][T24323] head: 00fff00000000002 ffffea0000fc0e01 00000000ffffffff 00000000ffffffff
[  623.796314][T24323] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  623.799520][T24323] page dumped because: kasan: bad access detected
[  623.801763][T24323] page_owner tracks the page as allocated
[  623.803823][T24323] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7158, tgid 7157 (syz.3.461), ts 119871590817, free_ts 119675266637
[  623.810427][T24323]  post_alloc_hook+0x240/0x2a0
[  623.812018][T24323]  get_page_from_freelist+0x21e4/0x22c0
[  623.813878][T24323]  __alloc_frozen_pages_noprof+0x181/0x370
[  623.815815][T24323]  alloc_pages_mpol+0x232/0x4a0
[  623.817446][T24323]  allocate_slab+0x8a/0x370
[  623.819134][T24323]  ___slab_alloc+0xbeb/0x1420
[  623.820832][T24323]  kmem_cache_alloc_noprof+0x283/0x3c0
[  623.822824][T24323]  xfrm_state_alloc+0x24/0x2f0
[  623.824456][T24323]  xfrm_state_find+0x37d4/0x5400
[  623.826106][T24323]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  623.828160][T24323]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  623.829960][T24323]  xfrm_lookup_route+0x3c/0x1c0
[  623.831751][T24323]  rawv6_sendmsg+0xdab/0x1820
[  623.833583][T24323]  __sock_sendmsg+0x19c/0x270
[  623.835342][T24323]  ____sys_sendmsg+0x52d/0x830
[  623.837061][T24323]  ___sys_sendmsg+0x21f/0x2a0
[  623.838728][T24323] page last free pid 7153 tgid 7153 stack trace:
[  623.840880][T24323]  __free_frozen_pages+0xbc4/0xd30
[  623.842681][T24323]  stack_depot_save_flags+0x436/0x860
[  623.844502][T24323]  ref_tracker_free+0xfe/0x7d0
[  623.846092][T24323]  __qdisc_destroy+0x1ba/0x420
[  623.847705][T24323]  multiq_destroy+0xe7/0x1a0
[  623.849256][T24323]  __qdisc_destroy+0x153/0x420
[  623.850868][T24323]  dev_shutdown+0x34c/0x440
[  623.852424][T24323]  unregister_netdevice_many_notify+0xe0f/0x1ff0
[  623.854625][T24323]  unregister_netdevice_queue+0x33c/0x380
[  623.856561][T24323]  __tun_detach+0xda4/0x1560
[  623.858159][T24323]  tun_chr_close+0x10a/0x1c0
[  623.859800][T24323]  __fput+0x44c/0xa70
[  623.861155][T24323]  task_work_run+0x1d4/0x260
[  623.862746][T24323]  exit_to_user_mode_loop+0xec/0x110
[  623.864512][T24323]  do_syscall_64+0x2bd/0x3b0
[  623.866188][T24323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  623.868619][T24323] 
[  623.869482][T24323] Memory state around the buggy address:
[  623.871340][T24323]  ffff88803f038680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  623.873955][T24323]  ffff88803f038700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  623.876969][T24323] >ffff88803f038780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  623.879762][T24323]                                      ^
[  623.881982][T24323]  ffff88803f038800: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  623.885177][T24323]  ffff88803f038880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  623.887833][T24323] ==================================================================
[  623.895482][T24323] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  623.897947][T24323] CPU: 0 UID: 0 PID: 24323 Comm: syz.0.7517 Not tainted syzkaller #0 PREEMPT(full) 
[  623.901137][T24323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  623.904502][T24323] Call Trace:
[  623.905639][T24323]  <TASK>
[  623.906634][T24323]  dump_stack_lvl+0x99/0x250
[  623.908203][T24323]  ? __asan_memcpy+0x40/0x70
[  623.909763][T24323]  ? __pfx_dump_stack_lvl+0x10/0x10
[  623.911485][T24323]  ? __pfx__printk+0x10/0x10
[  623.913010][T24323]  vpanic+0x281/0x750
[  623.914259][T24323]  ? preempt_schedule+0xae/0xc0
[  623.915877][T24323]  ? __pfx_vpanic+0x10/0x10
[  623.917387][T24323]  ? preempt_schedule_common+0x83/0xd0
[  623.919171][T24323]  ? preempt_schedule+0xae/0xc0
[  623.920820][T24323]  ? __pfx_preempt_schedule+0x10/0x10
[  623.922653][T24323]  panic+0xb9/0xc0
[  623.924245][T24323]  ? __pfx_panic+0x10/0x10
[  623.925782][T24323]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  623.927727][T24323]  ? xfrm_state_find+0x2cf2/0x5400
[  623.929386][T24323]  check_panic_on_warn+0x89/0xb0
[  623.931252][T24323]  ? xfrm_state_find+0x2cf2/0x5400
[  623.933043][T24323]  end_report+0x78/0x160
[  623.934461][T24323]  kasan_report+0x129/0x150
[  623.935913][T24323]  ? xfrm_state_find+0x2cf2/0x5400
[  623.937846][T24323]  xfrm_state_find+0x2cf2/0x5400
[  623.939717][T24323]  ? xfrm_state_find+0x1da/0x5400
[  623.941736][T24323]  ? __pfx_xfrm_state_find+0x10/0x10
[  623.944105][T24323]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  623.946112][T24323]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  623.948295][T24323]  ? xfrm_policy_lookup_bytype+0x123/0x1250
[  623.950192][T24323]  ? xfrm_policy_lookup_bytype+0x11ef/0x1250
[  623.952160][T24323]  ? xfrm_expand_policies+0x41f/0x6a0
[  623.953970][T24323]  xfrm_lookup_with_ifid+0x58a/0x1a70
[  623.955792][T24323]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  623.957743][T24323]  xfrm_lookup_route+0x3c/0x1c0
[  623.959398][T24323]  ? sctp_v6_get_dst+0x57e/0x1bc0
[  623.961069][T24323]  sctp_v6_get_dst+0x7cc/0x1bc0
[  623.962794][T24323]  ? crng_make_state+0x13a/0x700
[  623.964468][T24323]  ? __pfx_crng_make_state+0x10/0x10
[  623.966221][T24323]  ? __pfx_sctp_v6_get_dst+0x10/0x10
[  623.968051][T24323]  ? __asan_memset+0x22/0x50
[  623.969641][T24323]  ? dst_release+0x72/0x1b0
[  623.971199][T24323]  sctp_transport_route+0x118/0x2f0
[  623.972996][T24323]  sctp_assoc_add_peer+0x657/0x13b0
[  623.974944][T24323]  sctp_connect_new_asoc+0x30a/0x690
[  623.976727][T24323]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  623.978713][T24323]  ? __local_bh_enable_ip+0x12d/0x1c0
[  623.980549][T24323]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  623.982429][T24323]  ? security_sctp_bind_connect+0x7e/0x2e0
[  623.984775][T24323]  sctp_sendmsg+0x155c/0x2810
[  623.986373][T24323]  ? __pfx_sctp_sendmsg+0x10/0x10
[  623.988088][T24323]  ? aa_sk_perm+0x81e/0x950
[  623.989680][T24323]  ? __pfx_aa_sk_perm+0x10/0x10
[  623.991527][T24323]  ? sock_rps_record_flow+0x19/0x410
[  623.993478][T24323]  ? inet_sendmsg+0x2f4/0x370
[  623.995162][T24323]  __sock_sendmsg+0x19c/0x270
[  623.996814][T24323]  __sys_sendto+0x3bd/0x520
[  623.998347][T24323]  ? __pfx___sys_sendto+0x10/0x10
[  624.000120][T24323]  ? do_futex+0x333/0x420
[  624.001619][T24323]  ? rcu_is_watching+0x15/0xb0
[  624.003314][T24323]  __x64_sys_sendto+0xde/0x100
[  624.005084][T24323]  do_syscall_64+0xfa/0x3b0
[  624.006657][T24323]  ? lockdep_hardirqs_on+0x9c/0x150
[  624.008545][T24323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.010623][T24323]  ? exc_page_fault+0x9f/0xf0
[  624.012203][T24323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.014528][T24323] RIP: 0033:0x7f253398ec29
[  624.016046][T24323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  624.022555][T24323] RSP: 002b:00007f25348db038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  624.025407][T24323] RAX: ffffffffffffffda RBX: 00007f2533bd5fa0 RCX: 00007f253398ec29
[  624.028027][T24323] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003
[  624.030691][T24323] RBP: 00007f2533a11e41 R08: 0000200000000080 R09: 000000000000001c
[  624.033635][T24323] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000000
[  624.036908][T24323] R13: 00007f2533bd6038 R14: 00007f2533bd5fa0 R15: 00007ffce2b26ff8
[  624.039577][T24323]  </TASK>
[  624.041349][T24323] Kernel Offset: disabled
[  624.042830][T24323] Rebooting in 86400 seconds..

VM DIAGNOSIS:
04:37:14  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000073 RBX=0000000000000073 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000017e76 RDI=0000000000017e77 RBP=00000000000003f8 RSP=ffffc9000461e7f0
R8 =ffff88801f648237 R9 =1ffff11003ec9046 R10=dffffc0000000000 R11=ffffffff854fada0
R12=dffffc0000000000 R13=ffffffff99b03902 R14=ffffffff99df8460 R15=0000000000000000
RIP=ffffffff854fae1c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f9bbc1036c0 ffffffff 00c00000
GS =0000 ffff8880b8612000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32d1eff8 CR3=000000003a106000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f9bbb3a7498 00007f9bbb3a7470 XMM03=00007f9bbb3a74a8 00007f9bbb3a74a0
XMM04=00007f9bbbf0d100 00007f9bbb3a7460 XMM05=00007f9bbb3a7478 00007f9bbb3a74c0
XMM06=00007f9bbb3a74b8 00007f9bbb3a74b0 XMM07=00007f9bbb3a74a8 00007f9bbb3a74a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f9bbb212fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff81a02655 RBX=ffffffff81a02614 RCX=0000000000080000 RDX=ffffc90003741000
RSI=0000000000045c32 RDI=0000000000045c33 RBP=ffffc900047bedb0 RSP=ffffc900047beca0
R8 =0000000000000001 R9 =0000000000000000 R10=dffffc0000000000 R11=fffffbfff1c25c59
R12=dffffc0000000000 R13=1ffff920008f7d98 R14=0000000000000000 R15=0000000000000040
RIP=ffffffff81a02643 RFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f25348db6c0 ffffffff 00c00000
GS =0000 ffff8881a3c12000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32b21ff8 CR3=0000000043eb4000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff81b88c80 ffffffff81b88d05
XMM02=00007faf291a7498 ffffffff81b88d05 XMM03=00007faf291a74a8 00007faf291a74a0
XMM04=00007faf29d0d100 00007faf291a7460 XMM05=00007faf291a7478 00007faf291a74c0
XMM06=00007faf291a74b8 00007faf291a74b0 XMM07=00007faf291a74a8 00007faf291a74a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007faf29012fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
