last executing test programs:

4m10.891069264s ago: executing program 4 (id=152):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a50000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0c000980080001400000000508000840000000011400000011000100"], 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000d0a010300000000000000000aefff000900020073797a310000ffdf0900010073797a31"], 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)

4m8.784009086s ago: executing program 4 (id=156):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000380)='rxrpc_call\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rxrpc_call\x00', r1}, 0x10)
r2 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0xfc00)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)

4m7.544155968s ago: executing program 4 (id=160):
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffed]}, 0x0, 0x8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10)
r1 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', <r2=>0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x90, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r2, {}, {0xffff, 0xffff}, {0x2, 0xd}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x60, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x1, 0x1], 0x0, [0x8, 0x6, 0x3c, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x401]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}]}}]}, 0x90}}, 0x0)

4m6.962765975s ago: executing program 4 (id=163):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f0000000240)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40}}, {@stripe={'stripe', 0x3d, 0x4000}}, {@nombcache}, {@minixdf}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000005400)={0x2020}, 0x2020)

4m5.595401309s ago: executing program 4 (id=169):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f0000000080)={0x5, 0x8, 0x9})
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0xfffffffd, @loopback, 0x3681}, 0x1c)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0x20, &(0x7f0000000000)={@in6={{0xa, 0x4e22, 0x7, @local, 0x7}}, 0x0, 0x0, 0x3a, 0x0, "a30b3b28af4d2f246a016542daa845f387713f4048ff2ece1e75f1fc0100f41e4de6256109383664417165bba0dd5ace522fa788000000000033035551502f07b4001a00"}, 0xd8)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, r0, 0xe4776000)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000340)={@in6={{0xa, 0x4e21, 0xc, @loopback, 0x400}}, 0x0, 0x0, 0x40, 0x0, "947116a1a606754bab1cb61212bb07a2bd205f00f81bef965a071f0d1aadd97b9640d9a0cd9ea71a5e9aec7f03d4406a7710c42cb5e754b089928abcd7589d209bc45b4064028eb7fafaa8b125736e00"}, 0xd8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e62, 0x1ff, @loopback, 0x23}, 0x1c)

4m4.773068822s ago: executing program 4 (id=172):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x21c, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xc}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x800, 0x70bd29, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0xfff1, 0xfff2}, {0x1, 0xc}, {0xfff3, 0x8}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_NAT={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44045}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000084)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

4m1.889488798s ago: executing program 32 (id=172):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x21c, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xc}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x800, 0x70bd29, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0xfff1, 0xfff2}, {0x1, 0xc}, {0xfff3, 0x8}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_NAT={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44045}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000084)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1m13.917760526s ago: executing program 0 (id=853):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
close(0x3)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x201, 0x0, 0x0)
connect$unix(r0, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r0, 0x0, r2, 0x0, 0x39000, 0x3)

1m12.100391125s ago: executing program 0 (id=858):
r0 = fsopen(&(0x7f00000004c0)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000001d40)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xaei\xb6\xb7\xc1Y\xd5YG\xf9\xc2\xf1\xa4\xdb$\xf6]\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\x03\x00\x00\x00\x00\x00\x00\x00\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^W\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B\xc5\x05\x9d\xd6\x02|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3q\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^\x00\x00\x00\x00\x00\x00\x00\x00\x00\xef\xcd\xd3\t\x01A\xd5\x81\xc1;9\xeez\xba\x00\x00\x00\xdc\x94\xff)\xa4\xe6\xfb]\x90bG\x11\b\x98#\xaa99ez|\x8b5\x92\xa5\xba\x96\xb3\xb26I\xbb\xdeb\x95?\xc0\x81', &(0x7f0000000200)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='\x00', &(0x7f00000001c0)='dE\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000280)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f00000000c0)='dE\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000780)='\\$#[\\/\x00\xd5\xd4^\xa7\xe4\xd4\x1f.yh\x18\xb8s\xe6\f\xaf*4\xe1\xa1e\x04%f\x8f\xde\x91\x04\xbb\xc8\x17\x15\xa4\xf0\x00\x15w\x00\x00\xed\xdd}\x00\x18\xf3\xde\n\xbe\x91\xc4\xc5\xe6\xd3o\xaau\xf34\t\x9d\x80rg\xbc\xee\x96p\x18\x9e(h\xeb\xd9\xde\xa6\xfc\x8e\xe3,\xae\xa8\xf0\x82y\x91\x1c{\x85 \xc7P\xa3\x9c\x06\xc1\xd3\x92\xcd\xcc\x17\xb2}\x13:\xbbh\"%;\b\x7f\x91\x8a\xa5Z\x92~<\xfe3\x19\xdcVJ\f\xd1\x89d\xf9N\xbd\x92\x86\xa2\xa8\xc0:\x1f\n\xc9\x8eUO\x8e\xea\x99\xe1\xbe%Y\x9eH#\xa4\x9d5\xa88m6\x89kE\xce\xc3\aBW\xec_\xea_\x81\xbe\x86~\x84F\xa9\xcd\xba\xfb\xd8\x8f\x01\x81~\x9c#\r\x87\xcf\x19\xb9\xbd \xcb\xff\x88io\xb0\xb1\xa0B\x8cI\x82+\xc4\xcf\xf4!+\x16v\xb6\x8a\xb7k}\x1d\xf2\x1c\x00\x8f\xd7\x84R\x12\xed){SM[\xe6g6\xfeF\x1dJ\x83', &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000640)='\x0f\x00\x00\x00\x00\x00\x00\x00\x04', &(0x7f0000000600)='dU|\xcbM\xe6\x91q\b', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000001ec0)='\\$#[\\/\x00\xd5\xd4^\xa7\xe4\xd4\x1f.yh\x18\xb8s\xe6\f\xaf*4\xe1\xa1e\x04%f\x8f\xde\x91\x04\xbb\xc8\x17\x15\xa4\xf0\x00\x15w\x00\x00\xed\xdd}\x00\x18\xf3\xde\n\xbe\x91\xc4\xc5\xe6\xd3o\xaau\xf34\t\x9d\x80rg\xbc\xee\x96p\x18\x9e(h\xeb\xd9\xde\xa6\xfc\x8e\xe3,\xae\xa8\xf0\x82y\x91\x1c{\x85 \xc7P\xa3\x9c\x06\xc1\xd3\x92\xcd\xcc\x17\xb2}\x13:\xbbh\"%;\b\x7f\x91\x8a\xa5Z\x92~<\xfe3\x19\xdcVJ\f\xd1\x89d\xf9N\xbd\x92\x86\xa2\xa8\xc0:\x1f\n\xc9\x8eUO\x8e\xea\x99\xe1\xbe%Y\x9eH#\xa4\x9d5\xa88m6\x89kE\xce\xc3\aBW\xec_\xea_\x81\xbe\x86~\x84F\xa9\xcd\xba\xfb\xd8\x8f\x01\x81~\x9c#\r\x87\xcf\x19\xb9\xbd \xcb\xff\x88io\xb0\xb1\xa0B\x8cI\x82+\xc4\xcf\xf4!+\x16v\xb6\x8a\xb7k}\x1d\xf2\x1c\x00\x8f\xd7\x84R\x12\xed){SM[\xe6g6\xfeF\x1dJ\x83', &(0x7f0000000380)='\xbd\x10\xe2\n\xc4\xa8\xa8?\a\x9e@O<\xf4s\x85~X\x85\xdc\x11\x04a\xf8\xa6f\x96nB\x02\x10+C$\f\xb3\xcc\xed\"M\xb6 V\xc5\x9a\x11o^\xda\xc8', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000d40)='\b\x00:&\x00&\xe2/\r]Fa;\x7f\'i\x18\xf0^\x1e\xdaL\x96x\xa88\x94\xa3\xad8c,\xc7\x02\xaezE\xe9u\x81K\xc9\x04\xc3\xb9\xdcy\xcc\x8e\x18\x92ix\xa2\xc1\xfe\x908\xc4h\x8f\xa8\xd1\xd5\xb2iU0S\x8c\x13\x10\xaa\xbc\x13\x9b\xcc\xfe\x1c\xc7\xae\x87\xbc\xf0\x81\xfd\x03\xd9ig\x91c2A4\x98\xe6\xd4q\xb9\xd5\xb2\x9e\xd4\xedBx\xb8~\xd5\xa9>\xa6\xb7Uu\xd3G\xbe\"\xbe\x87\xe7,]nW<:\xaa\xc9\xb8\x83C\x8c\xde$C4o~\xd7\xe5\xe9\xd2\xd9\x1bC)\xbf\xdf\xdb\xa6B\xe0x\xe5\xa3{\x82~\xd5(\xe7\x9c\xa2\xca\x8dnW\xf5\x16\"05\xf4\xadn\xcd\xa9\xe4\xe0/\x80>\xb9\xb3\xb4\xf5\xe2mN\xb4\xa3\x9e\x19{\xbe\xb8sj\xcb\xa4\x17(<\xbed\x17\xb0Dp\xce\xd8\xee0\xff\x98\x01Z8y*0\xfb\x9a\xbe\xb04\xbd\xecj\xad', &(0x7f0000000500)='\x00', 0x0)
close(r0)

1m11.598860197s ago: executing program 0 (id=860):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000003680)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58)
r1 = syz_io_uring_setup(0x10d, &(0x7f00000000c0)={0x0, 0xbcb7, 0x80, 0x6, 0x1000}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000300)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x0, r0, 0x0})
io_uring_enter(r1, 0x3516, 0x3e44, 0x8, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$inet(0x2, 0x3, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)

1m10.454002532s ago: executing program 0 (id=866):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c000180060001003c"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

1m10.09151487s ago: executing program 0 (id=868):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'})

1m9.002523091s ago: executing program 0 (id=878):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r3}, 0x10)
sendto$inet6(r2, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)

53.628492396s ago: executing program 33 (id=878):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r3}, 0x10)
sendto$inet6(r2, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)

7.081955411s ago: executing program 6 (id=1197):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000100)={0x2, 0x40000105, 0x0, 0x0})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000013000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="0f08b9820400000f32b805000000b9050000000f01d966ba410066ed0fa80f01c40fc72a36f4c4e2fd40db66ba6100b83e9f0000ef", 0x35}], 0x0, 0x2c, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0xd, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fdf000/0x18000)=nil, &(0x7f00000001c0)=[@text32={0x20, 0x0}], 0x1, 0x10, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

6.43211117s ago: executing program 6 (id=1202):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
io_cancel(0x0, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0)
r1 = syz_clone(0x200, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace(0x8, r1)
wait4(r1, 0x0, 0x2, 0x0)

5.285080479s ago: executing program 6 (id=1206):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x800, &(0x7f00000006c0)=ANY=[@ANYBLOB="73686f72746e616d653d77696e39352c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c6e66732c73686f72746e616d653d77696e6e742c726f6469722c696f636861727365743d6b6f69382d72752c73686f72746e616d653d6d697865642c757466383d302c756e695f786c6174653d312c756e695f786c6174653d312c006a4fcfcc9fc5ea902e1a6384d405e843e1dfa18259eaaba553a63617a0f84f2e66f4a8121e2cea67640f61a98cef24cdbc0121ddb0212c7365c895e70775f8c82357782f45acff678373e50747f0dbd34a6c51a45f248402fd4340c0024ca0ee5de3af9233d9e31dd6f105e2696137379613fb63ef2a91ccf785af00684cfa440b01bda2cbcd1b326a0ee91991ebfbd00ec2a75ac8d59d1e7793dfb73a16dd3b166bc6a158528f"], 0x1, 0x26c, &(0x7f0000000840)="$eJzs3U9rU1kYB+A3bTpJC0OyGCgzDMwdZjOr0HaYfcrQgWECipKFriw2RWlqoYWCLtruit9Bv4Iu3QouxK1fQASpghvrqgshEm//JDWJjZpG7PNs+nLu++Ock17upYueXPl1eWlhZW1xd3cn8vlMZMtRjr1MFGMkRiO1FQDA92Sv0Yg3jdSw1wIAnA7vfwA4e3q9/zNbh2PnT39lAMCgfNHf/yMDWRIAMGAXL13+f7ZSmbuQJPmI5e316no1/Zlen12M61GPWkxFId5FNA6l9b//VeamkqaXxcgvb46k+c316mh7fjoKUeycn05SUW3mDvJjMbGffzYRtZiJQvzUOT/TMf9D/PlHy/ylKMTTq7ES9ViIZjbN5yJiYzpJ/jlXOZbPfegDAAAAAAAAAAAAAAAAAAAAAIBBKCWHiu3n36Tn95RK3a6n+dbzgcZ7nQ/U2Dx2vk42fskOd+8AAAAAAAAAAAAAAAAAAADwrVi7eWtpvl6vrfYqbjy592gnlwY+2dy7yOzP219qu2fP+Ml2caz48fcXdzpdykWu38/n84qxiGgdSfanfPjbACf9WsXjnWs//7U2+Xe3nsi2jtxubrWtp8uNlB3UB/66ENG1J9/3Ddla3D8oym8/6jm4lWqr48P+xU3eLc8/2Hj+6qSpHg+NxuggHkUAAAAAAAAAAAAAAAAAAHDmHf3T77BXAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDc/T9//0WuWgbyXdt3hr2HgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4H0AAAD//7qXlSU=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_all\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.events.local\x00', 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x143042, 0x0)

4.78162936s ago: executing program 6 (id=1211):
r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f00000002c0)={"6b2f3b6a399bc2f1af59106a2a1667f8", 0x0, 0x0, {0x9, 0x9d5f}, {0x81, 0x40}, 0xffff, [0xffffffffffffffff, 0x8e9, 0x9, 0x1d, 0x43, 0xfffffffffffffffb, 0x28, 0x1, 0x34e0000, 0x7fffffffffffffff, 0x9, 0x5, 0x6, 0x8, 0x7, 0x4]})
write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0x40045b0a, &(0x7f0000000040))

4.611775175s ago: executing program 5 (id=1212):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r0)
r1 = userfaultfd(0x80001)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
syz_open_dev$vcsu(&(0x7f0000002140), 0x32, 0x2)
r2 = socket$alg(0x26, 0x5, 0x0)
mount$9p_fd(0x0, &(0x7f0000000680)='./file0\x00', &(0x7f0000000480), 0x14c98, &(0x7f00000006c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})

4.316248643s ago: executing program 1 (id=1215):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x2, 0xffffffff}}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
bind$tipc(r1, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x2}}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r3 = socket$tipc(0x1e, 0x2, 0x0)
sendmsg$tipc(r3, &(0x7f0000000380)={&(0x7f0000000140)=@name={0x1e, 0x2, 0x2, {{0x42, 0x3}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x60040d5}, 0x40000)

4.271185629s ago: executing program 3 (id=1216):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r2=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r3=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000180)={"2486910284ed923431d4c5d5fbf514fd00", r3})
ioctl$SW_SYNC_IOC_INC(r1, 0x40045701, &(0x7f0000000140)=0x1)
ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f0000000a40)=0xfff)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x7, 0x6, 0xff}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x10007f, 0x20000006, 0x50, 0x6, 0x3, 0x9, 0x2, 0xffff2d34, 0xffffff01, 0x6, 0x3, 0xfffffffc, 0x5, 0x4, 0x2, 0x7, 0x3c5b, 0x80000001, 0x24, 0xd, 0x1, 0x0, 0x4, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x0, 0x3, 0xe, 0x8, 0x8000806e, 0x7, 0x17, 0x1, 0x7, 0x200, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x8, 0x5, 0x1, 0x40], [0x10000007, 0x9, 0x80000130, 0x8004, 0x5, 0xfffffff3, 0x2, 0xc8, 0xf9, 0xe, 0x7, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0x1, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4004e0, 0x2, 0x4, 0xb, 0x1, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8020, 0x1, 0xfe000000, 0xffff, 0xfffffe01, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93694, 0x43, 0x103], [0x7, 0xa, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x6, 0x5, 0x0, 0x6, 0x5, 0x1, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x2, 0x6d03, 0x6, 0xd, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xc2, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x1000000a, 0x0, 0x5, 0x21c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x80000000, 0xb, 0x5, 0x93a, 0x6, 0x1000006, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x4, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0x10000, 0x7f, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x96, 0xffffffff, 0x80000000, 0x0, 0x4, 0xc8, 0x1, 0xfffff000, 0x9, 0x3, 0x7e, 0x100, 0x1000, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x1, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

4.092615524s ago: executing program 1 (id=1217):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10)
add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000480)="fef0eda8c799a4", 0x7, 0xfffffffffffffffe)
syz_usb_connect$hid(0x5, 0x36, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000e65000/0x2000)=nil)

4.056056191s ago: executing program 2 (id=1218):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x20, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0)

4.029556318s ago: executing program 3 (id=1219):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
pselect6(0x40, &(0x7f0000000100)={0x2, 0x0, 0xfffffffffffffff8, 0x0, 0x1, 0x10}, 0x0, &(0x7f0000000240)={0x1f, 0xc, 0x715, 0x8000000000000000, 0x0, 0x80000000000000, 0x800, 0x20000}, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000040))
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000)
r1 = dup2(r0, r0)
read$sequencer(r1, &(0x7f00000009c0)=""/195, 0xc3)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000040)=0x1)

3.662210477s ago: executing program 2 (id=1220):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004400000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "12ad"}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

3.661830647s ago: executing program 3 (id=1221):
syz_usb_connect(0x2, 0x24, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = userfaultfd(0x801)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)

3.458253656s ago: executing program 2 (id=1222):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004400000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "12ad"}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001400038010"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

3.427085005s ago: executing program 5 (id=1223):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000640)='\xf0\x891\xb8R\xe6\x8d\x12\xe5\xe3+\xcd24\x01\x80\x1a\xc9A\x93\xb1@\xbf\x89K\xd0\x86\xd9\x86\x18\xc4:\xc3\xe0\xac\xed~\x97\a\xbe\xfb1d\xbe\xa1\xc1N\xd2p\xf0\xc6\xf3\x8eD\x1b\xc7q\x99?9\xf1\xe6\f\xa9\x90\xec:\x037\xe8\x0f\rX6\xf2\x88\x8d\r\xd2\xfc+\x19\x9a}\x9c\xd9\x1a\xef\xf1\x16d>ah\xa2\xa7\x02U\x06\xe1\xe1PY\x90\x17\xf0p\x01*!I\xd3$\xd00C\x88*NA\xc3\x95`\xb2\xf1\xb1\xed\x91\xe4\x87\xcf_9\x1eIpAfN\x99\xa9\v)\x98p\xea[\xc5&D\xe7\xf3\xba/\xcd\xdb\x9dz\xb2\xbf\xc6\xea?\x13(\x15\xc1\tm\xe7t,[\x14|bM\xfa\xeb\x91\xb0\xdfAR\xf3\xe2\xdf', &(0x7f0000000380)='{\xe0e%m\"\x92\xb5\xcb\x00\x01\x0e!5\xd8\xf2\x92\x97\x86\xf9\xa8\xe7;\xdff3\x83\xb1a\xf2j\x90\x10@\x1chOK\x98\xae\xd6>\xbaN\x1d_N\xcbdIP2$\xbc\xc9\x89\xb5\n\x90-i%\xe2\x94\fH\xf1\xed\r\b\x1c\x81>\t\xc30-\xe2\xb3\xb0<\x8dJPDhx\x04\xd8\x17\xbcP\x8bl\xd5\x00\x00\x00\x00\x00\x00\xa3E\x9aQ\x9b\x98#\xb2\x03\x18!V\x1b\xcbk\xf8\xd6JE4,\xdf\x96\x80j#\xf9\xd8\x13,\x89\x10\x90:l/\xb9T\x9a', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r2 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
readv(r1, &(0x7f0000000340)=[{&(0x7f0000000500)=""/223, 0xdf}], 0x1)
tkill(r2, 0xb)

3.051109149s ago: executing program 2 (id=1224):
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x8)
syz_mount_image$f2fs(&(0x7f00000000c0), &(0x7f0000000040)='./file1\x00', 0x1800008, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRESDEC], 0x1, 0x551b, &(0x7f0000001ec0)="$eJzs3L1vG2UYAPDHSdNvSoQY2HpShZRItVWnSQVbgFZ8iFRRgYEJHNux3Nq+KHackImBETHwnyCQmBj5GxiY2RADiA0J5LsLNECrCvzRpr+fdH7u3nv93PNaUaTnznIAT63F5NefS3EpzkXEfERcjMj2S8WWWc/DCxFxOSLm7ttKxfifA6cj4nxEXBolz3OWilOfXx1eWfvprV+++e7MqQtffP397FYNzNqLEdHdyff3u3lMW3m8W4zXhu0sdleHRcxPdO8Vx2ke95tbWYb92tG8Whavt/L56c5efxS3O7X6KLba29n4Ti+/YH/YOsqTveFubTc7bjS3stjup1lsHeZ1HRzm/9sO+4M8T6PI91GWPgaDo5iPNw+a+Xp27mWx3hsU43netNE8GMVhFheiuFzU004jq2Prf33Uj7W32729g2TY3O23016yVqm+VKneKFd300Zz0Fwt17qNG6vJUqszmlYeNGvd9VaatjrNSj3tLidLrXq9XK0mSzebW+1aL6lWK9cr18pry8Xe1eT12+8lnUayNIqvtnt7g3ann2ynu0n+juVkpXL95eXkSjV5Z2Mz2bxz69bG5rsf3Hz/9isbb75WTPpHWcnSyrWVlXL1Wnmluvygla2fvPV/UhT9SOuHKSjNugCAJ4/+H5iIcw8/Pbn+f/dOxOT7/5hY/x/6/8e1/31I//9f25CTsn6YCf0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBT64eFL9/Idhbz4wvF+DPF0HPFcSki5iLi938xH6eP5Zwv8iw8YP7C32r4thRZhtE1zhTb+YhYL7bfnp30pwAAAAAn11cfX/4s79bzl8VZF8Q05Tdt5i5+OKZ8pYhYWPxxTNnmRi/PjylZ9vd9Kg7GlC27gXV2TMnyW26nxpXtkcwfC2fvC6U8zE21HAAAYCqOdwLT7UIAAACYpk9nXQCzUYqjR5lHz4Kzb97/9UDw3LEjAAAA4AlUmnUBAAAAwMRl/b/f/wMAAICTLf/9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4g537uU0ciOIA/GwwsP+0aBvYVvYGZWwJe9zjigK2CQrIgbSQBqiB3FJCBBEeh0DEIZLHthJ9n2QGW+bHGwsOMyMNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCl+2qzvP3383/bnP2hnTy9AQAAAK7ZVZtl/Waezr801781l34050VElBFxbew+islF5qjJqV7uvzm/v3pVw11EnXD8jmlzfI6IX83x+L3rpwAAAAAf13a1XqTRenqZD10QfUqTNuXX35nyioio5g+Z0spj3iRTWP37HsffTGn1BNYsU1iachvnSnuT+u9+erqzs6ZITXn1Y6cis/UdAADo0eii6XcUAgAAQJ/+DF0AwyjieSnztBQ4TU2zvPfp4gwAAAB4h4qhCwAAAAA6V4//e9r/72D/PwAAABhG2v8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALu2qzXK7Wi/a5uwP7eTpDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8sT/vKhTCAAxAcx++Nun3+vES0NXV5RwopAkdCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPPtfJ9w6/hj3Jv23D1HokmZMcvSyd2qydG7Y+GC9/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk/15SYEQCIIomDP+d9L3P6wk6BlEiICGRxW1aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4pN/98n9iapxJ5k4bS8cjydpVY+uqsfegcfRgvP0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi537942bigMA/myfL7SAOAK6IQiBxAALvR6lpRtiAEUM/AlIUXopR6/8aDPQqkJkYUOZuyAYEUICha3/Q+dW6lK2DjcUiTnIPjvn/JA4oLEvyecjPb+vLcvv+3xSlK+f7wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAErj96Zxkm06kzgujt17fGs16+/v6TN3Nh8sZS2LozqTPhperu5E3eYSAQAA4ORIyvo+hPAw3VrO+riT1/9peU5W8//w7CQu6/m9dX/Zl7V/1n7/7dGLOwN1JuNkF10bjgZn96fSOrxZzrfn/vGMVn7n82cvSf6BxB9uvDBO8/sZfXf37vvtPFyoI1sA4L84U/ZFUP4/lPX9JhMD4MRoVQrvsv5POs3mBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCH8UZ4uoyjEMJSaxpn7j++tXpQf2fzwVLZLty+vRm+mV4zu0QaQlgbjgZna53NfLt+4+aVldFocK3+4JUQQlOjv1tM/8rHM5wcQiP3R/CEgrj4sOcln6MRNPhHCQCAY+HUnv20aFld/zDdWs6ORYshbP+4u/5/vRKHGev/R59cuFcdq1r/9w91lkdLb/3qF73rN26+Oby6cnlwefDZ2wv9d/rnLp4/f7GXPyvpeWICAADA/9MuWrX+jxf3r/+frsRhxvr/y+/7X1fHStT/IWxv7zs0XfRrJCMAAAAKz7/615/RAcejdjt8tbK+fq0/2e7svzXZNpDqv7ZQtGr9nyw2nRUAAABQh/FGtGv9/1IlDjOu/z/z00u/VK+ZFN8/WBuOBmdWPx9dqm86c62OrxM3PUcAAACadapo1fX/NH//P9555SEOIbzx2iQufgZwpvo/+eDbn6tjVd//P1ffFOdS3J3cj7zvhtDqNp0RAAAAx9lTRcuK/T/SreVPfz39Udv7/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1+zsAAP//60BBGA==")
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x103042, 0x0)
pwritev2(r0, &(0x7f0000000680)=[{0x0}, {&(0x7f0000000c40)="65b27c98", 0x4}], 0x2, 0x7ffd, 0xffffffff, 0x5)

2.933758025s ago: executing program 5 (id=1225):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x2, 0x336, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff})
pipe(&(0x7f00000004c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
tee(r5, r6, 0x8f5, 0x0)

2.619647066s ago: executing program 1 (id=1226):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text32={0x20, &(0x7f0000000180)="9a00000080a300c4e1c9e0d70f01c366bad104b034eef30fc7350000000026670f01c20fc72f0f01c4c4e1fae67e0066baa000ec", 0x34}], 0x1, 0x4, 0x0, 0x0)
r0 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x5, 0x12, 0x0, 0x3}, 0x9c)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x24, 0x2007, @fd, 0x800, 0x0, 0x0, 0x18, 0x0, {0x2}})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

2.32232098s ago: executing program 1 (id=1227):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_cake={{0x8}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newtfilter={0x38, 0x2c, 0x601, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xb}, {}, {0xc, 0xffe0}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0xf, 0xfff1}}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4884}, 0x24000840)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.872567655s ago: executing program 1 (id=1228):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000006, 0x1e5}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x2d3e, 0xec84, 0x0, 0x0, 0x0)

1.664528804s ago: executing program 5 (id=1229):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
close(0x3)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r4, &(0x7f0000000380)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x2, @empty}, 0x2, 0x2, 0x0, 0xfffffffc}}, 0x2e)
sendmsg$L2TP_CMD_TUNNEL_GET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r3, 0x325, 0x0, 0x0, {0x8}}, 0x14}}, 0x0)

1.378043675s ago: executing program 2 (id=1230):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4b4, 0xde64, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x70, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0xfc}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000016000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000006c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\"'], 0x0}, 0x0)

1.273664127s ago: executing program 6 (id=1231):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x589b}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pause()
timer_create(0x7, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000280))
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r1, 0xa, 0x13)
fcntl$setlease(r1, 0x400, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)

1.213051414s ago: executing program 3 (id=1232):
r0 = io_uring_setup(0x1d48, &(0x7f0000000340)={0x0, 0x8000f2d5, 0x800, 0x6, 0x3a2})
r1 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
listen(r1, 0x4)
recvmmsg(r1, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000}}], 0x1, 0x40000100, 0x0)
close_range(r0, r1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r2}, 0x18)

1.096414505s ago: executing program 1 (id=1233):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
syz_mount_image$jfs(&(0x7f0000000400), &(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1c802, &(0x7f0000002740)=ANY=[], 0x3, 0x5f74, &(0x7f0000002040)="$eJzs3V1vHFf9B/DfPnj90H/TqPqrChEXbgqlpTTPCZSnplxwAUggoVyTyHWrQFpQEhCtLOLKF4gLHl4C3PSGi76RIvEKEC+ASDZXlaAMGvucZLxeex1i76x9Ph/JmfntmfGeydfj2fXM7AkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIL7z7R9e6ETEjV+kB05G/F/0IroR83W9GPXMtbx8PyJOxWZzPBcRvdmIev3Nf56JuBwRH5+IWN9YWaofvrjPflw5f+/Op9/91t9+/fu1Uz9+80cfDrf/4P8vffSb+xEnv//aR5/eP5htBwAAgFJUVVV10tv80+n9fbftTgEAE5GP/1WSH1er1Wr1gda/605Xf9SF1k3VaPebRUSsNtepXzM4HQ8AR8xqfNJ2F2iR/IvWj4in2u4EMNU6bXeAQ7G+sbLUSfl2mseDxa32/HfKbfmvdh7e37HbdJzha0wm9fO1Fr14dpf+zE+oD9Mk598dzv/GVvsgLXfY+U/KbvkPtm59Kk7Ovzec/5Bt+f8hIo5s/t2R+Zcq599/nPxXe0d4/5c/AAAAAADHX/77/8mWz//OPvmm7Mte538XJ9QHAAAAAAAAADhoTzr+30PG/wMAAICpVb9Xr/3xxKPHdvsstvrx652Ip4eWBwqTbpZZaLsfAAAAAAAAAAAAAFCS/tY1vNc7ETMR8fTCQlVV9VfTcP24nnT9o6707YeStf1LHgAAtnx8It3Lnwfg60TMRcT19Fl/MwsLC1U1N79QLVTzs/n17GB2rppvvK/N0/qx2cE+XhD3B1X9zeYa6zWNe788rn34+9XPNah6++jYZLQcOgDF2zoarTsiHTNV9Uy0/SqHo8H+f/zY/9mPtn9OAQAAgMNXVVXVSR/nfTqd8++23SkAYBLm8vF/+LyAWq1Wq9Xq41c3VaPdbxYRsdpcp37NYDh+ADhiVuOTtrtAi+RftH5EnGq7E8BU67TdAQ7F+sbKUifl22keD9L47vlakG35r3Y218vrj5qOM3yNyaR+vtaiF8/u0p/nJtSHaZLz7w7nf2OrfZCWO+z8J2W3/OvtPNlCf9qW8+8N5z/k+OTfHZl/qXL+/cfKvyd/AAAAAACYYvnv/yfLPf/by/1ZnFAfAAAAAAAAAOCgrW+sLOX7XvP5/8+OWK7TnHP/57GR8+/sO3/3/x4nOf/ucP5DF+T0GvMP3niU/z83VpY+vPePz+Tp1Oc/0xvUzz3T6fb66ZqfauatuBW3YznO71i+v639wo72mW3tF8e0X9rRPqjb53P72ViKn8btePNh++yYC6PmxrRXY9pz/j37f5Fy/v3GV53/QmrvDE1rDz7o7tjvm9NRz3Ptz/9+cefeNXlr0Xu4bU319p1poT+b/ydPDeLnd5fvnP3lzXv37lyINNn26MVIkwOW859JXzn/l17Yas+/95v764MPBo+d/7RYi/6u+b/QmK+39+UJ960NOf9B+sr55yPQ6P3/KOe/+/7/Sgv9AQAAAAAAAAAAAAAAgL1UVbV5i+i1iLia7v9p695MAGCifvu9NFMloVar1Wq1+tjWTdVorzeLmNu+ztWI+NWobwYATLP/RMTf2+4ErZF/wfLn/dXTz7XdGWCi7r73/k9u3r69fOdu2z0BAAAAAAAAAP5XefzPxcb4z5vXAQ2NG71t/Nc3YvHIjv/ZHfQ2xzpPG/R87D3+95nYe/zv/pjnmxnTPhjTPjumfW5M+8gbPRpy/s+njHP+p9OGlTT+60st9KdtOf8zaaznnP8XhpZr5l/96Sjn392W/7l77/zs3N333n/11js3315+e/ndC+evXr505fKlK1fOvXXr9vL5rX9b7PHhyvnnsa9dB1qWnH/OXP5lyfl/PtXyL0vO/8VUy78sOf/8ek/+Zcn55/c+8i9Lzv/lVMu/LDn/L6Za/mXJ+b+SavmXJef/pVTLvyw5/1dTLf+y5PzPplr+Zcn5n0u1/MuS889nuORflpx/vrJB/mXJ+V9MtfzLkvO/lGr5lyXnfznV8i9Lzv9KquVflpz/1VTLvyw5/y+nWv5lyfl/JdXyL0vO/7VUy78sOf+vplr+Zcn5fy3V8i9Lzv/rqZZ/WXL+30i1/MuS8/9mquVflpz/66mWf1keff6/mQnP/OsvEVPQDTOlzrz7172Wafs3EwAAAAAAAAAAAAAwbBJXGre9jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/2UHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdi7uxi5zvoM4Ge/7LUTiEtCCMGQteMEQzbeXX8lJhgcIDQNLU0DoaUNdYy9/gB/1buGJIqaTZO2QURqpPYivSgFRBFSWyVCSKVSiiIVqb1rrkC5Qa2UC0tNKhNBJaokW5057/vuzOzszPpj7Tnn/H5R/PfOnJl558yZ2X3WemYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmm34+PSfD2RZlv/f+GNdll2Z/31Ntif/cm7n5V4hAAAAcKHebPz5D1elE/Ys40JN2/zb+/7jB/Pz8/PZF18/89Zfzs+nM8aybGh1ljXOi/79V7+cb94meCIbHRhs+nqwx80P9Th/uMf5Iz3OX9Xj/NU9zh/tcf6iHbDImuL3MY0r29T467pil2bXZCON8zZ1uNQTA6sHB+PvchoGGpeZHzmYHcmOZtPZ5KLLDDT+y7IXNuS3dXcWb2uw6bbWZ1l29ueP7o9rGAj7eFPWcmMNzY/da3dmY6///NH935199d2dZs/dsGilWbZ5Y77OJ7Ns4ddV2UC2Ou2TuM7BpnWu77DOoZZ1DjQul/+9fZ1nl7nOeL9Hwzpf6rLO9eG0h27MsmwuW3Kbdk9kg9natltN+3u0OCLy68gfyndkw+d0nGxYxnGSX+aVG1uPk/ZjMu7/DWGfDC+xhuaH47XHVy3a7+d7nOT3uh+O1fy6781vdHS0+VerLcdqvs2jNy19DHR87DocA+lYbjoGNvY6BgZXDTWOgcGFNW9sOQamFl1mMBto3NaZm7ofAxOzx05OzDz8yK1Hju07NH1o+vjU5M7t23Zs37Zjx8TBI0enJ4s/z22XlsjabDAdgxvDa008Bt/ftm3zITn/rYv3PBjtk+dBft8/e3O+oCsHsyWO8XybJzdf+PMgfd9veh4MNz0POr6mdngeDC/jeZBvc3bz8r5nDjf932kNK/VauK7pGLic3w/z23zgA0u/Fq4P63rqg+f6/XBo0TEQ79ZAeO7lp6Sf90ZvD/tl8XFxfX7GFauy0zPTp7Y8tG929tRUFsYlcXXTY9V+vKxtuk/ZouNl8JyPlz1//8bN13c4fV3YV6O3dH+s8m22j3d/rBqv7q37c1VW7M+WU7dmYVxkl3p/dvpulu/PlCW67M98mydvvfCfBVMuaXr9G+n1+jc0Mly8/g2lvTHS8vq3+KEZaqwsy87eurzXv5Hw/6V+/bumT17/8n31wJbux0C+zVMT53oMDHd9/bsxzIGwng+ExDDalPvfapw/VxymTY9lz+NmeHgkHDfD8RZbj5ttiy6TX1t+25snz++42Xxj62PV8nNLBY+bfF/91WT34ybf5sWpC3/tWBP/2vTasarXMTAytCpf70g6CIrXu/k18RjYku3PTmRHswPpMvmjnN/W+NblHQOrwv+X+rXjuj45BvJ99ezW7sdAvs2Pt13cn502h1PSNk0/O7X/fmGpzH/98ML1te+2i53583V+4iefTqd1yhD5Nq9uP9ec0X0/3RJOuaLDfmp//ix1TB/ILs1+ui6s8+iO7r+byre5Zucyj6c9WZa9PPVy4/dd4fe73z/9kx+0/N630++UX556+Z6J+356LusHAOD8vdX4c25V8bNm079YL+ff/wEAAIBSiLl/MMxE/gcAAIDKiLl/KMxE/gcAAIDKiLl/OMykJvn/8O27nnvzsSy9G+B8EM+Pu+HejxTbxY73XPh6bH5BfvrHvjPy3NceW95tD2ZZ9sY97+m4/eGPxHUVTsZ1fqj19EWuu2FZt//g/QvbNb9/wtldxfXH+7PcwyB2lV+Y2Nq43rGHpxrzxXuyxrxv7qkniusvvo7bn9lWbP834U1L9hwcaLn85rCeTWGOhfeUuXfPwn7IZ7zcc+vf969Xf27h9uLlBja+vXE3n/3j4nrje0Q9c3WxfbzfS63/X77+vefy7R+6qfP6HxvsvP4z4XpfCfNXu4vtm/f515rW/6dh/fH24uW2fPtHHdf//LuK7Z8Px8U3w2xf/51/8d43Oz1e8Xb23FFcLt7+5P9ub1wuXl+8/vb1jz421bI/2q//xdeL69n9lV8MNW8fT4+3Ez14R+vxPRAe35YeeZZl3/uzrGU/Zx8uLvfPbeuP13fyjs7rv6VtnScHbmhcfuH+rGu5X9/4u60d729cz55/XNdyf565K+y/1yd+nF/vmfvC8RjO/7+Xiutrfy/T5+9qfb2J239zXfG8jdc30bb+Z9rWP3dDvu96r//u14v1P//R1S3r3/PJcDzdXcxe6z/0t1e1XP5b3y0ej1NfHT9+Yub0kQNNe7X5ebx6dM3aK65829uvCq+l7V/vPTF7ePrU2OTYZJaNlfAtA1d6/d8O83+KMXfxb6Hw018Ux93Tnyq+b73/l8XXz4TTHwyPZ/z++I2/Hmk5Xtsf97mPFvNC1//BsI7letfX/+uGZW145gsvnP6nP3m1/eeCeH9OvnO0cf+e3XBt47yBF4vz21+vevnPd7Y+r382PNmYPwz7dT68M/PGa4vba7/++N4kT3+meP7Gn+Ti5bO29xNZN9R6Py50/T8LP8f86LrW1794fPzwsbZ3c16XDeRLmAuvD9lccX7cKu7vp89e2/H24vvwZHPvPpdlLmnm4ZmJo0eOn35oYnZ6ZnZi5uFH9h47cfr47N7Ge5fu/VKvyy88v9c2nt8HpnduzxrP9hPFWGGXe/0n799/4LbJmw9MH9x3+uDs/SenTx3aPzOzf/rAzM37Dh6c/mqvyx85sHtq665tt20dP3TkwO7bd+3atmv8yPET+TKKRfWwc/LL48dP7W1cZGb39l1TO3Zsnxw/duLA9O7bJifHT/e6fON703h+6a+Mn5o+um/2yLHp8Zkjj0zvntq1c+fWnu/+eOzkwZmxiVOnj0+cnpk+NVHcl7HZxsn5975el6ceZk6E17s2A+Gn88/fsjO9P27uO48veVXFJq0/nmavhfeCit/fen0dc/9ImElN8j8AAADUQcz94Y3/F86Q/wEAAKAyYu5fHWYi/wMAAEBlxNxfJP/R9PHvdcn/F6v//7j+f4P+v/5/pv+f6P/r/2f6//r/Pej/6/+Xef36//r/9NZv/f+Q+7M1Webf/wEAAKCiYu5fG2Yi/wMAAEBlxNx/RZiJ/A8AAACVEXP/lWEmNcn/Pv9f/1//v1v/P26r/5/p//dD/3/Tf+v/L6L/r/+f6f+ft8vdny/7+vuw/79G/59+02/9/5j73xZmUpP8DwAAAHUQc//bw0zkfwAAAKiMmPuvCjOR/wEAAKAyYu5fF2ZSk/yv/6//r//v8//1/0vT//f5/x3o/+v/Z/r/5+1y9+fLvv4+7P/7/H/6Tr/1/2Pu/7Uwk5rkfwAAAKiDmPvfEWYi/wMAAEBlxNx/dZiJ/A8AAACVEXP/NWEmNcn/9ez/v5Jlmf5/pv+v/9+2Tv1//f+VoP+v/9+N/r/+f5nXr/+v/09v/db/j7n/nWEmNcn/AAAAUAcx918bZiL/AwAAQGXE3P+uMBP5HwAAACoj5v7rwkxqkv/r2f/3+f/6/wX9/9Z16v/r/6+EWvf/3zis/9+D/r/+f5nXr/+v/09v/db/j7n/3WEmNcn/AAAAUAcx918fZiL/AwAAQGXE3P+eMBP5HwAAACoj5v71YSY1yf/6//r/+v/6//r/+v8rqVz9/8Elz/H5/wX9/1YXr/8/t7AA/f/SrF//X/+f3vqt/x9z/3vDTGqS/wEAAKAOYu5/X5iJ/A8AAACVEXP/DWEm8j8AAABURsz9Y2EmNcn/+v/6//r/+v/6//r/K6lc/f+l6f8X9P9b+fx//X/9f/1/uuu3/n/M/RvCTGqS/wEAAKAOYu7fGGYi/wMAAEBlxNx/Y5iJ/A8AAACVEXP/pjCTyuT/t3U9V/9f/1//X/9f/1//fyXp/+v/d6P/r/9f5vXr/+v/01u/9f9j7r8pzKQy+R8AAACIuf/mMBP5HwAAACoj5v73h5nI/wAAAFAZMfdvDjOpSf7X/9f/1/8vcf9/SP8/0//ve/r/+v/d6P/r/5d5/fr/+v/01m/9/5j7PxBmUpP8DwAAAHUQc/8Hw0zkfwAAAKiMmPtvCTOR/wEAAKAyYu4fDzOpSf7X/9f/1/8vcf/f5/+3rF//vz/p/5el/z/S+qX+/7Lo/+v/6//r/9Ndv/X/Y+6/NcykJvkfAAAA6iDm/i1hJvI/AAAAVEbM/RNhJvI/AAAAVEbM/ZNhJjXJ//r/+v/6//r/+v/6/ytJ/78s/f82+v/Lov+v/6//r/9Pd/3W/4+5fyrMpCb5HwAAAOog5v6tYSbyPwAAAFRGzP3bwkzkfwAAAKiMmPu3h5nUJP+XpP+/JRWg9P/1//X/9f/1/0tF/1//vxv9f/3/Mq9f/1//n1aDHU7rt/5/zP07wkxqkv8BAACgDmLu3xlmspD/1136VQEAAAAXU8z9t4WZ+Pd/AAAAqIyY+28PM6lJ/i9J/9/n/+v/6/830f/X/y8T/X/9/270//X/y7x+/X/9f3rrt/5/zP27wkxqkv8BAACgDmLu/1CYifwPAAAAlRFz/x1hJvI/AAAAlEqnzyGMYu7/cJhJTfK//n/V+//zq/X/9f/1/7uvX/9/Zen/6/93o/+v/1/m9ev/6//TW7/1/2Pu3x1mUpP8DwAAAHUQc/9HwkzkfwAAAKiMmPs/GmYi/wMAAEBlxNy/J8ykJvlf/7/q/X+f/6//r//fa/36/ytL/1//vxv9/3L2/8OPLfr/fdT/z48h/X/6Ub/1/2PuvzPMpCb5HwAAAOog5v6PhZnI/wAAAFAZMfd/PMxE/gcAAIDKiLn/E2EmNcn/+v/6//r/+v/l7P+P6P+XhP7/ivX/Gy+F+v8F/f/zc7n782Vffz/1/33+P/2q3/r/MfffFWZSk/wPAAAAdRBz/yfDTOR/AAAAqIyY+389zET+BwAAgMqIuf/uMJOa5H/9f/1//X/9/3L2/33+f1no//v8/270//X/y7x+/X/9f3rrt/5/zP2/EWZSk/wPAAAAdRBz/z1hJvI/AAAAVEbM/Z8KM5H/AQAAoGRWLXlOzP2/GWZSk/xfvv7/WCn7/4Pp+vX/9f/1//X/9f8vJv1//f9M//+8Xe7+fNnXr/+v/09v/db/j7n/t8JMapL/AQAAoA5i7v90mIn8DwAAAJURc/9vh5nI/wAAAFAZMfffG2ZSk/x/sfv/7Zfvxuf/6/9n+v/6//r/+v8XSP9f/z/T/z9vl7s/X+L1xx9F9P/1/+mh3/r/Mff/TphJTfI/AAAA1EHM/feFmcj/AAAA0KcOn/MlYu7/TJiJ/A8AAACVEXP/Z8NMapL/y/f5//r/+v/6//r/+v9lov+v/9+N/r/+f5nX7/P/9f/prd/6/zH33x9mUpP8DwAAAHUQc//nwkzkfwAAAKiMmPt/N8xE/gcAAIDKiLn/98JMapL/9f/1//X/9f/1//X/V5L+/+L+f/4apv9f0P/X/y/z+vX/9f/prd/6/zH3fz7MpCb5HwAAAOog5v7fDzOR/wEAAKAyYu7/gzAT+R8AAAAqI+b+B8JMapL/9f/1//X/9f/1//X/V5L+v8//70b/X/+/zOvX/9f/p7d+6//H3P+FMJOa5H8AAACog5j7/zDMRP4HAACAyoi5f2+YifwPAAAAlRFz/4NhJjXJ//r/+v/6//r/+v/6/ytJ/1//vxv9f/3/Mq9f/1//n976rf8fc/++MJM9rTcDAAAAlFfM/V8MM6nJv/8DAABAHcTcvz/MRP4HAACAyoi5/0CYSU3yv/6//r/+v/6//r/+/0rS/9f/70b/X/+/zOvX/9f/p7d+6//H3D8dZlKT/A8AAAB1EHP/wTAT+R8AAAAqI+b+Q2Em8j8AAABURsz9h8NMapL/9f/1//X/a9v/f+n7bevU/9f/Xwn6//r/3ej/6/+Xef36//r/9NZv/f+Y+4+EmdQk/wMAAEAdxNz/pTAT+R8AAAAqI+b+L4eZyP8AAABQGTH3Hw0zqUn+1//X/9f/r23/f3mf/79m4Xb1//X/z4f+v/5/N/r/+v9lXr/+v/4/vfVb/z/m/mNhJjXJ/wAAAFAHMfcfDzOR/wEAAKAyYu4/EWYi/wMAAEBlxNx/MsykJvlf///c+v8DS3QD9f87r1//vwL9/yb6//r/50P/X/+/G/1//f8yr1//X/+f3vqt/x9z/x+FmdQk/wMAAEAdxNx/KsxE/gcAAIDKiLl/JsxE/gcAAIDKiLl/NsykJvlf/9/n/+v/6//r/+v/ryT9f/3/bvT/9f/LvH79f/1/euu3/n/M/afDTGqS//+fvfte8qys9jjcNGcOQ1HeA+UdeAVegtdgleUlmAOYMSvmnDAnzIo555wxZ1EUc6zSonuthQw9e/cw/et597ue5w8Wp+EULwVW+a3xUxsAAAA6yN3/gLjF/gcAAIBp5O5/YNxi/wMAAMA0cvc/KG5psv/1//p//b/+X/+v/98l/b/+f4n+X/+/5ffr//X/rBut/8/d/+C4pcn+BwAAgA5y9z8kbrH/AQAAYBq5+x8at9j/AAAAMI3c/Q+LW5rsf/2//l//r//X/+v/d0n/r/9fov/X/2/5/fp//T/rRuv/c/c/PG5psv8BAACgg9z9j4hb7H8AAACYRu7+R8Yt9j8AAABMI3f/NXFLk/2v/9f/6/832P//n/5f/78d+n/9/xL9v/5/y+/X/+v/WTda/5+7/9q4pcn+BwAAgA5y9z8qbrH/AQAAYHPuef+jf567/9Fxi/0PAAAA08jd/5i4pcn+1//r//X/G+z/ff9f/78h+n/9/xL9v/5/y+/X/+v/WTda/5+7/7FxS5P9DwAAAB3k7n9c3GL/AwAAwDRy9z8+brH/AQAAYOvO5O/k7n9C3NJk/+v/T6//v0z/r//X/+v/9f8nTv+v/9/T/99tl7qf3/r79f/6f9btvP+/z3UH97j9f+7+6+KWJvsfAAAAOsjd/8S4xf4HAACAaeTuf1LcYv8DAADANHL3PzluabL/9f++/39H//+fy/T/+n/9/x0/1/+fDP2//n+J/l//v+X36//1/6zbef+/0vuf+3/n7n9K3NJk/wMAAEAHufufGrfY/wAAADCN3P1Pi1vsfwAAAJhG7v6nxy1N9r/+X//v+//6f/2//n+X9P/D9v/n/kfvzvT/x6L/1/+fr/+/9zHer/+ng9H6/9z9z4hbmux/AAAA6CB3/zPjFvsfAAAAppG7//q4xf4HAACAaeTuf1bc0mT/6//1//p//f+d+//9lv3/7T/T/++G/n/Y/n+Z/v9Y9P/6f9//1/+zbLT+P3f/s+OWJvsfAAAAOsjd/5y4xf4HAACAaeTuf27cYv8DAADANHL3Py9u2b9ULzpd+n/9v/5f/39R3/+/fI7+3/f/d0f/r/9fov/X/2/5/fp//T/rRuv/c/c/P27x6/8AAAAwh/292v0viFvsfwAAAJhG7v4Xxi32PwAAAEwjd/+L4pYm+1//r//X/+v/L6r/n+T7//r/3dH/6/+XHLf/39P/19+L/n+c9+v/9f+sG63/z93/4rilyf4HAACADnL3vyRusf8BAABgGrn7Xxq32P8AAAAwjdz9L4tbmux//b/+X/+v/9f/6/93Sf+v/1/i+//6/y2/X/+v/2fdaP1/7v6Xxy1N9j8AAAB0kLv/FXGL/Q8AAADTyN3/yrjF/gcAAIBp5O5/Vdxy7v7fP81XnR79v/5f/6//1//r/3dJ/6//X6L/P7r/P3uev57+f6z36//1/6wbrf/P3X9D3OLX/wEAAGAauftfHbfY/wAAADCN3P2viVvsfwAAAJhG7v7Xxi1N9v/5+v/brjr84/r/49H/H/1+/b/+X/+v/9f/6/+X6P99/3/L79f/6/9ZN1r/n7v/dXFLk/0PAAAAHeTuf33cYv8DAADANHL3vyFusf8BAABgGrn73xi3NNn/J//9/6v1//p//X9c/b/+X/+v/9f/L9P/6/+3/H79v/6fdaP1/7n73xS3NNn/AAAA0EHu/jfHLfY/AAAATCN3/1viFvsfAAAAppG7/61xS5P9f/L9v+//6/8vsP/f1/8n/X/8c9X/6/8vwFb7/339/wH9v/5/y+/X/+v/WTda/5+7/8aDqddv/wMAAEAHNx789uze2+IW+x8AAACmkbv/7XGL/Q8AAADTyN3/jrilyf7X/+v/L3n/7/v/Rf8f/1z1//r/C7DV/t/3/w/p//X/W36//l//z7rR+v/c/e+MW5rsfwAAAOggd/+74hb7HwAAAKYRu//wf/xu/wMAAMCU3n3w27N774lbmuz/xv3/1Rfb/1/5P7+v/z/6/fr/E+n/bzz33z39v/5/S/T/+v8l+n/9/5bfP07/Hz+4Rv/PeEbr/3P3vzduabL/AQAAoIPc/e+LW+x/AAAAmEbu/pviFvsfAAAAppG7//1xS5P937j/n+T7//e9NV6g/5+3//f9/7j6f/3/UfT/E/T/t//XL/1//fX1/9t5/zj9v+//M67R+v/c/R+IW5rsfwAAAOggd/8H4xb7HwAAAKaRu/9DcYv9DwAAANPI3f/huKXJ/tf/b73/9/1//b/+X/8/Nv2//n+J7//r/7f8fv2//p91o/X/ufs/Erc02f8AAADQQe7+j8Yt9j8AAABMI3f/x+IW+x8AAACmkbv/43FLk/2v/9f/76r/v/0vov9v0v9fe0X++fp//f9d6P/1/0v0//r/Lb9f/6//Z91o/X/u/k/ELU32PwAAAHSQu/+TcYv9DwAAANPI3f+puMX+BwAAgGnk7v903HCve1y6J52sM+f5eeS6+n/9v+//6/99/1//v0v6f/3/Ev2//n/L79f/6/9ZN1r/n7v/M3GLX/8HAACAaeTu/2zcYv8DAADANHL3fy5usf8BAABgGrn7Px+3NNn/+n/9v/5/s/3/lfr/O79f/z8m/b/+f4n+X/+/5fcfu/+/+ej/f/0/HYzW/+fu/0Lc0mT/AwAAQAe5+78Yt9j/AAAAMI3c/V+KW+x/AAAAmEbu/i/HLU32v/5f/6//32z/7/v/57xf/z8m/b/+/9AtR/5U/6//3/L7ff9f/8+60fr/3P1fiVua7H8AAADoIHf/V+MW+x8AAACmkbv/a3GL/Q8AAADTyN3/9bilyf7X/+v/9f/6f/2//n+X9P/6/yX6f/3/lt+v/9f/s260/j93/zfilib7HwAAADrI3f/NuMX+BwAAgGnk7v9W3GL/AwAAwDRy9387bmmy/2fu/5f+NP3/If2//n9P/6//3zH9v/5/if5f/7/l9+v/9f+sG63/z93/nbilyf4HAACADnL3fzdusf8BAABgGrn7b45b7H8AAACYRu7+78UtTfb/zP3/Ev3/If2//n9P/6//3zH9v/5/if5f/7/l9+v/9f+su0T9/5m98/T/ufu/H7c02f8AAADQQe7+H8Qt9j8AAABMI3f/D+MW+x8AAACmkbv/R3HLPPv/fjct/EH9/4n3/wf/Eun/9f97+n/9v/7/gP5f/79E/6//3/L79f/6f9aN9v3/3P0/jlvm2f8AAADQXu7+n8Qt9j8AAABMI3f/T+MW+x8AAACmkbv/Z3FLk/2v//f9f/1/q/7/8j39v/7/lOn/9f9L9P/6/y2/X/+v/2fdaP1/7v6fxy05/K66O3+XAAAAwEhy9/8ibmny6/8AAADQQe7+X8Yt9j8AAABMI3f/r+KWJvtf/6//1/+36v99/1//f+r0//r/Jfp//f+W35/9f/57p//X/3NXo/X/uft/Hbc02f8AAADQQe7+W+IW+x8AAACmkbv/N3GL/Q8AAADTyN3/27ilyf7X/+v/9f/6f/2//n+X9P/6/yX6f/3/lt/v+//6f9aN1v/n7r81bmmy/wEAAKCD3P2/i1vsfwAAAJhG7v7fxy32PwAAAEwjd/9tcUuT/a//1/9P2f9fof/X/+v/R6H/1/8v0f/r/7f8fv2//p91o/X/ufv/ELc02f8AAADQQe7+P8Yt9j8AAABMI3f/n+IW+x8AAACmkbv/z3FLk/2v/9f/X3j/f6b+voft/33/X/+v/x/GvP3//+v/j+r/z17Y+7v3/9ffcPhj/f8236//1/+zbrT+P3f/X+KWJvsfAAAAOsjd/9e4xf4HAACAaeTu/1vcYv8DAADANHL3/z1uabL/9f/6/ym//6//1//r/4cxb//v+/++/+/7//p//b/+nzWj9f+5+/8RtzTZ/wAAANBB7v5/xi32PwAAAEwjd/+/4hb7HwAAAKaRu//fcUuT/a//1//r//X/+n/9/y7p//X/S/T/+v8tv1//r/9n3Wj9f+7+/wYAAP//lgIt2A==")
syz_mount_image$exfat(0x0, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000240))
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000f80)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x180c0c0, &(0x7f0000000940)=ANY=[], 0x13, 0x6b2, &(0x7f0000001000)="$eJzs3U9sHFcdB/DvbDZrbxCp+y8NCKlWI1W0EYmdVUmQkBoQQjlEKIIDvVqJ01hx0spxUVohsgEKEidOqAcORSgcckIIIZUTAs5ISFw4+R6JG4ccAKOZnV2v7Y1jx3HWbT8faXbezJv33m9+nj/7x6sN8Kl17o0c7KbIuePnb5bLK3c6iyt3Otf65SQTSRpJszdL0U6KvyRn05vyuXJl3V3xoHFeu/dR0fzgbqe31KynavvGVu02GbllN5kcLBxIMt0r/mfb3W7qr5qqfi6u9feIikHcZafH+omDcVvdpLtW2Xho8+2ft8C+dat339xkKjmU3t21fB6Q+urw8CvD+G15beo+uTgAAABgr4x8LT/sqfu5n5s5/GTCAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgE+GovebgUU9Nfrl6RT93/9vDf2mfmvM4e7S+5er2befGncgAAAAAAAAALArL97P/dzM4f7yalF95v9StfBc9fiZvJMbmc9STuRm5rKc5SxlNsnUUEetm3PLy0uzm1v+ImXL1dXVW3XLUyNbnlofV3djoKP+02DTRgAAAAAAAADwqfXDnFv7/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPaDIjnQm1XTc/3yVBrNJJNJWsX0YPPWWIN9ZHcHpT+NNQ4AAADYG8X6xXY9P1z8r1dYLarX/EeqTSfzTq5nOQtZzmLmc6luXr7qb/y9O5mkc23lTufa5nG+9q8dhVX1mN57D6NHnqm2eH7Q4ly+me/keKZzIUtZyPcyl+XMZzrfqEpzKTJV7/DUyp12yjj70/rBz65burAxtheHymV8R6tI2rmchSq2E7nY6ofeqLc7OjTaH1rJhhFvl9kpXq9tM0eX6nm5Rz/f/Kcco6lqzw8OMjJT577MxtPDed+c+x0eJxtHmk1j8B7Uc2ujpDoy1zd9pJwfqudlrn+ytznf4Vtp6zPR/Vm51D/6jmyd8+SVf/z5wpXG9atXLt84vn8Oo0e08ZjoDGXihW1lYrHMRHcXmZjcTfyPT6vORu8qurOr5UtV28NZyLfyVi5lPqczk9mcyUy+klPp5NRQXp/fOq/VudbY2bl27It1obwn/XTo3vTETDyooszr00N5Hb7STVV1w2vWsvTMNrJUtDI6S/8cGUrz83WhHONHQ3ec8duYidmhTDy7dSZ+9d/VJDcWr19dujL39jbHe7mel6ft++uvzb9+LDu0c/XulsfLM+UfK73bxvDRUdY926/bkK9W/YlLs+5sXV0r1fncq3vYmVr2dOT2qJ56dS+MHKVT1R0dqlv3LCdvZXHwLASAfezQq4da7Xvtv7U/bP+4faV9fvLrE2cmvtDKwb82/3jgt43fNL5avJoP84McHnekAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwSXDj3feuzi0uzi/tw0Iaj7nD2yOr+qnorWntj33/uBYmtjqifpdki+atccTcTrIvUpfmExhrIiOqzg/WtJPGIJ4kV/fJD9wBe+Hk8rW3T954970vLVybe3P+zfnrp86cfv1058uzt05eXlicn+k9jjtKYC+sPQ0YdyQAAAAAAAAAAADAdm3rywPfza6+e7BxzM8mRXc8uwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8DJ17Iwe7KTI7c2KmXF6501ksp355bctmkkaS4vt5pb/ubPkwNdRd8aBxXrv30S9f/uBuZ62vZn/7xoZ2v//36uoO96JbT5lOcqCeP9zEtvq7ONRfd4eB9RSDPSwTdqyfOBi3/wcAAP//b70FNA==")
r0 = open(&(0x7f0000000140)='.\x00', 0x8000, 0x112)
ioctl$TCSETA(r0, 0x5406, 0x0)
ioctl$VIDIOC_G_TUNER(r0, 0xc054561d, &(0x7f0000000080)={0x6, "c80b9ec377ce143233fd33fd67e4836e660090f2d3896d0840fde29fdc2ad880", 0x4, 0x8, 0x0, 0x8, 0x10, 0x4, 0x3, 0x4ad8})
getdents64(r0, &(0x7f0000000300)=""/123, 0x7b)

1.071153352s ago: executing program 5 (id=1234):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000780)='netlink_extack\x00', r0, 0x0, 0xb0}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r3, 0x0)
sigaltstack(&(0x7f0000001040)={&(0x7f0000004500)=""/4074, 0x1, 0xfea}, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000580)={'veth0_to_team\x00', <r4=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={r1, r4, 0x25, 0xc, @void}, 0x10)

672.980915ms ago: executing program 3 (id=1235):
r0 = socket(0xa, 0x5, 0x0)
dup(r0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r1}, &(0x7f0000000840), &(0x7f0000000880)=r2}, 0x20)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, r4, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x3e, &(0x7f0000000100)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, "45208e", 0x8, 0x3a, 0xff, @empty, @mcast2, {[], @echo_request={0x80, 0x0, 0x0, 0x8, 0x8001}}}}}}, 0x0)

596.49756ms ago: executing program 5 (id=1236):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000340)='sched_kthread_stop_ret\x00', r0}, 0x10)
r1 = io_uring_setup(0x1d48, &(0x7f0000000340)={0x0, 0xb140, 0x1000, 0x6, 0x196})
r2 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r2, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
listen(r2, 0x4)
recvmmsg(r2, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000}}], 0x1, 0x40000100, 0x0)
close_range(r1, r2, 0x0)

238.789842ms ago: executing program 2 (id=1237):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x9c, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x9c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x14, 0x6, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000)

78.915759ms ago: executing program 6 (id=1238):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r1=>0x0})
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000300)={'batadv_slave_1\x00', <r4=>0x0})
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000000)={r4, 0x1, 0x6, @broadcast}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r5=>0x0})
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000080)={r5, 0x1, 0x6, @broadcast}, 0x10)
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000180)={r1, 0x11, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10)

0s ago: executing program 3 (id=1239):
syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x1000000, &(0x7f0000000980)=ANY=[], 0x21, 0x1cf, &(0x7f0000000780)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBguMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xS3vdmlN+Z0566motk2VmaPXUlkcWk0vtMXKTXMwjwcwQmnpkUXFlVXZiTk5qUfFChopbyUkVp08wsFy3v6bSLMHp8EeewyFJ00GH6YiPR9aMxhLOSVKaYmxsmQpnz3yQX8emcYTh0QrmjXWeeY11halT89LykqqyqrLmTZy4cWZjZ2Pjyol1UWl+qxhbUlw2NXUyMjlwqwlsZjZUn2SjPeFd+6qHSQ6sPR5+zaeMlV6nMl8yXlgkdWpF1cwJX5RmMxp+Z7jDU7ZCQkPDSeKKhEWDCcOROtsGV5ATUxoY0hTCGJPU2MTatpyZE8LMz+a2QKEl+QRT6FGOpTMlLA4IVZ38aan51iHRbca2pw5sZ3gOH+dZU9AnaHRcgsFpoeB/GZAxCQ0NZRprmZbaLvhSpPFXwmu1sVMGg7s90zJYgLI0gMiVUJ4sWE9C8goPHU1No5TkhIZNEglJbgWGygxb93CuFmhgQIo2FQYGhu2MsLiFgGswxigYBaNgFIyCUTAKRsEoGAWjYBSMghEBAAEAAP//VlaYIg==")
syz_mount_image$fuse(0x0, &(0x7f00000005c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x20045a, &(0x7f0000000200)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f00000004c0)='./file0\x00', 0xa0, &(0x7f00000004c0)=ANY=[], 0xff, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r1, &(0x7f0000000f80)=""/4096, 0x1000)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

./file0./file0fuse[  216.400785][ T3706] EXT4-fs error (device loop2): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:15: lblock 1 mapped to illegal pblock 1 (length 1)
[  216.515965][ T3706] Quota error (device loop2): remove_tree: Can't read quota data block 1
[  216.525953][ T3706] EXT4-fs error (device loop2): ext4_release_dquot:7022: comm kworker/u8:15: Failed to release dquot type 0
[  216.667248][ T6229] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  216.827382][ T6241] netlink: 36 bytes leftover after parsing attributes in process `syz.0.85'.
[  217.440804][ T6229] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.495237][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  219.006508][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  220.133226][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  220.235341][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  220.693516][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  220.899241][ T6239] Set syz1 is full, maxelem 65536 reached
[  221.582156][ T6264] loop4: detected capacity change from 0 to 16
[  221.630222][ T6264] erofs (device loop4): mounted with root inode @ nid 36.
[  221.687531][ T6264] erofs (device loop4): read error -117 @ 43 of nid 36
[  222.104842][ T6266] netlink: 'syz.2.95': attribute type 5 has an invalid length.
[  223.335226][ T6281] loop0: detected capacity change from 0 to 1024
[  223.411813][ T6281] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  223.685296][ T6290] netlink: 28 bytes leftover after parsing attributes in process `syz.2.105'.
[  223.883900][ T6291] Zero length message leads to an empty skb
[  224.467820][ T5801] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.035479][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  225.042175][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  225.903438][ T6296] loop4: detected capacity change from 0 to 32768
[  226.149862][ T6294] capability: warning: `syz.2.106' uses deprecated v2 capabilities in a way that may be insecure
[  226.698197][ T6298] netlink: 7 bytes leftover after parsing attributes in process `syz.0.108'.
[  227.164174][ T6296] 
[  227.164174][ T6296]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  227.164174][ T6296] 
[  227.248395][ T6302] netlink: 'syz.1.109': attribute type 4 has an invalid length.
[  227.281107][ T6296] read_mapping_page failed!
[  227.286105][ T6296] ERROR: (device loop4): txAbort: 
[  227.286105][ T6296] 
[  227.303233][ T6304] read_mapping_page failed!
[  227.307920][ T6304] ERROR: (device loop4): txAbort: 
[  227.307920][ T6304] 
[  227.335934][ T6302] netlink: 'syz.1.109': attribute type 4 has an invalid length.
[  227.518748][ T6304] find_entry called with index = 0
[  227.524428][ T6304] read_mapping_page failed!
[  227.529184][ T6304] ERROR: (device loop4): txAbort: 
[  227.529184][ T6304] 
[  227.557030][ T6296] read_mapping_page failed!
[  227.561708][ T6296] bread failed!
[  227.565663][ T6296] jfs_mkdir: dtInsert returned -EIO
[  227.571104][ T6296] ERROR: (device loop4): txAbort: 
[  227.571104][ T6296] 
[  228.420360][ T6309] loop0: detected capacity change from 0 to 512
[  228.853569][   T54] read_mapping_page failed!
[  228.858235][   T54] ERROR: (device loop4): txAbort: 
[  228.858235][   T54] 
[  228.866705][   T54] jfs_write_inode: jfs_commit_inode failed!
[  228.951508][ T6309] EXT4-fs (loop0): orphan cleanup on readonly fs
[  228.969455][ T5811] 
[  228.969455][ T5811]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  228.969455][ T5811] 
[  228.988875][ T6309] EXT4-fs warning (device loop0): ext4_xattr_inode_get:546: inode #11: comm syz.0.111: ea_inode file size=4 entry size=6
[  229.002640][ T6309] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  229.016600][ T6309] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #15: comm syz.0.111: corrupted inode contents
[  229.181396][ T6309] EXT4-fs (loop0): Remounting filesystem read-only
[  229.188577][ T6309] EXT4-fs warning (device loop0): ext4_evict_inode:273: xattr delete (err -30)
[  229.198369][ T6309] EXT4-fs (loop0): 1 orphan inode deleted
[  229.206464][ T6309] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  229.235857][ T5811] 
[  229.235857][ T5811]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  229.235857][ T5811] 
[  230.120754][ T6286] Set syz1 is full, maxelem 65536 reached
[  230.633646][ T6323] sctp: [Deprecated]: syz.3.116 (pid 6323) Use of int in max_burst socket option.
[  230.633646][ T6323] Use struct sctp_assoc_value instead
[  230.760630][ T5801] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.927494][ T6329] loop0: detected capacity change from 0 to 32768
[  232.048337][ T6329] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  232.181913][ T6329] XFS (loop0): Ending clean mount
[  232.193309][ T6329] XFS (loop0): Quotacheck needed: Please wait.
[  232.300756][ T6329] XFS (loop0): Quotacheck: Done.
[  232.359465][ T6329] overlayfs: upper fs does not support file handles, falling back to index=off.
[  232.574773][ T5801] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  232.799635][   T30] audit: type=1326 audit(1767904508.996:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6348 comm="syz.1.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c898f749 code=0x7ffc0000
[  232.910451][   T30] audit: type=1326 audit(1767904509.106:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6348 comm="syz.1.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c898f749 code=0x7ffc0000
[  233.011229][   T30] audit: type=1326 audit(1767904509.166:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6348 comm="syz.1.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc2c898f749 code=0x7ffc0000
[  233.038344][   T30] audit: type=1326 audit(1767904509.186:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6348 comm="syz.1.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c898f749 code=0x7ffc0000
[  233.062805][   T30] audit: type=1326 audit(1767904509.236:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6348 comm="syz.1.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c898f749 code=0x7ffc0000
[  233.086507][   T30] audit: type=1326 audit(1767904509.236:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6348 comm="syz.1.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc2c898f749 code=0x7ffc0000
[  233.108992][   T30] audit: type=1326 audit(1767904509.236:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6348 comm="syz.1.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c898f749 code=0x7ffc0000
[  233.131670][   T30] audit: type=1326 audit(1767904509.246:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6348 comm="syz.1.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2c898f749 code=0x7ffc0000
[  233.157616][   T30] audit: type=1326 audit(1767904509.246:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6348 comm="syz.1.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2c898f749 code=0x7ffc0000
[  233.242931][   T30] audit: type=1326 audit(1767904509.386:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6348 comm="syz.1.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2c898f749 code=0x7ffc0000
[  234.307516][ T6358] warning: `syz.4.127' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  234.622333][ T6361] loop3: detected capacity change from 0 to 16
[  234.930239][ T5805] Bluetooth: hci3: Malformed MSFT vendor event: 0x02
[  235.131476][ T6369] loop0: detected capacity change from 0 to 16
[  235.215737][ T6369] erofs (device loop0): mounted with root inode @ nid 36.
[  235.334908][ T6369] syz.0.123: attempt to access beyond end of device
[  235.334908][ T6369] loop0: rw=0, sector=14546590680, nr_sectors = 8 limit=16
[  235.349615][ T6369] erofs (device loop0): failed to decompress (lz4) -117 @ pa 1440 size 1 => 1677
[  235.359294][ T6369] erofs (device loop0): read error -5 @ 87 of nid 36
[  235.366783][ T6369] erofs (device loop0): failed to readdir of logical block 87 of nid 36
[  236.920275][ T6378] loop4: detected capacity change from 0 to 4096
[  238.104773][ T6405] sctp: [Deprecated]: syz.3.139 (pid 6405) Use of struct sctp_assoc_value in delayed_ack socket option.
[  238.104773][ T6405] Use struct sctp_sack_info instead
[  238.203400][ T6403] bridge: RTM_NEWNEIGH with invalid state 0x10
[  238.620856][ T6408] fuse: Bad value for 'fd'
[  240.050023][ T6427] ceph: No mds server is up or the cluster is laggy
[  240.058368][   T11] libceph: connect (1)[c::]:6789 error -101
[  240.066379][   T11] libceph: mon0 (1)[c::]:6789 connect error
[  241.134992][ T6433] loop0: detected capacity change from 0 to 40427
[  241.179771][ T6433] F2FS-fs (loop0): build fault injection rate: 14
[  241.186676][ T6433] F2FS-fs (loop0): build fault injection type: 0x3bfe8c
[  241.217937][ T6433] F2FS-fs (loop0): invalid crc value
[  241.273734][    C1] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of bio_endio+0xf96/0x10f0
[  241.301809][    C0] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of bio_endio+0xf96/0x10f0
[  241.560278][ T6433] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  241.569967][ T6433] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50
[  241.669523][ T6433] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  241.745699][ T6433] F2FS-fs (loop0): inject no more block in inc_valid_node_count of f2fs_new_node_folio+0x66f/0x19b0
[  241.759799][ T6433] F2FS-fs (loop0): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x702/0x19b0
[  241.772843][ T6433] F2FS-fs (loop0): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0x12a2/0x2fc0
[  241.785368][ T6433] F2FS-fs (loop0): inconsistent node block, node_type:3, nid:15, node_footer[nid:15,ino:3,ofs:614638,cpver:0,blkaddr:0]
[  241.891804][ T6433] F2FS-fs (loop0): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0x30c/0x2fc0
[  241.904698][ T6433] F2FS-fs (loop0): inconsistent node block, node_type:1, nid:3, node_footer[nid:3,ino:3,ofs:0,cpver:10241045589465957861,blkaddr:4102]
[  241.930587][ T6433] F2FS-fs (loop0): inject page get in f2fs_filemap_get_folio of __f2fs_find_entry+0xade/0x1940
[  242.232724][    C1] F2FS-fs (loop0): inject write IO error in f2fs_write_end_io of bio_endio+0xf96/0x10f0
[  242.242929][    C1] CPU: 1 UID: 0 PID: 5811 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) 
[  242.243068][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  242.243167][    C1] Call Trace:
[  242.243215][    C1]  <IRQ>
[  242.243261][    C1]  __dump_stack+0x26/0x30
[  242.243423][    C1]  dump_stack_lvl+0x14c/0x1c0
[  242.243577][    C1]  dump_stack+0x1e/0x25
[  242.243715][    C1]  f2fs_handle_critical_error+0xa6f/0xc20
[  242.243915][    C1]  f2fs_stop_checkpoint+0x65/0x80
[  242.244084][    C1]  f2fs_write_end_io+0x101c/0x1bc0
[  242.244303][    C1]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  242.244473][    C1]  bio_endio+0xf96/0x10f0
[  242.244608][    C1]  blk_update_request+0xf4c/0x1a90
[  242.244827][    C1]  blk_mq_end_request+0x50/0xb0
[  242.245004][    C1]  blk_flush_complete_seq+0xb1d/0x1940
[  242.245146][    C1]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  242.245333][    C1]  flush_end_io+0x12c3/0x17b0
[  242.245488][    C1]  ? __pfx_flush_end_io+0x10/0x10
[  242.245605][    C1]  __blk_mq_end_request+0x600/0x9e0
[  242.245799][    C1]  blk_mq_end_request+0x6e/0xb0
[  242.245975][    C1]  lo_complete_rq+0x188/0x3a0
[  242.246137][    C1]  ? __pfx_lo_complete_rq+0x10/0x10
[  242.246290][    C1]  blk_done_softirq+0x112/0x1f0
[  242.246450][    C1]  ? __pfx_blk_done_softirq+0x10/0x10
[  242.246607][    C1]  handle_softirqs+0x169/0x6e0
[  242.246768][    C1]  __irq_exit_rcu+0x66/0x180
[  242.246899][    C1]  irq_exit_rcu+0x12/0x20
[  242.247018][    C1]  sysvec_apic_timer_interrupt+0x84/0x90
[  242.247181][    C1]  </IRQ>
[  242.247224][    C1]  <TASK>
[  242.247272][    C1]  asm_sysvec_apic_timer_interrupt+0x1f/0x30
[  242.247423][    C1] RIP: 0010:kmsan_internal_set_shadow_origin+0x9e/0x110
[  242.247616][    C1] Code: 00 e8 46 34 00 00 49 83 ff 04 72 2d 4d 29 ee 49 c1 ef 02 31 c9 eb 0f 89 1c 88 49 63 cc 44 8d 61 01 49 39 cf 76 13 85 db 75 ed <41> 83 3c 8e 00 75 e9 eb e4 80 7d d4 00 75 14 48 83 c4 08 5b 41 5c
[  242.247723][    C1] RSP: 0018:ffff88811a7138b0 EFLAGS: 00000246
[  242.247842][    C1] RAX: ffff88811a313940 RBX: 0000000000000000 RCX: 0000000000000000
[  242.247926][    C1] RDX: 000000011a713940 RSI: 0000000000000001 RDI: ffff88811a713940
[  242.248012][    C1] RBP: ffff88811a7138e0 R08: ffffea000000000f R09: 0000000000000000
[  242.248101][    C1] R10: ffff888119f13940 R11: ffffffff81d71b50 R12: 0000000000000001
[  242.248194][    C1] R13: 0000000000000000 R14: ffff888119f13940 R15: 0000000000000002
[  242.248283][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  242.248474][    C1]  kmsan_internal_unpoison_memory+0x14/0x20
[  242.248630][    C1]  kmsan_unpoison_memory+0x28/0x40
[  242.248800][    C1]  copy_from_kernel_nofault+0x312/0x580
[  242.248997][    C1]  prepend_path+0x64c/0x1090
[  242.249174][    C1]  d_absolute_path+0x11b/0x240
[  242.249313][    C1]  tomoyo_realpath_from_path+0x4bd/0x9f0
[  242.249496][    C1]  tomoyo_path_perm+0x249/0x9a0
[  242.249717][    C1]  ? kmsan_get_metadata+0xfb/0x160
[  242.249887][    C1]  ? kmsan_get_shadow_origin_ptr+0x30/0xb0
[  242.250072][    C1]  tomoyo_path_unlink+0x98/0xe0
[  242.250234][    C1]  security_path_unlink+0x1f2/0x600
[  242.250386][    C1]  do_unlinkat+0x4bf/0xd80
[  242.250571][    C1]  __x64_sys_unlink+0x71/0xb0
[  242.250731][    C1]  x64_sys_call+0x3d17/0x3e70
[  242.250895][    C1]  do_syscall_64+0xd3/0xf80
[  242.251045][    C1]  ? clear_bhb_loop+0x40/0x90
[  242.251185][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.251334][    C1] RIP: 0033:0x7efc0f38ecf7
[  242.251439][    C1] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  242.251543][    C1] RSP: 002b:00007fff903c2008 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
[  242.251663][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efc0f38ecf7
[  242.251766][    C1] RDX: 00007fff903c2030 RSI: 00007fff903c20c0 RDI: 00007fff903c20c0
[  242.251852][    C1] RBP: 00007fff903c20c0 R08: 0000000000000000 R09: 0000000000000000
[  242.251930][    C1] R10: 0000000000000100 R11: 0000000000000206 R12: 00007fff903c3150
[  242.252009][    C1] R13: 00007efc0f413d7d R14: 000000000003af78 R15: 00007fff903c3190
[  242.252138][    C1]  </TASK>
[  242.252190][    C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  242.693587][ T6439] loop3: detected capacity change from 0 to 32768
[  242.781425][ T6439] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.153 (6439)
[  242.835618][ T5801] F2FS-fs (loop0): do_checkpoint failed err:-5, stop checkpoint
[  242.878057][ T6439] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  242.888874][ T6439] BTRFS info (device loop3): using blake2b (blake2b-256-lib) checksum algorithm
[  243.269461][ T6439] BTRFS info (device loop3): enabling ssd optimizations
[  243.282760][ T6439] BTRFS info (device loop3): turning on async discard
[  243.290822][ T6439] BTRFS info (device loop3): enabling free space tree
[  243.300705][ T6439] BTRFS info (device loop3): use zstd compression, level 3
[  243.823317][ T5802] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  245.125548][ T6478] loop4: detected capacity change from 0 to 512
[  245.192297][ T6478] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  245.206712][ T6478] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  245.313580][ T6481] mmap: syz.3.165 (6481) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  245.396152][ T6478] EXT4-fs (loop4): 1 truncate cleaned up
[  245.404277][ T6478] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  246.026185][ T5811] EXT4-fs error (device loop4): ext4_lookup:1785: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256)
[  246.067513][ T5811] EXT4-fs error (device loop4): ext4_lookup:1785: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256)
[  246.644621][ T5811] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  246.654822][ T3776] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.766374][ T3776] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.937895][ T3776] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.156222][ T6503] netlink: 12 bytes leftover after parsing attributes in process `syz.3.174'.
[  248.254413][ T3776] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.549265][ T3776] bridge_slave_1: left allmulticast mode
[  248.555595][ T3776] bridge_slave_1: left promiscuous mode
[  248.562161][ T3776] bridge0: port 2(bridge_slave_1) entered disabled state
[  248.577837][ T3776] bridge_slave_0: left allmulticast mode
[  248.584129][ T3776] bridge_slave_0: left promiscuous mode
[  248.590643][ T3776] bridge0: port 1(bridge_slave_0) entered disabled state
[  249.358135][ T3776] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  249.400404][ T3776] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  249.438696][ T3776] bond0 (unregistering): Released all slaves
[  250.059383][ T3776] hsr_slave_0: left promiscuous mode
[  250.076857][ T3776] hsr_slave_1: left promiscuous mode
[  250.085060][ T3776] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  250.092934][ T3776] batman_adv: batadv0: Removing interface: batadv_slave_0
[  250.177042][ T3776] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  250.185190][ T3776] batman_adv: batadv0: Removing interface: batadv_slave_1
[  250.273579][ T3776] veth1_macvtap: left promiscuous mode
[  250.279319][ T3776] veth0_macvtap: left promiscuous mode
[  250.285430][ T3776] veth1_vlan: left promiscuous mode
[  250.290953][ T3776] veth0_vlan: left promiscuous mode
[  250.997072][ T5102] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  251.006674][ T5102] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  251.019773][ T5102] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  251.040563][ T5102] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  251.059150][ T5102] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  251.927466][ T3776] team0 (unregistering): Port device team_slave_1 removed
[  252.075549][ T3776] team0 (unregistering): Port device team_slave_0 removed
[  252.196472][ T6544] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input5
[  252.534708][ T6553] netlink: 8 bytes leftover after parsing attributes in process `syz.3.185'.
[  252.543964][ T6553] netlink: 8 bytes leftover after parsing attributes in process `syz.3.185'.
[  253.145173][ T5805] Bluetooth: hci3: command tx timeout
[  253.982086][ T6527] chnl_net:caif_netlink_parms(): no params data found
[  255.213290][ T5102] Bluetooth: hci3: command tx timeout
[  255.870529][ T6527] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.878260][ T6527] bridge0: port 1(bridge_slave_0) entered disabled state
[  255.886059][ T6527] bridge_slave_0: entered allmulticast mode
[  255.895742][ T6527] bridge_slave_0: entered promiscuous mode
[  255.964806][ T6527] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.979783][ T6527] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.988125][ T6527] bridge_slave_1: entered allmulticast mode
[  255.997723][ T6527] bridge_slave_1: entered promiscuous mode
[  256.297651][ T6527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  256.377309][ T6527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  256.615451][ T6596] process 'syz.2.197' launched '/dev/fd/6' with NULL argv: empty string added
[  256.778368][ T6527] team0: Port device team_slave_0 added
[  256.864566][ T6527] team0: Port device team_slave_1 added
[  257.077121][ T6606] netlink: 2028 bytes leftover after parsing attributes in process `syz.0.199'.
[  257.086888][ T6606] netlink: 24 bytes leftover after parsing attributes in process `syz.0.199'.
[  257.252954][ T5102] Bluetooth: hci3: command tx timeout
[  257.311036][ T6527] batman_adv: batadv0: Adding interface: batadv_slave_0
[  257.319951][ T6527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  257.347584][ T6527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  257.417321][ T6527] batman_adv: batadv0: Adding interface: batadv_slave_1
[  257.425122][ T6527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  257.451923][ T6527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  257.978837][ T6527] hsr_slave_0: entered promiscuous mode
[  257.988920][ T6527] hsr_slave_1: entered promiscuous mode
[  257.997820][ T6527] debugfs: 'hsr0' already exists in 'hsr'
[  258.003889][ T6527] Cannot create hsr debugfs directory
[  259.273571][ T6621] loop3: detected capacity change from 0 to 40427
[  259.320727][ T6621] F2FS-fs (loop3): build fault injection rate: 14
[  259.329050][ T6621] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  259.337300][ T5102] Bluetooth: hci3: command tx timeout
[  259.344718][ T6621] F2FS-fs (loop3): invalid crc value
[  259.393266][    C0] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of bio_endio+0xf96/0x10f0
[  259.415607][    C1] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of bio_endio+0xf96/0x10f0
[  259.697028][ T6621] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  259.706691][ T6621] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50
[  259.723991][ T6621] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  259.738528][ T5863] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  259.903259][ T6621] F2FS-fs (loop3): inject no more block in inc_valid_node_count of f2fs_new_node_folio+0x66f/0x19b0
[  259.939745][ T6621] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x702/0x19b0
[  259.952779][ T6621] F2FS-fs (loop3): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0x12a2/0x2fc0
[  259.969976][ T6621] F2FS-fs (loop3): inconsistent node block, node_type:3, nid:15, node_footer[nid:15,ino:3,ofs:191623,cpver:0,blkaddr:0]
[  260.041532][ T5863] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  260.045254][ T6621] F2FS-fs (loop3): inject slab alloc in f2fs_alloc_inode of alloc_inode+0x8a/0x4a0
[  260.051809][ T5863] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.072597][ T5863] usb 1-1: Product: syz
[  260.077990][ T5863] usb 1-1: Manufacturer: syz
[  260.082899][ T5863] usb 1-1: SerialNumber: syz
[  260.113609][ T6527] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  260.208809][ T6527] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  260.235437][ T5863] usb 1-1: config 0 descriptor??
[  260.265105][ T5863] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 004
[  260.287717][ T6527] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  260.385252][ T6527] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  260.959695][ T5863]  (null): failure reading functionality
[  260.975420][ T5863] i2c i2c-1: failure reading functionality
[  261.020621][ T5863] i2c i2c-1: connected i2c-tiny-usb device
[  261.737236][  T795] usb 1-1: USB disconnect, device number 4
[  261.880371][ T6527] 8021q: adding VLAN 0 to HW filter on device bond0
[  262.070160][ T6527] 8021q: adding VLAN 0 to HW filter on device team0
[  262.118166][   T54] bridge0: port 1(bridge_slave_0) entered blocking state
[  262.125790][   T54] bridge0: port 1(bridge_slave_0) entered forwarding state
[  262.219660][   T54] bridge0: port 2(bridge_slave_1) entered blocking state
[  262.227214][   T54] bridge0: port 2(bridge_slave_1) entered forwarding state
[  263.283507][ T6667] netlink: 256 bytes leftover after parsing attributes in process `syz.2.214'.
[  263.293979][ T6667] unsupported nlmsg_type 40
[  263.365038][ T6667] syz_tun: entered allmulticast mode
[  263.424863][ T6666] syz_tun: left allmulticast mode
[  264.169869][ T6527] 8021q: adding VLAN 0 to HW filter on device batadv0
[  265.920712][ T6696] loop3: detected capacity change from 0 to 32768
[  265.975145][ T6696] (syz.3.208,6696,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  265.989992][ T6696] (syz.3.208,6696,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  266.038275][ T6696] JBD2: Ignoring recovery information on journal
[  266.164665][ T6696] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  267.098137][ T6527] veth0_vlan: entered promiscuous mode
[  267.241291][ T6527] veth1_vlan: entered promiscuous mode
[  267.430714][ T6718] syzkaller0: entered promiscuous mode
[  267.436955][ T6718] syzkaller0: entered allmulticast mode
[  267.467681][ T5802] ocfs2: Unmounting device (7,3) on (node local)
[  267.571740][ T6527] veth0_macvtap: entered promiscuous mode
[  267.670152][ T6527] veth1_macvtap: entered promiscuous mode
[  267.875824][ T6527] batman_adv: batadv0: Interface activated: batadv_slave_0
[  268.008833][ T6527] batman_adv: batadv0: Interface activated: batadv_slave_1
[  268.146858][ T3682] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  268.224269][ T3682] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  268.266633][ T3682] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  268.322885][ T3682] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  268.484870][ T6731] netlink: 24 bytes leftover after parsing attributes in process `syz.0.228'.
[  270.188604][ T6743] loop0: detected capacity change from 0 to 40427
[  270.269205][ T6743] F2FS-fs (loop0): invalid crc value
[  270.615965][ T6743] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  270.633472][ T6743] F2FS-fs (loop0): Start checkpoint disabled!
[  270.649941][ T6743] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  270.662672][ T6743] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  270.787316][ T6742] syz.0.232: attempt to access beyond end of device
[  270.787316][ T6742] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  270.899406][ T6743] syz.0.232: attempt to access beyond end of device
[  270.899406][ T6743] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  270.992128][ T1120] kworker/u8:8: attempt to access beyond end of device
[  270.992128][ T1120] loop0: rw=1, sector=45112, nr_sectors = 8 limit=40427
[  271.085894][ T1120] kworker/u8:8: attempt to access beyond end of device
[  271.085894][ T1120] loop0: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  271.100523][ T1120] CPU: 0 UID: 0 PID: 1120 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(none) 
[  271.100645][ T1120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  271.100753][ T1120] Workqueue: writeback wb_workfn (flush-7:0)
[  271.100908][ T1120] Call Trace:
[  271.100951][ T1120]  <TASK>
[  271.100996][ T1120]  __dump_stack+0x26/0x30
[  271.101145][ T1120]  dump_stack_lvl+0x14c/0x1c0
[  271.101291][ T1120]  dump_stack+0x1e/0x25
[  271.101423][ T1120]  f2fs_handle_critical_error+0xa6f/0xc20
[  271.101631][ T1120]  f2fs_stop_checkpoint+0x65/0x80
[  271.101799][ T1120]  f2fs_write_end_io+0x101c/0x1bc0
[  271.102011][ T1120]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  271.102178][ T1120]  bio_endio+0xf96/0x10f0
[  271.102312][ T1120]  submit_bio_noacct+0x2009/0x2930
[  271.102506][ T1120]  submit_bio+0x57c/0x630
[  271.102645][ T1120]  f2fs_submit_write_bio+0x92/0x250
[  271.102800][ T1120]  __submit_merged_bio+0x16f/0x6a0
[  271.102948][ T1120]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  271.103134][ T1120]  __submit_merged_write_cond+0x44a/0x990
[  271.103308][ T1120]  f2fs_write_data_pages+0x4cf3/0x57a0
[  271.103599][ T1120]  ? kmsan_get_metadata+0xfb/0x160
[  271.103767][ T1120]  ? kmsan_get_metadata+0xfb/0x160
[  271.103940][ T1120]  ? kmsan_get_metadata+0xfb/0x160
[  271.104106][ T1120]  ? kmsan_get_metadata+0xfb/0x160
[  271.104270][ T1120]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  271.104438][ T1120]  ? kmsan_get_metadata+0xfb/0x160
[  271.104604][ T1120]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  271.104771][ T1120]  ? kmsan_get_metadata+0xfb/0x160
[  271.104938][ T1120]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  271.105109][ T1120]  ? kmsan_get_metadata+0xfb/0x160
[  271.105279][ T1120]  ? kmsan_get_metadata+0xfb/0x160
[  271.105446][ T1120]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  271.105624][ T1120]  ? kmsan_get_metadata+0xfb/0x160
[  271.105790][ T1120]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  271.105960][ T1120]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  271.106127][ T1120]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  271.106292][ T1120]  do_writepages+0x3f2/0x860
[  271.106413][ T1120]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  271.106600][ T1120]  ? queue_io+0x771/0x790
[  271.106733][ T1120]  ? kmsan_get_metadata+0xfb/0x160
[  271.106923][ T1120]  __writeback_single_inode+0x101/0x1190
[  271.107082][ T1120]  ? kmsan_get_metadata+0xfb/0x160
[  271.107268][ T1120]  writeback_sb_inodes+0xb2d/0x1f10
[  271.107510][ T1120]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  271.107710][ T1120]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  271.107894][ T1120]  wb_writeback+0x4ce/0xc00
[  271.108054][ T1120]  ? queue_io+0x471/0x790
[  271.108202][ T1120]  wb_workfn+0x397/0x1910
[  271.108328][ T1120]  ? kmsan_get_metadata+0xfb/0x160
[  271.108526][ T1120]  ? __pfx_wb_workfn+0x10/0x10
[  271.108645][ T1120]  process_scheduled_works+0xb91/0x1d80
[  271.108886][ T1120]  worker_thread+0xedf/0x1590
[  271.109060][ T1120]  kthread+0xd5c/0xf00
[  271.109188][ T1120]  ? __pfx_worker_thread+0x10/0x10
[  271.109332][ T1120]  ? __pfx_kthread+0x10/0x10
[  271.109467][ T1120]  ret_from_fork+0x208/0x710
[  271.109633][ T1120]  ? __switch_to+0x53d/0x790
[  271.109774][ T1120]  ? __pfx_kthread+0x10/0x10
[  271.109909][ T1120]  ret_from_fork_asm+0x1a/0x30
[  271.110101][ T1120]  </TASK>
[  271.435449][ T1120] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  273.096604][ T6765] loop3: detected capacity change from 0 to 32768
[  273.145533][ T6765] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.226 (6765)
[  273.194738][ T6765] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  273.205978][ T6765] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  273.510397][ T6765] BTRFS info (device loop3): enabling ssd optimizations
[  273.518646][ T6765] BTRFS info (device loop3): turning on async discard
[  273.525736][ T6765] BTRFS info (device loop3): enabling free space tree
[  273.587172][ T6776] binder: 6769:6776 ioctl c0306201 200000000640 returned -22
[  274.305829][ T5802] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  275.651693][ T6802] netlink: 8 bytes leftover after parsing attributes in process `syz.1.241'.
[  275.856920][ T6807] xt_hashlimit: max too large, truncated to 1048576
[  275.946180][ T6809] netlink: 4 bytes leftover after parsing attributes in process `syz.2.242'.
[  276.339055][   T11] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  276.586475][   T11] usb 1-1: config 0 has an invalid interface number: 41 but max is 0
[  276.595063][   T11] usb 1-1: config 0 has no interface number 0
[  276.601362][   T11] usb 1-1: config 0 interface 41 has no altsetting 0
[  276.739537][   T11] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  276.749052][   T11] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  276.761028][   T11] usb 1-1: Product: syz
[  276.766636][   T11] usb 1-1: Manufacturer: syz
[  276.771433][   T11] usb 1-1: SerialNumber: syz
[  276.944900][   T11] usb 1-1: config 0 descriptor??
[  277.878251][   T11] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  278.113047][ T6826] fuse: Bad value for 'fd'
[  278.346951][ T3794] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  278.355076][ T3794] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  278.422971][   T11] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[  278.433993][   T11] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71
[  278.445360][   T11] CoreChips 1-1:0.41: probe with driver CoreChips failed with error -71
[  278.565092][   T11] usb 1-1: USB disconnect, device number 5
[  278.733951][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  278.742078][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  280.785039][ T6858] overlayfs: failed to resolve './file1': -2
[  284.955487][ T6892] netlink: 24 bytes leftover after parsing attributes in process `syz.0.268'.
[  285.669977][ T6901] netlink: 12 bytes leftover after parsing attributes in process `syz.1.269'.
[  285.995634][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  286.002803][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  287.096077][ T6913] loop5: detected capacity change from 0 to 32768
[  287.120764][ T6913] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.274 (6913)
[  287.167856][ T6913] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  287.178477][ T6913] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  287.466229][ T6913] BTRFS info (device loop5): enabling ssd optimizations
[  287.473515][ T6913] BTRFS info (device loop5): turning on async discard
[  287.480840][ T6913] BTRFS info (device loop5): enabling free space tree
[  287.589384][ T6913] kernel write not supported for file bpf-prog (pid: 6913 comm: syz.5.274)
[  287.805869][ T6527] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  288.794095][ T6956] netlink: 20 bytes leftover after parsing attributes in process `syz.0.283'.
[  290.048462][ T6974] netlink: 'syz.2.288': attribute type 2 has an invalid length.
[  292.114295][ T6994] loop0: detected capacity change from 0 to 4096
[  292.248087][ T6994] ntfs3(loop0): ino=3, Correct links count -> 2.
[  292.987932][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  292.988002][   T30] audit: type=1800 audit(1767904569.186:24): pid=7006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.294" name="file1" dev="loop0" ino=34 res=0 errno=0
[  293.295621][ T7012] netlink: 'syz.2.299': attribute type 29 has an invalid length.
[  294.578161][  T795] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  294.784858][  T795] usb 4-1: Using ep0 maxpacket: 32
[  294.869918][  T795] usb 4-1: config 0 has an invalid interface number: 188 but max is 0
[  294.878459][  T795] usb 4-1: config 0 has no interface number 0
[  294.888475][  T795] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  295.119816][  T795] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  295.129597][  T795] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.138364][  T795] usb 4-1: Product: syz
[  295.143026][  T795] usb 4-1: Manufacturer: syz
[  295.147806][  T795] usb 4-1: SerialNumber: syz
[  295.261735][ T7032] loop5: detected capacity change from 0 to 8
[  295.317349][  T795] usb 4-1: config 0 descriptor??
[  295.353606][ T7024] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  295.425865][ T7032] SQUASHFS error: xz decompression failed, data probably corrupt
[  295.434272][ T7032] SQUASHFS error: Failed to read block 0x108: -5
[  295.441173][ T7032] SQUASHFS error: Unable to read metadata cache entry [106]
[  295.449254][ T7032] SQUASHFS error: Unable to read inode 0x11f
[  295.755233][ T7024] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  295.953107][ T7032] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  297.488530][  T795] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  297.503764][  T795] asix 4-1:0.188: probe with driver asix failed with error -71
[  297.610962][  T795] usb 4-1: USB disconnect, device number 2
[  298.304780][ T7047] Bluetooth: hci1: command 0x0406 tx timeout
[  298.311321][ T5813] Bluetooth: hci4: command 0x0406 tx timeout
[  298.311451][ T5805] Bluetooth: hci2: command 0x0406 tx timeout
[  298.318642][ T5813] Bluetooth: hci0: command 0x0406 tx timeout
[  298.419945][ T7072] netlink: 8 bytes leftover after parsing attributes in process `syz.1.317'.
[  299.628638][ T7088] bond0: entered promiscuous mode
[  299.634140][ T7088] bond_slave_0: entered promiscuous mode
[  299.640917][ T7088] bond_slave_1: entered promiscuous mode
[  299.656661][ T7088] bond0: left promiscuous mode
[  299.661627][ T7088] bond_slave_0: left promiscuous mode
[  299.668300][ T7088] bond_slave_1: left promiscuous mode
[  299.699699][ T7091] overlayfs: failed to clone upperpath
[  300.035380][ T7092] netlink: 'syz.1.322': attribute type 12 has an invalid length.
[  300.043697][ T7092] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.322'.
[  300.970146][ T7096] loop0: detected capacity change from 0 to 40427
[  300.980279][ T7096] F2FS-fs: heap/no_heap options were deprecated
[  300.987851][ T7096] F2FS-fs: heap/no_heap options were deprecated
[  301.001526][ T7096] F2FS-fs (loop0): Image doesn't support compression
[  301.014050][ T7096] F2FS-fs (loop0): invalid crc value
[  301.326597][ T7096] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  301.399451][ T7096] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  301.607853][ T5801] syz-executor: attempt to access beyond end of device
[  301.607853][ T5801] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  301.623377][ T5801] CPU: 1 UID: 0 PID: 5801 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) 
[  301.623511][ T5801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  301.623592][ T5801] Call Trace:
[  301.623637][ T5801]  <TASK>
[  301.623682][ T5801]  __dump_stack+0x26/0x30
[  301.623842][ T5801]  dump_stack_lvl+0x14c/0x1c0
[  301.623995][ T5801]  dump_stack+0x1e/0x25
[  301.624132][ T5801]  f2fs_handle_critical_error+0xa6f/0xc20
[  301.624338][ T5801]  f2fs_stop_checkpoint+0x65/0x80
[  301.624505][ T5801]  f2fs_write_end_io+0x101c/0x1bc0
[  301.624712][ T5801]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  301.624875][ T5801]  bio_endio+0xf96/0x10f0
[  301.625010][ T5801]  submit_bio_noacct+0x2009/0x2930
[  301.625197][ T5801]  submit_bio+0x57c/0x630
[  301.625338][ T5801]  f2fs_submit_write_bio+0x92/0x250
[  301.625487][ T5801]  __submit_merged_bio+0x16f/0x6a0
[  301.625638][ T5801]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  301.625825][ T5801]  __submit_merged_write_cond+0x44a/0x990
[  301.625997][ T5801]  f2fs_write_data_pages+0x4cf3/0x57a0
[  301.626325][ T5801]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  301.626490][ T5801]  ? kmsan_get_metadata+0xfb/0x160
[  301.626656][ T5801]  ? folio_batch_move_lru+0x6a6/0x6e0
[  301.626828][ T5801]  ? __msan_warning+0x1b/0x30
[  301.626975][ T5801]  ? filter_irq_stacks+0x13f/0x190
[  301.627140][ T5801]  ? stack_depot_save_flags+0x35/0x790
[  301.627306][ T5801]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  301.627472][ T5801]  ? kmsan_get_metadata+0xfb/0x160
[  301.627637][ T5801]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  301.627808][ T5801]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  301.627976][ T5801]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  301.628141][ T5801]  do_writepages+0x3f2/0x860
[  301.628275][ T5801]  ? _raw_spin_unlock+0x30/0x50
[  301.628410][ T5801]  ? wbc_attach_and_unlock_inode+0x131/0x680
[  301.628624][ T5801]  filemap_fdatawrite+0x207/0x260
[  301.628842][ T5801]  f2fs_sync_dirty_inodes+0x2ab/0x9e0
[  301.629055][ T5801]  f2fs_write_checkpoint+0x10a4/0x3730
[  301.629265][ T5801]  ? stack_depot_save_flags+0x35/0x790
[  301.629435][ T5801]  kill_f2fs_super+0x321/0x9a0
[  301.629580][ T5801]  ? __pfx_kill_f2fs_super+0x10/0x10
[  301.629695][ T5801]  deactivate_locked_super+0xcb/0x3c0
[  301.629842][ T5801]  deactivate_super+0x12f/0x140
[  301.629965][ T5801]  cleanup_mnt+0x7a2/0x820
[  301.630090][ T5801]  ? __pfx___cleanup_mnt+0x10/0x10
[  301.630210][ T5801]  __cleanup_mnt+0x22/0x30
[  301.630330][ T5801]  task_work_run+0x209/0x2b0
[  301.630492][ T5801]  exit_to_user_mode_loop+0x301/0x1b70
[  301.630664][ T5801]  ? user_path_at+0x241/0x3e0
[  301.630812][ T5801]  ? __x64_sys_umount+0x1dc/0x250
[  301.630979][ T5801]  do_syscall_64+0x1e1/0xf80
[  301.631133][ T5801]  ? clear_bhb_loop+0x40/0x90
[  301.631269][ T5801]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.631409][ T5801] RIP: 0033:0x7fa745190a77
[  301.631510][ T5801] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  301.631615][ T5801] RSP: 002b:00007fffc39936b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  301.631733][ T5801] RAX: 0000000000000000 RBX: 00007fa745213d7d RCX: 00007fa745190a77
[  301.631814][ T5801] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffc3993770
[  301.631887][ T5801] RBP: 00007fffc3993770 R08: 0000000000000000 R09: 0000000000000000
[  301.631961][ T5801] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffc3994800
[  301.632041][ T5801] R13: 00007fa745213d7d R14: 0000000000049978 R15: 00007fffc3994840
[  301.632151][ T5801]  </TASK>
[  301.632198][ T5801] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  302.598444][ T7110] loop3: detected capacity change from 0 to 32768
[  302.808001][ T7110] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  304.004843][ T7110] XFS (loop3): Ending clean mount
[  304.019119][ T7110] XFS (loop3): Quotacheck needed: Please wait.
[  304.235161][ T7110] XFS (loop3): Quotacheck: Done.
[  305.467654][ T5802] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  306.820814][   T30] audit: type=1804 audit(1767904583.006:25): pid=7147 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.339" name="file1" dev="ramfs" ino=13176 res=1 errno=0
[  307.117242][ T7149] 9p: Bad value for 'wfdno'
[  307.926366][ T7160] loop5: detected capacity change from 0 to 256
[  308.036837][ T7160] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d)
[  311.946233][ T7200] netlink: 8 bytes leftover after parsing attributes in process `syz.5.362'.
[  312.113362][ T7207] netlink: 'syz.0.360': attribute type 10 has an invalid length.
[  312.121414][ T7207] netlink: 40 bytes leftover after parsing attributes in process `syz.0.360'.
[  312.222570][ T7203] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  312.413240][ T7207] team0: Port device netdevsim1 added
[  312.458796][ T7211] netlink: 20 bytes leftover after parsing attributes in process `syz.1.359'.
[  312.790306][ T7203] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.078476][ T7203] team0: Port device netdevsim1 removed
[  313.091398][ T7203] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.324957][ T7203] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.340541][ T7220] overlayfs: failed to clone upperpath
[  313.424194][ T7221] netlink: 2028 bytes leftover after parsing attributes in process `syz.5.366'.
[  313.434611][ T7221] netlink: 24 bytes leftover after parsing attributes in process `syz.5.366'.
[  313.699667][ T1886] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  313.913597][ T1141] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  313.947057][ T1141] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  313.960188][ T1141] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  314.566758][ T7232] loop0: detected capacity change from 0 to 512
[  314.827463][ T7232] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  314.841188][ T7232] ext4 filesystem being mounted at /71/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  315.847387][ T5801] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  316.760320][ T7265] loop3: detected capacity change from 0 to 1024
[  317.068351][ T7265] hfsplus: bad catalog file entry
[  317.319674][ T7271] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  317.382004][ T7271] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  317.451384][ T7271] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  317.529790][ T7271] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  317.598996][ T3794] hfsplus: b-tree write err: -5, ino 3
[  317.673518][ T3711] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  317.707235][ T3794] hfsplus: bad catalog file entry
[  317.783642][ T3711] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  317.792293][ T3711] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  317.803847][ T3711] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  319.100583][ T7290] fuse: Bad value for 'fd'
[  320.112717][    T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  320.316371][    T9] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  320.328142][    T9] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  320.338390][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  320.345647][    T9] usb 1-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00
[  320.355124][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.523066][    T9] usb 1-1: config 0 descriptor??
[  321.087478][    T9] input: HID 054c:03d5 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:054C:03D5.0001/input/input6
[  321.341757][    T9] sony 0003:054C:03D5.0001: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.0-1/input0
[  321.468827][    T9] usb 1-1: USB disconnect, device number 6
[  322.261728][ T7330] fido_id[7330]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  323.191486][   T30] audit: type=1326 audit(1767904599.386:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7347 comm="syz.1.406" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc2c898f749 code=0x0
[  323.243670][ T7355] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  323.836090][ T7364] loop3: detected capacity change from 0 to 128
[  323.890479][ T7364] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  323.952827][ T7364] hpfs: filesystem error: improperly stopped
[  323.959303][ T7364] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  323.971747][ T7364] hpfs: You really don't want any checks? You are crazy...
[  324.061962][ T7364] hpfs: hpfs_map_sector(): read error
[  324.072104][ T7364] hpfs: code page support is disabled
[  324.117391][ T7364] hpfs: hpfs_map_4sectors(): unaligned read
[  324.145520][ T7370] overlayfs: failed to clone upperpath
[  324.148488][ T7364] hpfs: hpfs_map_4sectors(): unaligned read
[  324.157939][ T7364] hpfs: filesystem error: unable to find root dir
[  325.085076][ T7380] Invalid ELF header len 8
[  326.567256][  T795] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  326.887684][  T795] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  326.898682][  T795] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  327.004885][  T795] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  327.014458][  T795] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  327.022940][  T795] usb 2-1: SerialNumber: syz
[  327.559320][  T795] usb 2-1: 0:2 : does not exist
[  327.907066][  T795] usb 2-1: USB disconnect, device number 2
[  328.239009][ T5991] udevd[5991]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  330.157420][ T7443] team0: Port device vlan2 added
[  330.281251][ T7446] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  330.513329][   T30] audit: type=1326 audit(1767904606.706:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7439 comm="syz.1.433" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc2c898f749 code=0x0
[  331.869118][    T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  332.059791][    T9] usb 4-1: Using ep0 maxpacket: 8
[  332.101090][    T9] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  332.109987][    T9] usb 4-1: config 179 has no interface number 0
[  332.116903][    T9] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  332.128580][    T9] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  332.140509][    T9] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 255, changing to 11
[  332.152449][    T9] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 59391, setting to 1024
[  332.168411][    T9] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  332.183344][    T9] usb 4-1: config 179 interface 65 has no altsetting 0
[  332.190549][    T9] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  332.200085][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.331824][ T7468] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  332.418182][    T9] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input7
[  332.477623][ T5143] input input7: unable to receive magic message: -110
[  332.523004][ T5143] input input7: unable to receive magic message: -32
[  332.606050][ T5143] input input7: unable to receive magic message: -32
[  332.626630][ T7468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  332.640064][ T7468] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  332.740539][ T5143] input input7: unable to receive magic message: -32
[  332.896118][  T795] usb 4-1: USB disconnect, device number 3
[  332.896757][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  332.951082][ T7478] netlink: 168 bytes leftover after parsing attributes in process `syz.0.450'.
[  334.249551][ T7492] loop3: detected capacity change from 0 to 1024
[  334.316961][ T7492] EXT4-fs: Ignoring removed bh option
[  334.681541][ T7492] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  335.101685][ T7492] EXT4-fs error (device loop3): mb_free_blocks:2037: group 0, inode 15: block 273:freeing already freed block (bit 17); block bitmap corrupt.
[  335.215047][ T7492] EXT4-fs (loop3): Remounting filesystem read-only
[  335.221970][ T7492] EXT4-fs warning (device loop3): ext4_convert_unwritten_extents:4984: inode #15: block 64: len 64: ext4_ext_map_blocks returned -30
[  335.296510][ T7501] bridge1: entered promiscuous mode
[  335.301929][ T7501] bridge1: entered allmulticast mode
[  335.318725][ T7501] team0: Port device bridge1 added
[  335.385029][   T30] audit: type=1804 audit(1767904610.646:28): pid=7494 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.458" name="/newroot/90/file0" dev="tmpfs" ino=509 res=1 errno=0
[  335.716539][ T7503] bridge0: port 3(team0) entered blocking state
[  335.725612][ T7503] bridge0: port 3(team0) entered disabled state
[  335.734440][ T7503] team0: entered allmulticast mode
[  335.744877][ T7503] team_slave_0: entered allmulticast mode
[  335.752005][ T7503] team_slave_1: entered allmulticast mode
[  335.763921][ T7503] team0: entered promiscuous mode
[  335.769287][ T7503] team_slave_0: entered promiscuous mode
[  335.776442][ T7503] team_slave_1: entered promiscuous mode
[  335.785733][ T7503] bridge0: port 3(team0) entered blocking state
[  335.792667][ T7503] bridge0: port 3(team0) entered forwarding state
[  335.994228][ T5802] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  338.646625][ T7524] netlink: 'syz.3.466': attribute type 7 has an invalid length.
[  338.654585][ T7524] netlink: 8 bytes leftover after parsing attributes in process `syz.3.466'.
[  340.278257][ T7557] netlink: 2028 bytes leftover after parsing attributes in process `syz.5.477'.
[  340.288269][ T7557] netlink: 24 bytes leftover after parsing attributes in process `syz.5.477'.
[  341.404388][ T7546] loop1: detected capacity change from 0 to 4096
[  341.499724][ T7546] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  342.301468][ T7583] overlayfs: failed to clone upperpath
[  342.550693][ T7546] ntfs3(loop1): ino=19, mi_enum_attr
[  342.675476][ T7546] ntfs3(loop1): failed to convert "c46c" to iso8859-15
[  342.803564][ T7546] ntfs3(loop1): ino=20, mi_enum_attr
[  344.020211][ T7607] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  345.372712][  T795] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  345.561586][  T795] usb 1-1: Using ep0 maxpacket: 32
[  345.591637][  T795] usb 1-1: config 0 has an invalid interface number: 206 but max is 0
[  345.600727][  T795] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  345.611631][  T795] usb 1-1: config 0 has no interface number 0
[  345.618423][  T795] usb 1-1: config 0 interface 206 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024
[  345.629968][  T795] usb 1-1: config 0 interface 206 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  345.733601][  T795] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice=e9.b5
[  345.744247][  T795] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=3
[  345.752578][  T795] usb 1-1: Product: syz
[  345.757450][  T795] usb 1-1: Manufacturer: syz
[  345.762516][  T795] usb 1-1: SerialNumber: syz
[  345.830128][  T795] usb 1-1: config 0 descriptor??
[  345.839274][ T7617] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  346.736067][ T7640] netlink: 8 bytes leftover after parsing attributes in process `syz.3.502'.
[  346.831438][ T7641] overlayfs: failed to clone upperpath
[  346.995661][    T9] usb 1-1: USB disconnect, device number 7
[  347.436143][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  347.443084][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  347.946651][ T7645] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000
[  348.487877][ T7649] capability: warning: `syz.1.499' uses 32-bit capabilities (legacy support in use)
[  348.775150][ T7651] syz_tun: entered allmulticast mode
[  349.017218][ T7647] syz_tun: left allmulticast mode
[  360.069806][ T7732] loop3: detected capacity change from 0 to 64
[  360.969724][ T7738] loop1: detected capacity change from 0 to 4096
[  362.117922][ T7738] ntfs3(loop1): failed to convert "0080" to cp860
[  362.550207][ T7755] bridge0: port 2(bridge_slave_1) entered disabled state
[  362.560390][ T7755] bridge0: port 1(bridge_slave_0) entered disabled state
[  362.798483][ T7755] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  362.827426][ T7755] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  363.119771][ T7764] sd 0:0:1:0: PR command failed: 1026
[  363.127992][ T7764] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  363.139220][ T7764] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  363.568457][ T7771] fuse: Bad value for 'fd'
[  363.607643][ T5863] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  363.697733][ T7760] syz_tun: entered allmulticast mode
[  363.737915][ T7760] syz_tun: left allmulticast mode
[  363.790360][ T7762] pimreg: entered allmulticast mode
[  363.811762][ T3706] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  363.833271][ T5863] usb 2-1: Using ep0 maxpacket: 32
[  363.874680][ T4320] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  363.891937][ T5863] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  363.905232][ T5863] usb 2-1: config 0 has no interface number 0
[  363.913725][ T5863] usb 2-1: config 0 interface 12 has no altsetting 0
[  363.977680][ T4320] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  364.034294][ T4320] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  364.069509][ T5863] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  364.081278][ T5863] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.090633][ T5863] usb 2-1: Product: syz
[  364.095626][ T5863] usb 2-1: Manufacturer: syz
[  364.101194][ T5863] usb 2-1: SerialNumber: syz
[  364.236159][ T5863] usb 2-1: config 0 descriptor??
[  364.361322][ T7775] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  364.373039][ T7775] bond1: (slave vxcan3): Setting fail_over_mac to active for active-backup mode
[  364.400071][ T7775] bond1: (slave vxcan3): making interface the new active one
[  364.415844][ T7775] bond1: (slave vxcan3): Enslaving as an active interface with an up link
[  365.406589][  T795] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  365.573393][  T795] usb 1-1: Using ep0 maxpacket: 16
[  365.597257][  T795] usb 1-1: config index 0 descriptor too short (expected 30025, got 154)
[  365.607113][  T795] usb 1-1: config 247 has too many interfaces: 233, using maximum allowed: 32
[  365.616888][  T795] usb 1-1: config 247 has an invalid descriptor of length 200, skipping remainder of the config
[  365.629218][  T795] usb 1-1: config 247 has 0 interfaces, different from the descriptor's value: 233
[  365.644028][ T5863] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  365.652157][ T5863] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71
[  365.661062][ T5863] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  365.669688][ T5863] f81534 2-1:0.12: probe with driver f81534 failed with error -71
[  365.746954][ T5863] usb 2-1: USB disconnect, device number 3
[  365.778846][  T795] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  365.790828][  T795] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.800441][  T795] usb 1-1: Product: syz
[  365.806819][  T795] usb 1-1: Manufacturer: syz
[  365.812158][  T795] usb 1-1: SerialNumber: syz
[  365.859972][ T7793] syz_tun: entered allmulticast mode
[  366.207329][  T795] usb 1-1: USB disconnect, device number 8
[  366.757606][ T7812] netlink: 'syz.2.564': attribute type 1 has an invalid length.
[  366.848932][ T7812] 8021q: adding VLAN 0 to HW filter on device bond1
[  367.006412][ T7812] erspan0: entered allmulticast mode
[  367.013019][ T5816] Bluetooth: hci2: command 0x0406 tx timeout
[  367.027773][ T7812] bond1: (slave erspan0): making interface the new active one
[  367.041769][ T7812] bond1: (slave erspan0): Enslaving as an active interface with an up link
[  368.987276][ T7832] netlink: 'syz.1.571': attribute type 10 has an invalid length.
[  369.006890][ T7832] 8021q: adding VLAN 0 to HW filter on device team0
[  369.026660][ T7832] bond0: (slave team0): Enslaving as an active interface with an up link
[  369.554002][ T7842] netlink: 8 bytes leftover after parsing attributes in process `syz.5.576'.
[  369.563209][ T7842] netlink: 8 bytes leftover after parsing attributes in process `syz.5.576'.
[  369.592141][ T7845] loop1: detected capacity change from 0 to 128
[  369.800455][ T7845] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  369.853265][ T7845] ext4 filesystem being mounted at /86/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  370.019438][ T7845] syz.1.575 (pid 7845) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  370.079730][ T7852] EXT4-fs (loop1): shut down requested (2)
[  370.138243][ T7845] fscrypt (loop1, inode 12): Error -5 getting encryption context
[  370.539899][ T5804] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  371.597484][ T7880] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.714346][ T7880] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.840099][ T7880] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.936617][ T7880] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  372.027086][ T7888] netlink: 4 bytes leftover after parsing attributes in process `syz.2.589'.
[  372.121075][ T7888] netlink: 12 bytes leftover after parsing attributes in process `syz.2.589'.
[  372.180421][ T1141] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  372.328225][ T1141] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  372.340095][ T1141] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  372.373468][ T1141] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  373.621306][ T7912] netlink: 28 bytes leftover after parsing attributes in process `syz.1.598'.
[  374.360048][ T7924] overlayfs: failed to clone upperpath
[  374.377883][ T7923] netlink: 12 bytes leftover after parsing attributes in process `syz.1.602'.
[  374.391354][ T7929] netlink: 2028 bytes leftover after parsing attributes in process `syz.0.605'.
[  374.402571][ T7929] netlink: 20 bytes leftover after parsing attributes in process `syz.0.605'.
[  374.889321][ T7934] overlayfs: failed to clone upperpath
[  375.524242][ T7949] netlink: 2028 bytes leftover after parsing attributes in process `syz.0.613'.
[  375.534469][ T7949] netlink: 24 bytes leftover after parsing attributes in process `syz.0.613'.
[  375.593375][ T7948] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  376.249547][   T30] audit: type=1326 audit(1767904652.446:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7966 comm="syz.3.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c8a98f749 code=0x7ffc0000
[  376.273224][   T30] audit: type=1326 audit(1767904652.446:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7966 comm="syz.3.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c8a98f749 code=0x7ffc0000
[  376.341620][   T30] audit: type=1326 audit(1767904652.526:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7966 comm="syz.3.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f5c8a98f749 code=0x7ffc0000
[  376.365423][   T30] audit: type=1326 audit(1767904652.526:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7966 comm="syz.3.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c8a98f749 code=0x7ffc0000
[  376.390146][   T30] audit: type=1326 audit(1767904652.526:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7966 comm="syz.3.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c8a98f749 code=0x7ffc0000
[  376.416761][   T30] audit: type=1326 audit(1767904652.536:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7966 comm="syz.3.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f5c8a98f749 code=0x7ffc0000
[  376.443405][   T30] audit: type=1326 audit(1767904652.536:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7966 comm="syz.3.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c8a98f749 code=0x7ffc0000
[  376.468951][   T30] audit: type=1326 audit(1767904652.536:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7966 comm="syz.3.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5c8a98f749 code=0x7ffc0000
[  376.497253][   T30] audit: type=1326 audit(1767904652.536:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7966 comm="syz.3.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c8a98f749 code=0x7ffc0000
[  376.522994][   T30] audit: type=1326 audit(1767904652.536:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7966 comm="syz.3.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f5c8a98f749 code=0x7ffc0000
[  376.735304][ T7971] netlink: 8 bytes leftover after parsing attributes in process `syz.2.619'.
[  376.793445][ T7971] netlink: 8 bytes leftover after parsing attributes in process `syz.2.619'.
[  377.168534][ T7983] overlayfs: failed to clone upperpath
[  378.280387][ T8002] netlink: 4 bytes leftover after parsing attributes in process `syz.0.632'.
[  380.051148][ T8025] futex_wake_op: syz.3.641 tries to shift op by 32; fix this program
[  381.166737][ T5816] Bluetooth: hci2: Unable to find connection for big 0x00
[  384.572252][ T8099] fuse: Bad value for 'fd'
[  386.194793][ T8127] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.681'.
[  386.340049][ T5863] libceph: connect (1)[c::]:6789 error -101
[  386.346669][ T5863] libceph: mon0 (1)[c::]:6789 connect error
[  386.414266][   T11] libceph: connect (1)[c::]:6789 error -101
[  386.420692][   T11] libceph: mon0 (1)[c::]:6789 connect error
[  386.554091][   T11] libceph: connect (1)[c::]:6789 error -101
[  386.560851][   T11] libceph: mon0 (1)[c::]:6789 connect error
[  386.694074][   T11] libceph: connect (1)[c::]:6789 error -101
[  386.700405][   T11] libceph: mon0 (1)[c::]:6789 connect error
[  386.803932][   T11] libceph: connect (1)[c::]:6789 error -101
[  386.810672][   T11] libceph: mon0 (1)[c::]:6789 connect error
[  386.914491][   T11] libceph: connect (1)[c::]:6789 error -101
[  386.921471][   T11] libceph: mon0 (1)[c::]:6789 connect error
[  387.031442][ T8128] ceph: No mds server is up or the cluster is laggy
[  387.063292][ T8131] ceph: No mds server is up or the cluster is laggy
[  387.074788][ T8135] ceph: No mds server is up or the cluster is laggy
[  387.387051][ T8146] netlink: 4 bytes leftover after parsing attributes in process `syz.2.685'.
[  387.471581][ T8148] loop1: detected capacity change from 0 to 16
[  387.534795][ T8148] erofs (device loop1): mounted with root inode @ nid 36.
[  388.573609][ T8174] netlink: 'syz.0.694': attribute type 12 has an invalid length.
[  388.617661][ T8174] netlink: 'syz.0.694': attribute type 4 has an invalid length.
[  388.766378][ T8177] netlink: 8 bytes leftover after parsing attributes in process `syz.5.697'.
[  389.593805][ T8191] loop0: detected capacity change from 0 to 512
[  389.629591][ T8191] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  389.680872][ T8191] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  389.715364][ T8191] EXT4-fs (loop0): 1 truncate cleaned up
[  389.723893][ T8191] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  389.754708][ T8196] netlink: 4 bytes leftover after parsing attributes in process `syz.5.706'.
[  389.903698][ T8195] overlayfs: failed to clone upperpath
[  389.918784][ T5801] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  390.146432][ T8205] netlink: 'syz.2.709': attribute type 10 has an invalid length.
[  390.169258][ T8205] team0: Failed to send options change via netlink (err -105)
[  390.177473][ T8205] team0: Port device dummy0 added
[  390.187704][ T8205] netlink: 'syz.2.709': attribute type 10 has an invalid length.
[  390.200129][ T8205] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  390.221362][ T8205] team0: Failed to send options change via netlink (err -105)
[  390.230039][ T8205] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  390.240481][ T8205] team0: Port device dummy0 removed
[  390.258307][ T8205] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  390.670349][ T8216] netlink: 1272 bytes leftover after parsing attributes in process `syz.5.712'.
[  391.318118][ T8232] loop0: detected capacity change from 0 to 128
[  391.552115][ T5816] Bluetooth: hci1: unexpected event for opcode 0x0c12
[  393.110306][ T8258] pimreg11: entered allmulticast mode
[  393.560696][ T8264] loop1: detected capacity change from 0 to 1024
[  393.943479][ T4785] hfsplus: b-tree write err: -5, ino 4
[  395.282579][  T795] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  395.442613][  T795] usb 1-1: Using ep0 maxpacket: 32
[  395.472821][  T795] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  395.481239][  T795] usb 1-1: config 0 has no interface number 0
[  395.524701][  T795] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  395.534130][  T795] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.545127][  T795] usb 1-1: Product: syz
[  395.549505][  T795] usb 1-1: Manufacturer: syz
[  395.555329][  T795] usb 1-1: SerialNumber: syz
[  395.582983][ T5816] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  395.591871][ T5816] Bluetooth: hci1: Injecting HCI hardware error event
[  395.594198][  T795] usb 1-1: config 0 descriptor??
[  395.599459][ T5816] Bluetooth: hci1: hardware error 0x00
[  395.614230][  T795] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  395.843448][  T795] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  395.873708][  T795] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  396.099447][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 6
[  396.181037][ T5863] IPVS: starting estimator thread 0...
[  396.282981][ T8311] IPVS: using max 240 ests per chain, 12000 per kthread
[  396.319742][    C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  396.325134][   T11] usb 1-1: USB disconnect, device number 9
[  396.343704][ T5863] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  396.354576][ T8313] l2tp_ppp: sess 2/0: no socket in recv
[  396.370244][   T11] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  396.394692][   T11] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  396.409673][   T11] quatech2 1-1:0.51: device disconnected
[  396.550595][ T5863] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  396.562400][ T5863] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  396.574297][ T5863] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  396.584879][ T5863] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.639014][ T5863] usb 2-1: config 0 descriptor??
[  396.753159][ T8318] VFS: Mount too revealing
[  397.670587][ T5863] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0
[  397.685451][ T5863] cp2112 0003:10C4:EA90.0002: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0
[  397.732778][ T5816] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  397.759140][ T5863] cp2112 0003:10C4:EA90.0002: Part Number: 0x82 Device Version: 0xFE
[  399.331493][ T8335] loop0: detected capacity change from 0 to 512
[  399.394918][ T8335] EXT4-fs: Ignoring removed oldalloc option
[  399.474382][ T8335] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  399.919388][ T5863] cp2112 0003:10C4:EA90.0002: error reading lock byte: -71
[  399.931910][ T5863] usb 2-1: USB disconnect, device number 4
[  400.331243][ T8343] netlink: 'syz.5.761': attribute type 3 has an invalid length.
[  400.343443][ T5801] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  401.868022][ T8358] overlayfs: failed to clone upperpath
[  402.893562][ T8362] loop0: detected capacity change from 0 to 40427
[  402.906164][ T8362] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x1f52010)
[  402.918340][ T8362] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  402.928006][ T8362] F2FS-fs (loop0): Image doesn't support compression
[  402.935078][ T8362] F2FS-fs (loop0): build fault injection type: 0x4
[  402.960519][ T8362] F2FS-fs (loop0): invalid crc value
[  403.193063][ T8375] netlink: 12 bytes leftover after parsing attributes in process `syz.2.775'.
[  403.217777][ T8362] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  403.232857][ T8362] F2FS-fs (loop0): Start checkpoint disabled!
[  403.247720][ T8362] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  403.250485][ T8375] netlink: 12 bytes leftover after parsing attributes in process `syz.2.775'.
[  403.278029][ T8362] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[  403.285531][ T8362] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  403.437879][ T3794] kworker/u8:20: attempt to access beyond end of device
[  403.437879][ T3794] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  403.452853][ T3794] CPU: 1 UID: 0 PID: 3794 Comm: kworker/u8:20 Tainted: G             L      syzkaller #0 PREEMPT(none) 
[  403.453011][ T3794] Tainted: [L]=SOFTLOCKUP
[  403.453055][ T3794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  403.453144][ T3794] Workqueue: writeback wb_workfn (flush-7:0)
[  403.453303][ T3794] Call Trace:
[  403.453348][ T3794]  <TASK>
[  403.453394][ T3794]  __dump_stack+0x26/0x30
[  403.453540][ T3794]  dump_stack_lvl+0x14c/0x1c0
[  403.453691][ T3794]  dump_stack+0x1e/0x25
[  403.453829][ T3794]  f2fs_handle_critical_error+0xa6f/0xc20
[  403.454028][ T3794]  f2fs_stop_checkpoint+0x65/0x80
[  403.454204][ T3794]  f2fs_write_end_io+0x101c/0x1bc0
[  403.454414][ T3794]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  403.454579][ T3794]  bio_endio+0xf96/0x10f0
[  403.454714][ T3794]  submit_bio_noacct+0x2009/0x2930
[  403.454904][ T3794]  submit_bio+0x57c/0x630
[  403.455042][ T3794]  f2fs_submit_write_bio+0x92/0x250
[  403.455200][ T3794]  __submit_merged_bio+0x16f/0x6a0
[  403.455351][ T3794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  403.455538][ T3794]  __submit_merged_write_cond+0x44a/0x990
[  403.455711][ T3794]  f2fs_write_data_pages+0x4cf3/0x57a0
[  403.456029][ T3794]  ? f2fs_balance_fs_bg+0x11ee/0x1250
[  403.456166][ T3794]  ? stack_depot_save_flags+0x35/0x790
[  403.456296][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.456473][ T3794]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  403.456623][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.456776][ T3794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  403.456964][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.457138][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.457298][ T3794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  403.457473][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.457641][ T3794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  403.457807][ T3794]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  403.457968][ T3794]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  403.458129][ T3794]  do_writepages+0x3f2/0x860
[  403.458245][ T3794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  403.458421][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.458587][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.458776][ T3794]  __writeback_single_inode+0x101/0x1190
[  403.458942][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.459115][ T3794]  writeback_sb_inodes+0xb2d/0x1f10
[  403.459351][ T3794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  403.459535][ T3794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  403.459707][ T3794]  wb_writeback+0x4ce/0xc00
[  403.459865][ T3794]  ? queue_io+0x471/0x790
[  403.460005][ T3794]  wb_workfn+0x397/0x1910
[  403.460122][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.460303][ T3794]  ? __pfx_wb_workfn+0x10/0x10
[  403.460415][ T3794]  process_scheduled_works+0xb91/0x1d80
[  403.460639][ T3794]  worker_thread+0xedf/0x1590
[  403.460786][ T3794]  kthread+0xd5c/0xf00
[  403.460911][ T3794]  ? __pfx_worker_thread+0x10/0x10
[  403.461045][ T3794]  ? __pfx_kthread+0x10/0x10
[  403.461167][ T3794]  ret_from_fork+0x208/0x710
[  403.461322][ T3794]  ? __switch_to+0x53d/0x790
[  403.461459][ T3794]  ? __pfx_kthread+0x10/0x10
[  403.461584][ T3794]  ret_from_fork_asm+0x1a/0x30
[  403.461764][ T3794]  </TASK>
[  403.461824][ T3794] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  403.806124][ T3794] CPU: 1 UID: 0 PID: 3794 Comm: kworker/u8:20 Tainted: G             L      syzkaller #0 PREEMPT(none) 
[  403.806274][ T3794] Tainted: [L]=SOFTLOCKUP
[  403.806317][ T3794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  403.806409][ T3794] Workqueue: writeback wb_workfn (flush-7:0)
[  403.806568][ T3794] Call Trace:
[  403.806608][ T3794]  <TASK>
[  403.806653][ T3794]  __dump_stack+0x26/0x30
[  403.806798][ T3794]  dump_stack_lvl+0x14c/0x1c0
[  403.806936][ T3794]  dump_stack+0x1e/0x25
[  403.807065][ T3794]  f2fs_handle_critical_error+0xa6f/0xc20
[  403.807259][ T3794]  f2fs_stop_checkpoint+0x65/0x80
[  403.807428][ T3794]  f2fs_write_end_io+0x101c/0x1bc0
[  403.807646][ T3794]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  403.807814][ T3794]  bio_endio+0xf96/0x10f0
[  403.807944][ T3794]  submit_bio_noacct+0x2009/0x2930
[  403.808130][ T3794]  submit_bio+0x57c/0x630
[  403.808270][ T3794]  f2fs_submit_write_bio+0x92/0x250
[  403.808434][ T3794]  __submit_merged_bio+0x16f/0x6a0
[  403.808592][ T3794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  403.808780][ T3794]  __submit_merged_write_cond+0x44a/0x990
[  403.808957][ T3794]  f2fs_write_data_pages+0x4cf3/0x57a0
[  403.809268][ T3794]  ? f2fs_balance_fs_bg+0x11ee/0x1250
[  403.809418][ T3794]  ? stack_depot_save_flags+0x35/0x790
[  403.809568][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.809739][ T3794]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  403.809904][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.810072][ T3794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  403.810255][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.810436][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.810609][ T3794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  403.810785][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.810952][ T3794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  403.811117][ T3794]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  403.811283][ T3794]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  403.811449][ T3794]  do_writepages+0x3f2/0x860
[  403.811578][ T3794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  403.811757][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.811921][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.812111][ T3794]  __writeback_single_inode+0x101/0x1190
[  403.812273][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.812445][ T3794]  writeback_sb_inodes+0xb2d/0x1f10
[  403.812682][ T3794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  403.812954][ T3794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  403.813151][ T3794]  wb_writeback+0x4ce/0xc00
[  403.813337][ T3794]  ? queue_io+0x471/0x790
[  403.813491][ T3794]  wb_workfn+0x397/0x1910
[  403.813627][ T3794]  ? kmsan_get_metadata+0xfb/0x160
[  403.813821][ T3794]  ? __pfx_wb_workfn+0x10/0x10
[  403.813940][ T3794]  process_scheduled_works+0xb91/0x1d80
[  403.814182][ T3794]  worker_thread+0xedf/0x1590
[  403.814343][ T3794]  kthread+0xd5c/0xf00
[  403.814475][ T3794]  ? __pfx_worker_thread+0x10/0x10
[  403.814650][ T3794]  ? __pfx_kthread+0x10/0x10
[  403.814784][ T3794]  ret_from_fork+0x208/0x710
[  403.814955][ T3794]  ? __switch_to+0x53d/0x790
[  403.815103][ T3794]  ? __pfx_kthread+0x10/0x10
[  403.815240][ T3794]  ret_from_fork_asm+0x1a/0x30
[  403.815436][ T3794]  </TASK>
[  404.126730][ T3794] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  404.811406][ T8392] loop1: detected capacity change from 0 to 512
[  404.844896][ T8392] EXT4-fs: Ignoring removed nobh option
[  404.886976][ T8392] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  404.919592][ T8392] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842e02c, mo2=0002]
[  404.967397][ T8392] EXT4-fs (loop1): orphan cleanup on readonly fs
[  405.001007][ T8392] EXT4-fs error (device loop1): ext4_clear_blocks:876: inode #11: comm syz.1.782: attempt to clear invalid blocks 1024 len 1
[  405.016962][ T8392] EXT4-fs (loop1): Remounting filesystem read-only
[  405.046126][ T8392] EXT4-fs (loop1): 1 truncate cleaned up
[  405.056158][ T8392] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  405.133664][ T8392] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  405.140818][ T8392] overlayfs: failed to set xattr on upper
[  405.147207][ T8392] overlayfs: ...falling back to redirect_dir=nofollow.
[  405.154588][ T8392] overlayfs: ...falling back to index=off.
[  405.160541][ T8392] overlayfs: ...falling back to uuid=null.
[  405.627984][ T5804] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  405.847111][ T8401] overlayfs: failed to clone upperpath
[  406.490380][ T5816] Bluetooth: hci0: SCO packet for unknown connection handle 200
[  406.491087][ T5816] Bluetooth: hci0: unexpected event for opcode 0x0804
[  407.614958][ T8423] loop0: detected capacity change from 0 to 4096
[  407.644116][ T8423] ntfs3: Unknown parameter 'hJ�ׄF��Gl�O/;��[~�O����ؼ���
���ȹ��ҿ[y��?�H�'
[  407.666915][ T8430] netlink: 8 bytes leftover after parsing attributes in process `syz.1.800'.
[  407.676351][ T8430] netlink: 8 bytes leftover after parsing attributes in process `syz.1.800'.
[  407.745271][ T8431] Illegal XDP return value 4294967274 on prog  (id 119) dev syz_tun, expect packet loss!
[  407.945956][ T8423] kvm: pic: single mode not supported
[  407.946032][ T8423] kvm: pic: level sensitive irq not supported
[  408.551373][ T8447] 9pnet: p9_errstr2errno: server reported unknown error 0x000000
[  408.577310][ T8449] overlayfs: failed to clone upperpath
[  408.839279][ T8454] netlink: 4 bytes leftover after parsing attributes in process `syz.2.809'.
[  408.873237][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  408.879847][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  408.900579][ T8457] netlink: 12 bytes leftover after parsing attributes in process `syz.2.809'.
[  410.065860][ T8477] netlink: 8 bytes leftover after parsing attributes in process `syz.1.816'.
[  410.375562][ T8476] netlink: 8 bytes leftover after parsing attributes in process `syz.1.816'.
[  410.534202][ T5816] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  410.543080][ T5816] Bluetooth: hci0: Injecting HCI hardware error event
[  410.550659][ T5816] Bluetooth: hci0: hardware error 0x00
[  411.591627][ T8495] bond1: (slave vxcan1): The slave device specified does not support setting the MAC address
[  411.602152][ T8495] bond1: (slave vxcan1): Setting fail_over_mac to active for active-backup mode
[  411.625528][ T8495] bond1: (slave vxcan1): making interface the new active one
[  411.636916][ T8495] bond1: (slave vxcan1): Enslaving as an active interface with an up link
[  411.953462][ T8490] random: crng reseeded on system resumption
[  412.613705][ T5816] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  413.231085][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  413.231158][   T30] audit: type=1326 audit(1767904689.416:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8522 comm="syz.2.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1353b8f749 code=0x7fc00000
[  413.427979][ T8532] netlink: 4 bytes leftover after parsing attributes in process `syz.5.832'.
[  413.742130][   T30] audit: type=1326 audit(1767904689.936:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8522 comm="syz.2.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1353b8f749 code=0x7fc00000
[  414.428894][ T8542] sctp: [Deprecated]: syz.2.837 (pid 8542) Use of struct sctp_assoc_value in delayed_ack socket option.
[  414.428894][ T8542] Use struct sctp_sack_info instead
[  414.634868][ T8543] loop0: detected capacity change from 0 to 2048
[  414.826759][ T8543] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  415.156229][ T8554] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  415.276948][ T8554] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 28
[  415.290645][ T8554] EXT4-fs (loop0): This should not happen!! Data will be lost
[  415.290645][ T8554] 
[  415.300971][ T8554] EXT4-fs (loop0): Total free blocks count 0
[  415.310906][ T8554] EXT4-fs (loop0): Free/Dirty block details
[  415.318086][ T8554] EXT4-fs (loop0): free_blocks=2415919104
[  415.324116][ T8554] EXT4-fs (loop0): dirty_blocks=128
[  415.329488][ T8554] EXT4-fs (loop0): Block reservation details
[  415.335944][ T8554] EXT4-fs (loop0): i_reserved_data_blocks=8
[  415.978653][   T54] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[  418.655034][ T8590] loop1: detected capacity change from 0 to 40427
[  418.704383][ T8590] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  418.712719][ T8590] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  418.754111][ T8590] F2FS-fs (loop1): invalid crc value
[  419.040354][ T8590] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  419.066252][ T8590] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  419.073667][ T8590] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  422.584500][  T795] libceph: connect (1)[c::]:6789 error -101
[  422.590998][  T795] libceph: mon0 (1)[c::]:6789 connect error
[  422.606462][ T8660] overlayfs: failed to clone lowerpath
[  422.616439][ T8656] ceph: No mds server is up or the cluster is laggy
[  422.645940][ T8660] overlayfs: failed to clone upperpath
[  422.957411][ T8669] overlayfs: failed to clone upperpath
[  424.214014][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  424.215884][    T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!!
[  424.367643][ T8675] Invalid ELF header magic: != ELF
[  427.141462][ T8733] overlayfs: failed to clone lowerpath
[  428.436239][ T8752] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  429.323858][ T8770] loop1: detected capacity change from 0 to 1024
[  429.373637][ T8770] EXT4-fs: Ignoring removed oldalloc option
[  429.379873][ T8770] EXT4-fs: Ignoring removed bh option
[  429.474302][ T8770] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  429.518163][   T30] audit: type=1326 audit(1767904705.706:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8776 comm="syz.5.926" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9b24d8f749 code=0x0
[  429.573661][   T30] audit: type=1804 audit(1767904705.776:47): pid=8770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.922" name="/newroot/150/file1/bus" dev="loop1" ino=18 res=1 errno=0
[  429.723106][ T8783] EXT4-fs (loop1): shut down requested (1)
[  429.937882][ T5804] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  430.165502][  T795] libceph: connect (1)[c::]:6789 error -101
[  430.172055][  T795] libceph: mon0 (1)[c::]:6789 connect error
[  430.220224][ T8787] ceph: No mds server is up or the cluster is laggy
[  431.330061][ T8804] netlink: 48 bytes leftover after parsing attributes in process `syz.3.932'.
[  431.496223][ T8796] loop1: detected capacity change from 0 to 40427
[  431.535614][ T8796] F2FS-fs (loop1): invalid crc value
[  431.802744][ T8796] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  431.816924][ T8796] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  431.890870][   T30] audit: type=1804 audit(1767904708.086:48): pid=8796 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.930" name="/newroot/152/file0/cgroup.controllers" dev="loop1" ino=10 res=1 errno=0
[  431.985036][ T5804] syz-executor: attempt to access beyond end of device
[  431.985036][ T5804] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  432.002783][ T5804] CPU: 1 UID: 0 PID: 5804 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(none) 
[  432.002946][ T5804] Tainted: [L]=SOFTLOCKUP
[  432.002993][ T5804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  432.003055][ T5804] Call Trace:
[  432.003098][ T5804]  <TASK>
[  432.003142][ T5804]  __dump_stack+0x26/0x30
[  432.003290][ T5804]  dump_stack_lvl+0x14c/0x1c0
[  432.003436][ T5804]  dump_stack+0x1e/0x25
[  432.003558][ T5804]  f2fs_handle_critical_error+0xa6f/0xc20
[  432.003746][ T5804]  f2fs_stop_checkpoint+0x65/0x80
[  432.003913][ T5804]  f2fs_write_end_io+0x101c/0x1bc0
[  432.004113][ T5804]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  432.004273][ T5804]  bio_endio+0xf96/0x10f0
[  432.004395][ T5804]  submit_bio_noacct+0x2009/0x2930
[  432.004574][ T5804]  submit_bio+0x57c/0x630
[  432.004707][ T5804]  f2fs_submit_write_bio+0x92/0x250
[  432.004853][ T5804]  __submit_merged_bio+0x16f/0x6a0
[  432.005005][ T5804]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  432.005181][ T5804]  __submit_merged_write_cond+0x44a/0x990
[  432.005348][ T5804]  f2fs_write_data_pages+0x4cf3/0x57a0
[  432.005624][ T5804]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  432.005776][ T5804]  ? kmsan_get_metadata+0xfb/0x160
[  432.005937][ T5804]  ? folio_batch_move_lru+0x6a6/0x6e0
[  432.006098][ T5804]  ? __msan_warning+0x1b/0x30
[  432.006238][ T5804]  ? filter_irq_stacks+0x13f/0x190
[  432.006389][ T5804]  ? stack_depot_save_flags+0x35/0x790
[  432.006542][ T5804]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  432.006700][ T5804]  ? kmsan_get_metadata+0xfb/0x160
[  432.006856][ T5804]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  432.007022][ T5804]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  432.007181][ T5804]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  432.007338][ T5804]  do_writepages+0x3f2/0x860
[  432.007456][ T5804]  ? _raw_spin_unlock+0x30/0x50
[  432.007586][ T5804]  ? wbc_attach_and_unlock_inode+0x131/0x680
[  432.007788][ T5804]  filemap_fdatawrite+0x207/0x260
[  432.007996][ T5804]  f2fs_sync_dirty_inodes+0x2ab/0x9e0
[  432.008197][ T5804]  f2fs_write_checkpoint+0x10a4/0x3730
[  432.008394][ T5804]  ? stack_depot_save_flags+0x35/0x790
[  432.008563][ T5804]  kill_f2fs_super+0x321/0x9a0
[  432.008709][ T5804]  ? __pfx_kill_f2fs_super+0x10/0x10
[  432.008831][ T5804]  deactivate_locked_super+0xcb/0x3c0
[  432.008982][ T5804]  deactivate_super+0x12f/0x140
[  432.009111][ T5804]  cleanup_mnt+0x7a2/0x820
[  432.009237][ T5804]  ? __pfx___cleanup_mnt+0x10/0x10
[  432.009349][ T5804]  __cleanup_mnt+0x22/0x30
[  432.009459][ T5804]  task_work_run+0x209/0x2b0
[  432.009606][ T5804]  exit_to_user_mode_loop+0x301/0x1b70
[  432.009776][ T5804]  ? user_path_at+0x241/0x3e0
[  432.009956][ T5804]  ? __x64_sys_umount+0x1dc/0x250
[  432.010116][ T5804]  do_syscall_64+0x1e1/0xf80
[  432.010267][ T5804]  ? clear_bhb_loop+0x40/0x90
[  432.010393][ T5804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.010524][ T5804] RIP: 0033:0x7fc2c8990a77
[  432.010613][ T5804] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  432.010719][ T5804] RSP: 002b:00007ffe9cc865f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  432.010826][ T5804] RAX: 0000000000000000 RBX: 00007fc2c8a13d7d RCX: 00007fc2c8990a77
[  432.010917][ T5804] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe9cc866b0
[  432.010989][ T5804] RBP: 00007ffe9cc866b0 R08: 0000000000000000 R09: 0000000000000000
[  432.011061][ T5804] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe9cc87740
[  432.011143][ T5804] R13: 00007fc2c8a13d7d R14: 00000000000696f6 R15: 00007ffe9cc87780
[  432.011249][ T5804]  </TASK>
[  432.011296][ T5804] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  435.501718][ T8852] loop1: detected capacity change from 0 to 32768
[  435.764328][ T8852] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  436.056016][ T8852] XFS (loop1): Ending clean mount
[  436.068090][ T8852] XFS (loop1): Quotacheck needed: Please wait.
[  436.104652][ T8852] XFS (loop1): Quotacheck: Done.
[  436.203710][ T5804] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  436.221349][ T8870] overlayfs: failed to clone upperpath
[  436.668466][ T8876] netlink: 12 bytes leftover after parsing attributes in process `syz.2.961'.
[  439.121551][ T1886] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  439.255393][ T1886] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  439.399848][ T1886] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  439.442257][  T795] kernel write not supported for file bpf-prog (pid: 795 comm: kworker/1:2)
[  439.473819][ T5807] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  439.482931][ T5807] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  439.503439][ T1886] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  439.518597][ T5807] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  439.531751][ T5807] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  439.558400][ T5807] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  439.913294][ T1886] bridge_slave_1: left allmulticast mode
[  439.919165][ T1886] bridge_slave_1: left promiscuous mode
[  439.926010][ T1886] bridge0: port 2(bridge_slave_1) entered disabled state
[  439.946744][ T1886] bridge_slave_0: left allmulticast mode
[  439.964600][ T1886] bridge_slave_0: left promiscuous mode
[  439.972466][ T1886] bridge0: port 1(bridge_slave_0) entered disabled state
[  440.254153][ T8926] loop8: detected capacity change from 0 to 7
[  440.329339][ T8926] Dev loop8: unable to read RDB block 7
[  440.335413][ T8926]  loop8: unable to read partition table
[  440.353202][ T8926] loop8: partition table beyond EOD, truncated
[  440.359604][ T8926] loop_reread_partitions: partition scan of loop8 (�被x�^>��� ) failed (rc=-5)
[  440.440865][ T1886] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  440.464371][ T1886] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  440.487553][ T1886] bond0 (unregistering): Released all slaves
[  441.103772][ T8936] netlink: 'syz.2.979': attribute type 4 has an invalid length.
[  441.263929][ T1886] hsr_slave_0: left promiscuous mode
[  441.273992][ T1886] hsr_slave_1: left promiscuous mode
[  441.281657][ T1886] batman_adv: batadv0: Removing interface: batadv_slave_0
[  441.335030][ T1886] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  441.342714][ T1886] batman_adv: batadv0: Removing interface: batadv_slave_1
[  441.403678][ T1886] veth1_macvtap: left promiscuous mode
[  441.409492][ T1886] veth0_macvtap: left promiscuous mode
[  441.424196][ T1886] veth1_vlan: left promiscuous mode
[  441.429856][ T1886] veth0_vlan: left promiscuous mode
[  441.653426][ T5816] Bluetooth: hci1: command tx timeout
[  441.898451][ T1886] pimreg11 (unregistering): left allmulticast mode
[  441.938132][ T1886] team0 (unregistering): Port device vlan2 removed
[  442.331605][ T1886] team0 (unregistering): Port device team_slave_1 removed
[  442.377510][ T1886] team0 (unregistering): Port device team_slave_0 removed
[  442.873311][ T8917] chnl_net:caif_netlink_parms(): no params data found
[  443.321848][ T8964] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  443.843148][ T5816] Bluetooth: hci1: command tx timeout
[  444.568888][ T8917] bridge0: port 1(bridge_slave_0) entered blocking state
[  444.576609][ T8917] bridge0: port 1(bridge_slave_0) entered disabled state
[  444.585122][ T8917] bridge_slave_0: entered allmulticast mode
[  444.600318][ T8917] bridge_slave_0: entered promiscuous mode
[  444.686134][ T8917] bridge0: port 2(bridge_slave_1) entered blocking state
[  444.709282][ T8917] bridge0: port 2(bridge_slave_1) entered disabled state
[  444.717281][ T8917] bridge_slave_1: entered allmulticast mode
[  444.726611][ T8917] bridge_slave_1: entered promiscuous mode
[  445.170943][ T8917] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  445.290453][ T8917] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  445.467602][ T8917] team0: Port device team_slave_0 added
[  445.641102][ T8917] team0: Port device team_slave_1 added
[  445.898536][ T5816] Bluetooth: hci1: command tx timeout
[  445.980014][ T8917] batman_adv: batadv0: Adding interface: batadv_slave_0
[  445.987571][ T8917] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  446.013996][ T8917] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  446.141320][ T8917] batman_adv: batadv0: Adding interface: batadv_slave_1
[  446.148776][ T8917] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  446.176129][ T8917] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  446.335599][ T8917] hsr_slave_0: entered promiscuous mode
[  446.345546][ T8917] hsr_slave_1: entered promiscuous mode
[  446.354134][ T8917] debugfs: 'hsr0' already exists in 'hsr'
[  446.360029][ T8917] Cannot create hsr debugfs directory
[  447.264460][ T5816] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  447.277957][ T5816] CPU: 0 UID: 0 PID: 5816 Comm: kworker/u9:7 Tainted: G             L      syzkaller #0 PREEMPT(none) 
[  447.278125][ T5816] Tainted: [L]=SOFTLOCKUP
[  447.278175][ T5816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  447.278276][ T5816] Workqueue: hci4 hci_rx_work
[  447.278513][ T5816] Call Trace:
[  447.278560][ T5816]  <TASK>
[  447.278606][ T5816]  __dump_stack+0x26/0x30
[  447.278758][ T5816]  dump_stack_lvl+0x14c/0x1c0
[  447.278913][ T5816]  dump_stack+0x1e/0x25
[  447.279046][ T5816]  sysfs_create_dir_ns+0x46c/0x540
[  447.279224][ T5816]  kobject_add_internal+0xf0f/0x1870
[  447.279386][ T5816]  kobject_add+0x2c1/0x410
[  447.279551][ T5816]  ? kmsan_get_metadata+0xfb/0x160
[  447.279797][ T5816]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  447.279993][ T5816]  device_add+0xa70/0x1c10
[  447.280159][ T5816]  hci_conn_add_sysfs+0x15f/0x2f0
[  447.280327][ T5816]  le_conn_complete_evt+0x1d03/0x2240
[  447.280545][ T5816]  hci_le_enh_conn_complete_evt+0x158/0x260
[  447.280762][ T5816]  hci_le_meta_evt+0x6eb/0x960
[  447.280959][ T5816]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[  447.281186][ T5816]  hci_event_packet+0xce2/0x1e40
[  447.281357][ T5816]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  447.281589][ T5816]  hci_rx_work+0x8c3/0xfc0
[  447.281765][ T5816]  ? kmsan_get_metadata+0xfb/0x160
[  447.281951][ T5816]  ? __pfx_hci_rx_work+0x10/0x10
[  447.282119][ T5816]  process_scheduled_works+0xb91/0x1d80
[  447.282354][ T5816]  worker_thread+0xedf/0x1590
[  447.282513][ T5816]  kthread+0xd5c/0xf00
[  447.282643][ T5816]  ? __pfx_worker_thread+0x10/0x10
[  447.282783][ T5816]  ? __pfx_kthread+0x10/0x10
[  447.282920][ T5816]  ret_from_fork+0x208/0x710
[  447.283085][ T5816]  ? __switch_to+0x53d/0x790
[  447.283228][ T5816]  ? __pfx_kthread+0x10/0x10
[  447.283365][ T5816]  ret_from_fork_asm+0x1a/0x30
[  447.283568][ T5816]  </TASK>
[  447.467579][ T5816] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  447.484943][ T5816] Bluetooth: hci4: failed to register connection device
[  447.499507][ T8917] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  447.567871][ T8917] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  447.746757][ T8917] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  447.779818][ T8917] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  447.973138][ T5816] Bluetooth: hci1: command tx timeout
[  448.120899][ T9017] netlink: 'syz.3.1013': attribute type 13 has an invalid length.
[  448.330912][ T9017] gretap0: refused to change device tx_queue_len
[  448.341642][ T9017] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  449.035314][ T9019] loop1: detected capacity change from 0 to 40427
[  449.116774][ T9019] F2FS-fs (loop1): invalid crc value
[  449.168578][ T8917] 8021q: adding VLAN 0 to HW filter on device bond0
[  449.359261][ T8917] 8021q: adding VLAN 0 to HW filter on device team0
[  449.381851][ T9019] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  449.392606][ T9019] F2FS-fs (loop1): Start checkpoint disabled!
[  449.409981][ T9019] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  449.422563][ T9019] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  449.446694][ T4785] bridge0: port 1(bridge_slave_0) entered blocking state
[  449.454220][ T4785] bridge0: port 1(bridge_slave_0) entered forwarding state
[  449.547629][ T4785] bridge0: port 2(bridge_slave_1) entered blocking state
[  449.555304][ T4785] bridge0: port 2(bridge_slave_1) entered forwarding state
[  449.555871][ T9031] syz.1.1014: attempt to access beyond end of device
[  449.555871][ T9031] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  449.928158][   T54] kworker/u8:3: attempt to access beyond end of device
[  449.928158][   T54] loop1: rw=1, sector=45104, nr_sectors = 8 limit=40427
[  449.978277][   T54] kworker/u8:3: attempt to access beyond end of device
[  449.978277][   T54] loop1: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  449.993120][   T54] CPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Tainted: G             L      syzkaller #0 PREEMPT(none) 
[  449.993291][   T54] Tainted: [L]=SOFTLOCKUP
[  449.993338][   T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  449.993438][   T54] Workqueue: writeback wb_workfn (flush-7:1)
[  449.993592][   T54] Call Trace:
[  449.993640][   T54]  <TASK>
[  449.993688][   T54]  __dump_stack+0x26/0x30
[  449.993837][   T54]  dump_stack_lvl+0x14c/0x1c0
[  449.993988][   T54]  dump_stack+0x1e/0x25
[  449.994128][   T54]  f2fs_handle_critical_error+0xa6f/0xc20
[  449.994337][   T54]  f2fs_stop_checkpoint+0x65/0x80
[  449.994509][   T54]  f2fs_write_end_io+0x101c/0x1bc0
[  449.994720][   T54]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  449.994890][   T54]  bio_endio+0xf96/0x10f0
[  449.995025][   T54]  submit_bio_noacct+0x2009/0x2930
[  449.995218][   T54]  submit_bio+0x57c/0x630
[  449.995358][   T54]  f2fs_submit_write_bio+0x92/0x250
[  449.995521][   T54]  __submit_merged_bio+0x16f/0x6a0
[  449.995676][   T54]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  449.995862][   T54]  __submit_merged_write_cond+0x44a/0x990
[  449.996039][   T54]  f2fs_write_data_pages+0x4cf3/0x57a0
[  449.996353][   T54]  ? f2fs_balance_fs_bg+0x11ee/0x1250
[  449.996503][   T54]  ? stack_depot_save_flags+0x35/0x790
[  449.996648][   T54]  ? kmsan_get_metadata+0xfb/0x160
[  449.996829][   T54]  ? kmsan_get_metadata+0xfb/0x160
[  449.996997][   T54]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  449.997173][   T54]  ? f2fs_write_node_pages+0x7ac/0xb40
[  449.997305][   T54]  ? kmsan_get_metadata+0xfb/0x160
[  449.997468][   T54]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  449.997639][   T54]  ? kmsan_get_metadata+0xfb/0x160
[  449.997804][   T54]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  449.997963][   T54]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  449.998123][   T54]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  449.998291][   T54]  do_writepages+0x3f2/0x860
[  449.998412][   T54]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  449.998593][   T54]  ? queue_io+0x771/0x790
[  449.998723][   T54]  ? kmsan_get_metadata+0xfb/0x160
[  449.998914][   T54]  __writeback_single_inode+0x101/0x1190
[  449.999072][   T54]  ? kmsan_get_metadata+0xfb/0x160
[  449.999263][   T54]  writeback_sb_inodes+0xb2d/0x1f10
[  449.999498][   T54]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  449.999697][   T54]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  449.999880][   T54]  wb_writeback+0x4ce/0xc00
[  450.000039][   T54]  ? queue_io+0x471/0x790
[  450.000192][   T54]  wb_workfn+0x397/0x1910
[  450.000318][   T54]  ? kmsan_get_metadata+0xfb/0x160
[  450.000508][   T54]  ? __pfx_wb_workfn+0x10/0x10
[  450.000626][   T54]  process_scheduled_works+0xb91/0x1d80
[  450.000862][   T54]  worker_thread+0xedf/0x1590
[  450.001013][   T54]  kthread+0xd5c/0xf00
[  450.001127][   T54]  ? __pfx_worker_thread+0x10/0x10
[  450.001271][   T54]  ? __pfx_kthread+0x10/0x10
[  450.001392][   T54]  ret_from_fork+0x208/0x710
[  450.001540][   T54]  ? __switch_to+0x53d/0x790
[  450.001673][   T54]  ? __pfx_kthread+0x10/0x10
[  450.001799][   T54]  ret_from_fork_asm+0x1a/0x30
[  450.001975][   T54]  </TASK>
[  450.002019][   T54] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  451.426863][ T9058] netlink: 83 bytes leftover after parsing attributes in process `syz.3.1024'.
[  451.520091][ T8917] 8021q: adding VLAN 0 to HW filter on device batadv0
[  453.273286][ T8917] veth0_vlan: entered promiscuous mode
[  453.329963][ T8917] veth1_vlan: entered promiscuous mode
[  453.596597][ T8917] veth0_macvtap: entered promiscuous mode
[  453.645504][ T9101] overlayfs: failed to resolve './cgroup': -2
[  453.675824][ T8917] veth1_macvtap: entered promiscuous mode
[  453.786889][ T8917] batman_adv: batadv0: Interface activated: batadv_slave_0
[  453.866061][ T8917] batman_adv: batadv0: Interface activated: batadv_slave_1
[  453.948675][ T3706] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  453.968848][ T3706] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  454.028660][ T3706] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  454.051536][ T3999] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  456.559432][ T9142] loop1: detected capacity change from 0 to 40427
[  456.581616][ T9142] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x1f52010)
[  456.590358][ T9142] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  456.599000][ T9142] F2FS-fs (loop1): Image doesn't support compression
[  456.607943][ T9142] F2FS-fs (loop1): build fault injection type: 0x4
[  456.619146][ T9142] F2FS-fs (loop1): invalid crc value
[  456.882112][ T9142] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  456.893314][ T9142] F2FS-fs (loop1): Start checkpoint disabled!
[  456.903307][ T9142] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  456.928870][ T9142] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[  456.936426][ T9142] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  456.998085][ T9142] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  458.496105][ T9182] loop1: detected capacity change from 0 to 1024
[  458.547174][ T9182] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  458.698999][ T9182] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.1058: Invalid block bitmap block 0 in block_group 0
[  458.724173][ T9182] EXT4-fs (loop1): Remounting filesystem read-only
[  458.731576][ T9182] Quota error (device loop1): write_blk: dquota write failed
[  458.740043][ T9182] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  458.750749][ T9182] EXT4-fs (loop1): 1 orphan inode deleted
[  458.759111][ T9182] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  458.796871][ T9190] netlink: 'syz.3.1064': attribute type 1 has an invalid length.
[  458.838811][ T9179] overlayfs: upper fs does not support tmpfile.
[  458.864319][ T9190] bond2: entered promiscuous mode
[  458.869676][ T9190] bond2: entered allmulticast mode
[  458.876507][ T9190] 8021q: adding VLAN 0 to HW filter on device bond2
[  458.894337][ T9182] syz.1.1058 (9182) used greatest stack depth: 3120 bytes left
[  459.125550][ T3735] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  459.135802][ T3735] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  459.251999][ T5804] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  459.340770][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  459.349172][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  459.887222][ T9206] loop6: detected capacity change from 0 to 64
[  460.280012][ T8917] Trying to free block not in datazone
[  461.701075][ T9226] loop6: detected capacity change from 0 to 32768
[  461.752743][ T9226] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1077 (9226)
[  462.526036][ T9226] BTRFS info (device loop6): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  462.537020][ T9226] BTRFS info (device loop6): using blake2b (blake2b-256-lib) checksum algorithm
[  462.688878][ T9226] BTRFS info (device loop6): enabling ssd optimizations
[  462.698616][ T9226] BTRFS info (device loop6): turning on async discard
[  462.705897][ T9226] BTRFS info (device loop6): enabling free space tree
[  462.713129][ T9226] BTRFS info (device loop6): use zstd compression, level 3
[  463.196355][ T9259] netlink: 'syz.5.1085': attribute type 1 has an invalid length.
[  463.277291][ T9259] 8021q: adding VLAN 0 to HW filter on device bond2
[  463.385246][ T9261] macvlan2: entered promiscuous mode
[  463.390752][ T9261] macvlan2: entered allmulticast mode
[  463.400744][ T9261] bond2: entered promiscuous mode
[  463.408293][ T9261] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  463.481246][ T8917] BTRFS info (device loop6): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  463.583539][ T9261] bond2: left promiscuous mode
[  464.682202][   T24] IPVS: starting estimator thread 0...
[  464.691993][ T9282] vlan0: entered promiscuous mode
[  464.742930][ T9282] tipc: Started in network mode
[  464.748063][ T9282] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  464.755940][ T9282] tipc: Enabled bearer <eth:team0>, priority 0
[  464.793192][ T9286] IPVS: using max 336 ests per chain, 16800 per kthread
[  465.704537][ T9306] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1101'.
[  465.752689][   T24] tipc: Node number set to 11578026
[  466.265782][ T9318] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1107'.
[  467.343562][ T5816] Bluetooth: hci3: command 0x0406 tx timeout
[  468.697133][ T9356] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1119'.
[  468.770264][ T9356] team1: entered promiscuous mode
[  468.775888][ T9356] team1: entered allmulticast mode
[  469.466561][ T9359] netlink: 'syz.3.1120': attribute type 2 has an invalid length.
[  470.101663][ T9373] loop6: detected capacity change from 0 to 760
[  470.111925][ T9373] iso9660: Unknown parameter '0xffffffffffffffff���ʼ�<�<�k[�(:�ޗ�c6��z���i9��F�'��-�OHB�nsNɉʨ��c��22Nݍ*[���Ӿ��Q��G�x�]& ���
�i�"�?�
[  470.111925][ T9373] ����h�`�l���'
[  470.313707][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  470.320440][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  470.849393][ T9388] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  470.854627][ T9387] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1131'.
[  470.856948][ T9388] overlayfs: failed to set xattr on upper
[  470.865987][ T9387] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1131'.
[  470.871460][ T9388] overlayfs: ...falling back to redirect_dir=nofollow.
[  470.871515][ T9388] overlayfs: ...falling back to metacopy=off.
[  470.893953][ T9388] overlayfs: ...falling back to index=off.
[  470.899919][ T9388] overlayfs: ...falling back to uuid=null.
[  472.063068][ T9395] loop1: detected capacity change from 0 to 32768
[  472.079464][ T9395] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1136 (9395)
[  472.113567][ T9395] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  472.124751][ T9395] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  472.292094][ T9395] BTRFS info (device loop1): rebuilding free space tree
[  472.417901][ T9405] bridge0: port 2(bridge_slave_1) entered disabled state
[  472.428251][ T9405] bridge0: port 1(bridge_slave_0) entered disabled state
[  472.509624][ T9395] BTRFS info (device loop1): disabling free space tree
[  472.517004][ T9395] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  472.527517][ T9395] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  472.587836][ T9395] BTRFS info (device loop1): setting nodatasum
[  472.594753][ T9395] BTRFS info (device loop1): setting nodatacow
[  472.601100][ T9395] BTRFS info (device loop1): turning off barriers
[  472.607916][ T9395] BTRFS info (device loop1): force clearing of disk cache
[  472.817128][ T9405] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  472.844441][ T9405] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  473.613224][   T73] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  473.644852][   T73] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  473.676799][   T73] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  473.708946][   T73] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  473.709159][ T5804] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  474.790718][   T24] libceph: connect (1)[c::]:6789 error -101
[  474.800289][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  474.852875][ T5863] IPVS: starting estimator thread 0...
[  474.870853][ T9455] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  474.878385][ T9455] tipc: Enabled bearer <udp:s>, priority 10
[  474.888133][ T9449] ceph: No mds server is up or the cluster is laggy
[  474.973099][ T9457] IPVS: using max 240 ests per chain, 12000 per kthread
[  475.004910][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  475.129941][ T9460] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1151'.
[  475.273938][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  475.802604][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  476.853307][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  476.928229][ T9504] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1169'.
[  477.175834][ T9504] macvlan2: entered promiscuous mode
[  477.181659][ T9504] macvlan2: entered allmulticast mode
[  477.191289][ T9504] bond2: entered promiscuous mode
[  477.198984][ T9504] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  477.238233][ T9504] bond2: left promiscuous mode
[  477.892714][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  478.936678][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  479.972601][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  481.012610][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  482.052530][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  483.102600][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  484.132555][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  484.708508][ T9577] overlayfs: failed to clone upperpath
[  485.026471][ T9582] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1199'.
[  485.036166][ T9582] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1199'.
[  485.123911][ T9588] netlink: 14 bytes leftover after parsing attributes in process `syz.5.1199'.
[  485.172607][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  485.334665][ T9588] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  485.457766][ T9588] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  485.478950][ T9588] bond0 (unregistering): Released all slaves
[  485.520710][   T30] audit: type=1326 audit(1767905273.714:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa193b8f749 code=0x7ffc0000
[  485.647202][   T30] audit: type=1326 audit(1767905273.774:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=210 compat=0 ip=0x7fa193b8f749 code=0x7ffc0000
[  485.672251][   T30] audit: type=1326 audit(1767905273.774:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa193b8f749 code=0x7ffc0000
[  485.696772][   T30] audit: type=1326 audit(1767905273.784:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fa193b8f749 code=0x7ffc0000
[  485.719461][   T30] audit: type=1326 audit(1767905273.784:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa193b8f749 code=0x7ffc0000
[  485.743303][   T30] audit: type=1326 audit(1767905273.784:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa193b8f749 code=0x7ffc0000
[  485.768160][   T30] audit: type=1326 audit(1767905273.784:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa193b8f749 code=0x7ffc0000
[  485.792391][   T30] audit: type=1326 audit(1767905273.784:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fa193b8f749 code=0x7ffc0000
[  485.815473][   T30] audit: type=1326 audit(1767905273.944:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9596 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa193bc2005 code=0x7ffc0000
[  485.838154][   T30] audit: type=1326 audit(1767905273.964:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.6.1202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa193b8f749 code=0x7ffc0000
[  486.212541][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  486.325347][ T9600] syz_tun: entered allmulticast mode
[  486.394635][ T9600] dvmrp8: entered allmulticast mode
[  486.495083][ T9599] syz_tun: left allmulticast mode
[  486.508803][ T9605] loop6: detected capacity change from 0 to 256
[  486.776904][ T9609] tmpfs: Unknown parameter '9'
[  487.232699][    T9] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  487.252533][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  487.429041][    T9] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  487.439563][    T9] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  487.453304][    T9] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  487.463601][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  487.779019][    T9] usb 7-1: usb_control_msg returned -32
[  487.785327][    T9] usbtmc 7-1:16.0: can't read capabilities
[  488.292617][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  488.343366][   T24] libceph: connect (1)[c::]:6789 error -101
[  488.349813][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  488.446534][ T9645] ceph: No mds server is up or the cluster is laggy
[  489.332652][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  489.425726][ T9660] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1227'.
[  490.276945][   T24] usb 7-1: USB disconnect, device number 2
[  490.373875][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  491.325954][ T9677] loop1: detected capacity change from 0 to 32768
[  491.410533][ T9677] UFO tlock:0xffffc90001a030d8
[  491.415768][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  491.491750][ T9677] ERROR: (device loop1): dtReadFirst: btstack overrun
[  491.491750][ T9677] 
[  491.512656][ T9677] ERROR: (device loop1): remounting filesystem as read-only
[  491.520169][ T9677] btstack dump:
[  491.524871][ T9677] bn = 0, index = 0
[  491.528825][ T9677] bn = 72c, index = 0
[  491.533115][ T9677] bn = 0, index = 0
[  491.537092][ T9677] bn = 72c, index = 0
[  491.541227][ T9677] bn = 0, index = 0
[  491.545312][ T9677] bn = 72c, index = 0
[  491.549423][ T9677] bn = 0, index = 0
[  491.553726][ T9677] =====================================================
[  491.561077][ T9677] BUG: KMSAN: uninit-value in BT_STACK_DUMP+0x5e5/0x600
[  491.568428][ T9677]  BT_STACK_DUMP+0x5e5/0x600
[  491.573500][ T9677]  dtReadFirst+0xebf/0xf00
[  491.578092][ T9677]  jfs_readdir+0x1638/0x6db0
[  491.585661][ T9677]  wrap_directory_iterator+0xda/0x180
[  491.601956][ T9677]  shared_jfs_readdir+0x3d/0x50
[  491.607312][ T9677]  iterate_dir+0x452/0x620
[  491.612082][ T9677]  __se_sys_getdents64+0x17e/0x550
[  491.617562][ T9677]  __x64_sys_getdents64+0x97/0xe0
[  491.622908][ T9677]  x64_sys_call+0x3cef/0x3e70
[  491.627863][ T9677]  do_syscall_64+0xd3/0xf80
[  491.632854][ T9677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.638937][ T9677] 
[  491.641499][ T9677] Local variable btstack created at:
[  491.648477][ T9677]  jfs_readdir+0xde/0x6db0
[  491.653227][ T9677]  wrap_directory_iterator+0xda/0x180
[  491.658784][ T9677] 
[  491.661324][ T9677] CPU: 0 UID: 0 PID: 9677 Comm: syz.1.1233 Tainted: G             L      syzkaller #0 PREEMPT(none) 
[  491.672511][ T9677] Tainted: [L]=SOFTLOCKUP
[  491.676927][ T9677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  491.687257][ T9677] =====================================================
[  491.696708][ T9677] Disabling lock debugging due to kernel taint
[  491.704215][ T9677] Kernel panic - not syncing: kmsan.panic set ...
[  491.710782][ T9677] CPU: 0 UID: 0 PID: 9677 Comm: syz.1.1233 Tainted: G    B        L      syzkaller #0 PREEMPT(none) 
[  491.721846][ T9677] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP
[  491.727473][ T9677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  491.737630][ T9677] Call Trace:
[  491.740990][ T9677]  <TASK>
[  491.743984][ T9677]  __dump_stack+0x26/0x30
[  491.748463][ T9677]  dump_stack_lvl+0x50/0x1c0
[  491.753194][ T9677]  ? dump_stack+0x12/0x25
[  491.757674][ T9677]  dump_stack+0x1e/0x25
[  491.761966][ T9677]  vpanic+0x435/0xd30
[  491.766117][ T9677]  panic+0x15d/0x160
[  491.770208][ T9677]  kmsan_report+0x31c/0x320
[  491.774884][ T9677]  ? __msan_warning+0x1b/0x30
[  491.779702][ T9677]  ? BT_STACK_DUMP+0x5e5/0x600
[  491.784656][ T9677]  ? dtReadFirst+0xebf/0xf00
[  491.789562][ T9677]  ? jfs_readdir+0x1638/0x6db0
[  491.794767][ T9677]  ? wrap_directory_iterator+0xda/0x180
[  491.800553][ T9677]  ? shared_jfs_readdir+0x3d/0x50
[  491.805752][ T9677]  ? iterate_dir+0x452/0x620
[  491.810504][ T9677]  ? __se_sys_getdents64+0x17e/0x550
[  491.815952][ T9677]  ? __x64_sys_getdents64+0x97/0xe0
[  491.821308][ T9677]  ? x64_sys_call+0x3cef/0x3e70
[  491.826336][ T9677]  ? do_syscall_64+0xd3/0xf80
[  491.831199][ T9677]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.837424][ T9677]  ? vprintk_emit+0xb34/0xb70
[  491.842271][ T9677]  ? vprintk_default+0x3f/0x50
[  491.847357][ T9677]  ? vprintk+0x36/0x50
[  491.851622][ T9677]  ? _printk+0x17e/0x1b0
[  491.856052][ T9677]  ? kmsan_get_metadata+0xfb/0x160
[  491.861340][ T9677]  __msan_warning+0x1b/0x30
[  491.865999][ T9677]  BT_STACK_DUMP+0x5e5/0x600
[  491.870747][ T9677]  dtReadFirst+0xebf/0xf00
[  491.875349][ T9677]  jfs_readdir+0x1638/0x6db0
[  491.880079][ T9677]  ? kmsan_get_metadata+0xfb/0x160
[  491.885361][ T9677]  ? try_to_merge_one_page+0x1bb0/0x2700
[  491.891156][ T9677]  ? kmsan_get_metadata+0xfb/0x160
[  491.896546][ T9677]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  491.902546][ T9677]  ? __rcu_read_unlock+0x6d/0xd0
[  491.907652][ T9677]  ? aa_file_perm+0x41a/0x2130
[  491.912745][ T9677]  ? aa_file_perm+0x535/0x2130
[  491.917712][ T9677]  ? kmsan_get_metadata+0xfb/0x160
[  491.923029][ T9677]  ? kmsan_get_metadata+0xfb/0x160
[  491.928316][ T9677]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  491.934813][ T9677]  ? kmsan_get_metadata+0xfb/0x160
[  491.940103][ T9677]  wrap_directory_iterator+0xda/0x180
[  491.945625][ T9677]  ? __pfx_jfs_readdir+0x10/0x10
[  491.950711][ T9677]  ? __pfx_shared_jfs_readdir+0x10/0x10
[  491.956906][ T9677]  shared_jfs_readdir+0x3d/0x50
[  491.961955][ T9677]  iterate_dir+0x452/0x620
[  491.966545][ T9677]  __se_sys_getdents64+0x17e/0x550
[  491.971839][ T9677]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  491.978077][ T9677]  ? __pfx_filldir64+0x10/0x10
[  491.983426][ T9677]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  491.989451][ T9677]  __x64_sys_getdents64+0x97/0xe0
[  491.994986][ T9677]  x64_sys_call+0x3cef/0x3e70
[  491.999831][ T9677]  do_syscall_64+0xd3/0xf80
[  492.004494][ T9677]  ? clear_bhb_loop+0x40/0x90
[  492.009314][ T9677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  492.015523][ T9677] RIP: 0033:0x7fc2c898f749
[  492.020127][ T9677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  492.040052][ T9677] RSP: 002b:00007fc2c6bf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  492.048606][ T9677] RAX: ffffffffffffffda RBX: 00007fc2c8be5fa0 RCX: 00007fc2c898f749
[  492.056698][ T9677] RDX: 000000000000007b RSI: 0000200000000300 RDI: 0000000000000004
[  492.064870][ T9677] RBP: 00007fc2c8a13f91 R08: 0000000000000000 R09: 0000000000000000
[  492.072946][ T9677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  492.081093][ T9677] R13: 00007fc2c8be6038 R14: 00007fc2c8be5fa0 R15: 00007ffe9cc87368
[  492.089246][ T9677]  </TASK>
[  492.093178][ T9677] Kernel Offset: disabled
[  492.097552][ T9677] Rebooting in 86400 seconds..