last executing test programs: 13.679703146s ago: executing program 1 (id=227): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000000c0)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="650a000000000000611124000000000018"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8000000000000003, 0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 12.776825775s ago: executing program 1 (id=230): ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) epoll_create1(0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000180)={'pcl812\x00', [0x8001, 0x4, 0x1, 0x0, 0x0, 0xcc7, 0x8, 0x7, 0x1, 0xff, 0x2, 0x1, 0x8, 0x2, 0x6, 0x9, 0x1, 0x9, 0x43, 0x40000003, 0x89, 0x9, 0xf27, 0x6, 0x800b, 0x8, 0x5, 0x6, 0x8, 0x10000, 0xfffffff4]}) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x600000, 0x9) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) 11.560457967s ago: executing program 1 (id=235): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000540)) r1 = eventfd2(0x1, 0x80001) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001ac0)=""/191, 0x0, 0xffff1000}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1fd2, 0x6007, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4008af14, &(0x7f0000000000)={0x0, 0x3}) 8.258724858s ago: executing program 3 (id=243): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x800, 0x20) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x840}, 0x20008000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_open_dev$evdev(&(0x7f00000000c0), 0x3, 0x862b01) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x1, 0x5, 0x80, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x3, 0xb3a6, 0x0, 0x9, 0xa, 0xd], 0x0, 0x141d01}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 7.97254034s ago: executing program 3 (id=244): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000200)='./file1\x00', 0x108c8, &(0x7f0000000080)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c00598f2f223a0a12f76404ad3bd59a04fbd75d1008c039c51a2a013e63af1c9ed7416faa1e2ea98d0f1c7337a5c81920988a4299a77054cdb12285fd7a0e5b43382d962372b73042593a5bd6b7db4a1b3721c62f11018727c29f3a1bd1e554474ea0d1da2a20b205df342a04a34b65e16a23e8e7811a984963073ebcbead85f9e4332bdef4c1ce54a1c6f7a47b75aa95b9e8cb616be40a0000b1309ee426d1803ef09abb9509846c34b9ac0bf109cedbd12c850effda9ae677566159f9c83da7ff6e247e3ac43c0a663c8c83650692e474bac2c047b238601bd5187d6bed82fe2034512ef11b74a98252198c4402bcf3165561157678e9d50831c27d1094a04d8c7607d7164033cda7a81704824d3107f232de8c31f57de3f78727828e8206403db4", @ANYRES32], 0x1, 0x4460, &(0x7f0000008900)="$eJzs3c9rG1ceAPA3spPY2SRrZxPIwsIKNrDL7mLsnHbXC3UcJ46duCluE0ovimwriVvZCrZcesjBvQV6KvRQeggptCefQg69pn9CLz30kJ56CG0PhVIohLpIGtmasVQrwbJx+vkcPJr35v2wvvPjjWDeZGLlW/PL2fnlbH4xW5q9sXwm+3apuLJQCJld0rT9A7vXPu3pxH6y1/ve79mVcxdevXYmhM/nvnyyvr6+Hiq6Q1NDDZ9/+uHObOOyLpMqU6m3eW075Y0Qwokt/aroCiG8/lkIUQjhbJw2Gi97QwhHQy3v2p33rmd3qDcPHhf+n3s6dffh8OnJtXsPW//vUQgfFf/875sL3/2ta/jrf+5Q8wAAAAAAAAAAAAAAAAAA7HPj01euvjI4FB5FoXst2vq87ni8bPV87PqO+WtjtYknkL9NP1QMAAAAAAAAAAAAAAAAAAAAL5jN5/+z0fEmz/+PxcuRFuXXX+p8H+mciZevjJ0fHIrf/x5tyf9PnPT92a7Q3+S97+n3v59NlW/+/vet7Tyvev/q7faFKDOQWM9kBgZC+Dh+8fup6HCmWFou/+tGaWVxbse6sW8l41+baCMRnXjujXbjP5qqv/Pv///Tlr2psn5953axF1oy/l0tt/vk3ait+J9LlduN+D8r08lsSsa/Nu1Ob+MGI7VvqxL/97u3j/9Yqv5Oxf9YCCEbVfqaTZwBKmOYSnqr8QpJyfgfqKYlTp3xF9nq+P85Ff/zqfr36vy/mr4Q0VQy/geraT2JLTaP//4f46m6fuP4v5Cqfy/iX+n/ajVx+tPOtr3/JeN/qJaYmH2t9vW2e/4fTxQ92LH4X83E/TwWJfaAtaiW3mq+OpKS8e/Zkr95/5dpa/x3MVV+t+7/6u32hVC9/6uf/v8R1e7/aC4Z/9509lcn4xupdo//iVQFnT7/j1THfzyvZPwPV9OSY+e+6t924z+Zqj8d/2/+sDP9ro5Keurx3zyf/HKoln7f+K8tyfjHwck0/g6wWv1bHf9F24//L6Xq34vxX2XnWE3d5B/sbCf2rWT8j6SzTw7HHyrx/6KN6//lVAWdj38Ig37re27J+B9tuV31+O/ZPv5TqXKdjv/ft8lPX48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXjSj8bIvRJmBxHomMzAQwrl4/VQ4HM3k53IzxdLsW8shjMXp2XA8ulkszeSLufnF0lwhly8WS7MhnI/zT4SeaLlYKucW8rcvbNTVG90q5JfKM4V8OYQwHqf/JRyt1zUzX17I3w4hXNzI+2OmtHT7Vn4xNze/9L/BwcHBMLHRh/6o8E65sFiutV7LDWFyo2xf1NC5avaljb4cid4srSwt5ovV9MsNZYql2XyxocxUnPdB6I/KSyuLs/lyIVcs3ay3t5dG4uXYxPRr05eHtuRfj2rL0d3tFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADP6NHwfz8MIXTX1jIhhJH6h6jZ9g8eF7pyT6fuPhw+Pbl27/6TVtsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzKDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbpGCViIAoD8JuxiZ3HsApJZxtRRAsjgifQY3gYPYqX8A4WFrZWgjsDS3YC2+xW39c8yE94D+YHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGA/N4/z08MwRqTockR8vHx+bed3Zb5dtv8/OcKNHM7t/Xx1PYzl3dNOflE+fU/5P/39eX2OxqzeFz1Z9mmj7jldvavVt65Rtnpf3XsWKfcRMZX8POXc96trAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3zqJrAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFYAAAD//4ABJ8M=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x6200, 0x0) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') r2 = openat(0xffffffffffffff9c, 0x0, 0x204000, 0x0) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r2, 0x40189429, &(0x7f0000000580)={0x1, 0x100, 0x8}) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x1000840, &(0x7f0000000c00)=ANY=[@ANYBLOB='shortname=mixed,sys_immutable,nfs,iocharset=cp936,shortname=lower,rodir,nocase,codepage=860,shortname=lower,shortname=lower,shortname=win95,uid=', @ANYRES64, @ANYBLOB="2c646973636172642c73686f72746e616d653d77696e39352c756e695f786c6174653d302c0061a98eed20cb46078e5a4a40eed4c77e7462b84482aa7061236bf6bf5f48d7580feb45e35df449cbc10bccc2d8eb7a405ecd33c7efe0552ac1485c1dc47fec07062af97740e17f7fed7c51b26811fd16e28ca3f29cfad88fc4c5504243392e01cbdde7b5c763979598f95f09b95d2c45628665902b30ddfbf9bbd38185eabec1312bac0ff85a1ffbe2a612f453253bf5fcac7dd1e683bf671e2c5362e5a7"], 0x43, 0x357, &(0x7f0000000140)="$eJzs3U9om/UbAPAne9OkHezXHn4wFIRXb4KWteJBTy2jg2EuKsE/BzG4TqWpgwaD3aFZvYhHwaOevHnQg+DOIijizYNXJ8hUPOhuA4evJHnzr0m6Tkxl7PM5hGff7/Pk+7zLS/P2Lfnm5bXYujAXF2/cuB7z84Uorp1di5uFWIok4kR0XIlxpQljAMDd4WaWxR9Z1xFLCjNuCQCYsc77/6unhkbe/qofFsfzM+/+AHDXy3//X5iaUIqYnzZ3aVZdAQCzNHb//6GR6dLon/qLkRx3gwDAv+7ZF158ar0S8UyazkVsv9OsNqvx5GB+/WK8HvXYjDOxGLciuhcK7YdC5/Hc+crGmTRNW/HzUlTbFc1qxHarWe1eKawnnfpyrMRiLOX1+dVGlmXJuc8qGytpR0RcaXXWj+1CszoXJ/P1fzgZm7Eaafx/rD7ifGVjNc2foLrdq29F7A/uW7T7X47F+O6VuBT1uBDt2t5lTWVjbyVNz2aVkfpmtdzJ65p6BwQAAAAAAAAAAAAAAAAAAAAAAP6R5bRvqb//TTbYv2d5ecJ8Z3+cbn2+P9B+d3+grJxFlv3+1qPVd5MY2R/o4P48zWqx9/WCAAAAAAAAAAAAAAAAAAAAcM9r7JaiVq9v7jR2L28NB62dxu6JiGiPvPHNJ18uxHjObYJivsbQVJoPXd6qZUkvOUtGcvIgaS/eG/n4ar/j4Zxy/ygmtlGePlWvn3rwpw8GIw8kvWf+a5CTxOQDTA60MRxs/6/b0p38R/WD1dvkXMuybFr53kvjVVGIKN75C3d4kLWDr6+/dt9jjdOPd0a+yLoefmTxuWvvf/TrVq3eXjk6r2Bpp3Er26rl/558sk0PkqHzpxDdoDB8JhQPK98fHal9/v1vz9//3rdHWz0bHnlzQk7SPZxPD06VukG7zQNTC5PWmptw8s8gOP3hWu3q3o+/HLVq6IeEjToAAAAAAAAAAAAAAAAAAOBYDH1WPJd/2HfusKonnp59ZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwfAbf/z8U7I+NHCX4sxXjU+XNnUZE6b8+TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7nF/BwAA//9qyG81") sendfile(r0, r1, 0x0, 0x20fffe82) openat(0xffffffffffffff9c, 0x0, 0x183042, 0x15) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x11e02dc89462ea17) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 7.856988855s ago: executing program 1 (id=245): ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, 0x0) r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r4, 0x4048aecb, &(0x7f0000000400)={0x5, 0x0, [{0x80000001, 0x408, 0x0, 0x7, 0x7, 0x3, 0xc}, {0xc0000001, 0x5, 0x5, 0x4, 0xfa1e, 0xa, 0x3}, {0x40000000, 0x2, 0x5, 0x0, 0x46, 0x3, 0xffffc000}, {0x2, 0x4, 0x0, 0x8c8, 0x53b, 0x2, 0xb}, {0x0, 0x5, 0x2, 0x9303, 0x80000001, 0xfffffffc, 0x10000}]}) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) r5 = socket$inet6(0xa, 0x2, 0x88) bind$inet6(r5, &(0x7f0000002c80)={0xa, 0x14e24, 0x0, @rand_addr, 0xffff}, 0x1c) connect$inet6(r5, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0xd}, 0x1c) sendmmsg(r5, 0x0, 0x0, 0x0) 7.198206923s ago: executing program 2 (id=248): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x16, 0x17, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000000000008500000008000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0xfca804a0, 0x0, 0x8, &(0x7f00000002c0), &(0x7f0000000300)=""/8, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 5.973729075s ago: executing program 2 (id=249): inotify_add_watch(0xffffffffffffffff, 0x0, 0x60000726) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x124) r1 = fanotify_init(0x2, 0x1000) fanotify_mark(r1, 0x541, 0x40001019, r0, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x8000, &(0x7f00000005c0)=ANY=[@ANYBLOB="666c7573682c757466383d312c6e6f6e756d7461696c3d302c726f6469722c757466383d312c6e6f6e756d7461696c3d302c756e695f786c6174653d312c6e6f6e756d7461696c3d302c756e695f786c6174653d302c757466383d312c756e695f786c6174653d302c757466383d312c756e695f786c6174653d312c6e6f6e756d7461696c3d302c646f733178666c6f7070792c726f6469722c73686f72746e616d653d77696e6e742c71756965742c0094f8a04f0973c43c7bcea227ba87b349831c01bc3220ec43c16881ca5a7eb4c441b475069a19ed5992542160cfb3116e6b98cb32f0c11a1425599a6e9e6112e8ccec10c22c03ee6158bae8a13f6c3b4c6a28b970ccddefe85485144c95ae43328f492ad74f0d68df2d1fb7eed626acbfd66c627c439a6358168da3754739b94ec5550af56d20754c3be005251ae53ba42f9a84490ebbaa247949ee06d85d8ee4d289"], 0x0, 0x305, &(0x7f0000000740)="$eJzs3U1rE1sYwPFn8tIk7e1tF5fL5aJwqCCKdGgD7lxYpAUxoLSNYAVhaqcaMk1KJhRSxHYhuHXtoguXIojgzo2I2278BGrdddOdXQRHJjOT5mWMCZK+6P+3aM7MeZ45p3NOWnqamdm99GQlv5wUEU0C7taoRCTqb2/K+fdbn07PvfvL21ZqZmp+Mq1URERuP3gx9rY8dPP1328Ssj16Z3cv/WX71LzIt/n7ElE5WxUcRxlqsVgsu02opZyd15W6YZmGbapcwTZLZb/eWLRMtWwVV1cryigsDQ+ulkzbVkahovJmRZWLqlyqKOOekSsoXdfV8KCgNliBSFud1ikx+3zfcWTPcRwnsSmO44REbwaFuP+a+LXO4jhpGf+OsW2TI9rPnuEw7Duxrscfvx/v/f/5aXfj72wcUrdwSOZuLVybymSmZ5VKiqw8XsuuZb1Xr/7jkOTEElO2Zi8sVMWdIz7R3K8zVzPTE6pmVM6ubPj5G2tZ75fD1HItfydIasiXIH/Sy1fN+XEZPMg3JS0j8o+E5qeDfIk05A/IuTMN+bqMyIe7UhRLltyZ3JD/cFKpK9czLe2nanEAAAAAAAAAAJxEuqo7WL/X6v/qTel6ovaJj3p9yt3txnkB9fX1CRmRavj6/ETo+n5M/o8d4TcOAAAAAMAfxK6s5w3LMkv9KUSfpTo0ERcRtyDyaMztTMcD/uv3uLvWB0SkvSrauYmmQuqi197LWb9j0s8TFRSSPfQwpBBcrJE3qq+CqpSEBUd6mgDjA6FnPlnSpK/zp6kg3QTXrl7qbWJrMbuynuh6arWlV4M9/4XGONrPj+MYVtzbI/UR7Jx1uae3ww8LydYTNb7jHdfq8EPja32JDwAAAMAJ0vCHEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCL16/81/0n/3dw8LLhvf3OV+I+Ib78lW+tz4rnvPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBj6HsAAAD///cNs1U=") syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x30000d0, 0x0, 0x2, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000380)='./bus\x00', 0x322020, &(0x7f0000000140)=ANY=[], 0x1, 0x0, 0x0) r2 = syz_create_resource$binfmt(&(0x7f0000000380)='./file1\x00') r3 = openat$binfmt(0xffffffffffffff9c, r2, 0x42, 0x1ff) write$binfmt_script(r3, &(0x7f00000002c0)={'#! ', './file1'}, 0xb) r4 = openat$binfmt(0xffffffffffffff9c, r2, 0x2, 0x0) copy_file_range(r3, &(0x7f0000000180), r4, &(0x7f00000001c0)=0x5, 0x2, 0x0) 5.960893526s ago: executing program 1 (id=250): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) r3 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000140)={'veth0_vlan\x00', &(0x7f00000002c0)=@ethtool_sfeatures={0x3b, 0x2, [{0x3ff, 0x2}, {0xffffffff, 0x3}]}}) 5.908876618s ago: executing program 0 (id=251): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) set_mempolicy(0x3, &(0x7f0000000240)=0x1020fff, 0x6) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) 5.527404054s ago: executing program 2 (id=252): socketpair$unix(0x1, 0x2, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21024, 0x42030}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @rand_addr=' \x01\x00'}]}]}, @IFLA_ALT_IFNAME={0x14, 0x35, 'veth0_to_bond\x00'}]}, 0x50}}, 0x0) 4.594657214s ago: executing program 0 (id=253): getpid() mount(0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_mount_image$squashfs(&(0x7f0000000100), &(0x7f0000000000)='./file0\x00', 0x1, &(0x7f00000003c0)=ANY=[@ANYBLOB="3d0d8f929d36bc9c19d99c138002cdf0e58683ee6a6abe3f845d219f9f86cc41c0ed8b279cd28575a6a528070679baf75e3a4f87987e5460c109d882afd2c2bfb760eaaae9b0710000", @ANYRES16=0x0], 0x1, 0x1a4, &(0x7f0000000700)="$eJzsVU9rGkEU/83uuKstlF5bCj20tHqormtb2lN7afED9FwiZmMka/64QqIYMCe/Ry5+kUA+Qg4JuZhDCORg7mHDzLzdjAEPgYRomB/o7/femzdvnoNvVqOtyAVwPenX8RsSNl7hmDFwAO+Z8v11FV84iotkn3PFBfLvE58QR93eWi0Mg/ZdwWaH7isebKP5Fv8fYefDl+qayCMuU4g3c9LyQguOGSH6y+DJT/jsxa35a8/CpZxlR5N+XYglAHEcx0ByH2D6GhvAQboGeMvlh9mI0zUiUxifAZQ6rc1S1O19abZqjaARrPt+5bv31fO++aWVZhh46ptpJSyqK7gAQMzUnBbPADjNqTUvMA2mHY3iTM91tOGc/zCdazGe5iacpZjIpdmO3Z9/uv/wSca2BywmaL+YbKkKBhtcGmWunU/1lpWBYn0jXB6CQbwrsQt4I3BYSdoYmcQQqakRVH4MkmJD4o/EVeIR8Zg4ebOSt4jLHc7Iyg8ABzu1TqddFi6lUp+f+vzXaWWLql450829c2FgYGBgYGBgsGC4CQAA//96Ul4h") 4.270378458s ago: executing program 3 (id=254): socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000200)=0x1, 0x12) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x4, 0xa}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r2, &(0x7f0000000300)="989f850dd518", 0x0}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000100)=0x1, 0x12) 4.269604968s ago: executing program 2 (id=262): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x800000004, &(0x7f0000000080), 0x106, 0x2}}, 0x20) 3.385493776s ago: executing program 0 (id=255): openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x501800, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r3, &(0x7f0000000100)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5}, [@null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) 2.11843731s ago: executing program 2 (id=256): bind$inet(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r4, 0x0, 0x0}, 0x10) 963.196659ms ago: executing program 3 (id=257): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, r1}) ioctl$DMA_BUF_SET_NAME_A(r3, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x7, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x5, 0x7, 0x5, 0x6, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x80004c74, 0x10000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x18e, 0x6, 0x6, 0x0, 0x6, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432f6, 0xc8, 0xf1, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x381, 0x4, 0xb, 0x4, 0x9, 0x8, 0x40, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x8000003, 0x3, 0x4000009, 0x6, 0x0, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x3ff, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x9, 0x86, 0x3, 0x303c, 0x3e3, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x200, 0x200, 0x80, 0x3, 0x5, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x120000, 0x7ff, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce4, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2000002, 0x150, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x7ff, 0xd7, 0x200, 0xb, 0xfffffff8]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r4, 0xffffffffffffffff, 0x0) 961.989919ms ago: executing program 0 (id=266): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x70, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xf, 0xf}, {}, {0x7, 0xd}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x40, 0x2, [@TCA_CGROUP_EMATCHES={0x3c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x800, 0x7, 0x1}, {{0x0, 0x0, 0x1}, {0x3, 0x1, 0x1}}}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0xe85, 0x6e4, 0xc}, {0x4, 0x80000000, 0x3, 0x1, 0xf, 0x1}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6e4}}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x10}, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000006100)=@delchain={0x24, 0x65, 0x1, 0x70bd2e, 0x25dfdbff, {0x0, 0x0, 0x0, r9, {0xffff, 0xc}, {}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004004) 875.619433ms ago: executing program 2 (id=258): socket$nl_route(0x10, 0x3, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) socket(0x1d, 0x2, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000440)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000100)="1400000052004f7fb3e45f2024d2f1c9fb470000", 0x14) recvmmsg(r3, &(0x7f0000005c80), 0x1b, 0x10122, 0x0) 553.236356ms ago: executing program 0 (id=259): r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@private, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x0) sendmsg$key(r0, &(0x7f00000020c0)={0x0, 0x0, &(0x7f0000002080)={&(0x7f0000001f80)={0x2, 0x5, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x10}}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x4f, &(0x7f00000002c0)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, "000001", 0x19, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xff, 0x2, 0x8, 0x1, 0x3, [{0x5, 0x1, "c8484ea2d21ee4"}]}}}}}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x4, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x2, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x2b}, 0xa, @in6=@empty, 0x0, 0x4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r4, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0xb2}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 524.669828ms ago: executing program 3 (id=260): sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x18) r2 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x0) fsync(r2) ioctl$NS_GET_OWNER_UID(r2, 0xb704, 0x0) fstat(r1, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x5) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3008003, &(0x7f0000002ac0)=ANY=[], 0x2, 0x200, &(0x7f00000002c0)="$eJzsmbFrFEEUxr+Z3ds7gwRtLGwsDBjR7O3uqaSJEMFSEKKo5WHWEN3k5LJC7kDwsLHRzkKwtbG0sLCy8C+w1UIFwcIrBQthZGZnd4e93fMOTwXzfpDJN/PezLz3YF6xB4Ig9iyfPn778PDc8qWTAPZjAXW9/sXKfbjh//7JnROPV84/ffHu2Zvt+buviucxAEJUXve9aHIAvF61EIPZyYoQmM/tC0YIWuMyOI5rfQUMbiJ/CEUyCcFwTfvcNHRnnxZR6F7vROs3NqPQk4Mvh0AOLTM+GdRwwLAOoKGiE4IZ9p1e/1Y7isJuUdREes+IaVrBK8up41vlWEFaPSGk/9UH9wdyrmsDDzyrnw8OX+sWGNa0XkYdruvmJTHyP2zn51uT5D9jcVbd9WjSXc+VOLj05wNLRPpGptkly/g3SvcfidpMzmHFFfmgs5VDw7QHmj6f/1nu+LVPY/xjhLaPmN7ORdGF34jQKSlUJvL+JDv7MaM/2bCz/tGMt243d3r9pc2t9ka4EW4HQeuMd8rzTgdN1YiScUz/a6j+NGecX6vwdZiD3XYcd/1dIO762TxIxjwBrL3sfJVbDkD1P47Fo+oI1VNV2vXyO5j+4+q/VItWuee9ypwIgiAIgiAIgiAIgiAIgiDKOQKG5JcwwfQH0TKCi+oL5c8AAAD//40vYXw=") creat(&(0x7f00000000c0)='./file0\x00', 0xf4) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0x301, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fadvise64(r3, 0xe0ffff, 0x19, 0x3) 105.368865ms ago: executing program 1 (id=261): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, 0x930, 0x1, 0x13, r5, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x101ff, 0x2, 0xeeee0000, 0x2000, &(0x7f000000f000/0x2000)=nil}) 4.83436ms ago: executing program 0 (id=263): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x24, &(0x7f0000000280)=0x1, 0x4) shutdown(r3, 0x0) recvmmsg(r3, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) 0s ago: executing program 3 (id=264): open(0x0, 0x121342, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, 0x0, 0x6c}) syz_kvm_add_vcpu$x86(0x0, &(0x7f00000001c0)={0x0, &(0x7f00000002c0)=[@code={0x1, 0x4a, {"2e450f1c80c800000066bad004b875a90000ef0fc73bd9e1438074180db50f2106f2440f2d300f00960a000000c4817a2cd82ef3410f2b41b7"}}], 0x4a}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1000000000, 0x0, 0x40, 0x2000001, 0x0, 0x2004cb, 0x0, 0x0, 0x68ff, 0x5, 0x0, 0x3], 0x1, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.245' (ED25519) to the list of known hosts. [ 80.936690][ T5774] cgroup: Unknown subsys name 'net' [ 81.100080][ T5774] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.965264][ T5774] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.690687][ T5791] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.706345][ T5793] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.717224][ T5792] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.725924][ T5797] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.727189][ T5792] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.734077][ T5797] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.742824][ T5792] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.749772][ T5797] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.756037][ T5792] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.763630][ T5797] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.770467][ T5792] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.778278][ T5797] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 84.790313][ T5792] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.797903][ T5797] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.798396][ T5792] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.816886][ T5797] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 84.824459][ T5797] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.848723][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.852312][ T5800] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.864615][ T5800] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 84.866534][ T5797] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.879219][ T5797] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.887391][ T5797] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 84.900299][ T5797] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.319413][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 85.594874][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 85.607134][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.615021][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.622668][ T5785] bridge_slave_0: entered allmulticast mode [ 85.629783][ T5785] bridge_slave_0: entered promiscuous mode [ 85.638402][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 85.659790][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.667243][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.674871][ T5785] bridge_slave_1: entered allmulticast mode [ 85.682433][ T5785] bridge_slave_1: entered promiscuous mode [ 85.756677][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 85.789577][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.829986][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.899389][ T5785] team0: Port device team_slave_0 added [ 85.930852][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.938289][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.945768][ T5788] bridge_slave_0: entered allmulticast mode [ 85.953030][ T5788] bridge_slave_0: entered promiscuous mode [ 85.962800][ T5785] team0: Port device team_slave_1 added [ 85.985550][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.992996][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.000207][ T5788] bridge_slave_1: entered allmulticast mode [ 86.007721][ T5788] bridge_slave_1: entered promiscuous mode [ 86.052784][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.059998][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.067476][ T5787] bridge_slave_0: entered allmulticast mode [ 86.075229][ T5787] bridge_slave_0: entered promiscuous mode [ 86.108155][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.132548][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.139587][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.166661][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.190781][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.198262][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.205717][ T5787] bridge_slave_1: entered allmulticast mode [ 86.213553][ T5787] bridge_slave_1: entered promiscuous mode [ 86.224500][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.234956][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.242216][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.269189][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.344323][ T5788] team0: Port device team_slave_0 added [ 86.352040][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.359271][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.366877][ T5786] bridge_slave_0: entered allmulticast mode [ 86.374794][ T5786] bridge_slave_0: entered promiscuous mode [ 86.404252][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.415693][ T5788] team0: Port device team_slave_1 added [ 86.447249][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.454604][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.462002][ T5786] bridge_slave_1: entered allmulticast mode [ 86.469040][ T5786] bridge_slave_1: entered promiscuous mode [ 86.491619][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.567787][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.575114][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.601174][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.614951][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.622020][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.648167][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.665685][ T5785] hsr_slave_0: entered promiscuous mode [ 86.672943][ T5785] hsr_slave_1: entered promiscuous mode [ 86.682985][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.695231][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.707608][ T5787] team0: Port device team_slave_0 added [ 86.717884][ T5787] team0: Port device team_slave_1 added [ 86.795464][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.802591][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.829203][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.856737][ T5786] team0: Port device team_slave_0 added [ 86.865599][ T5786] team0: Port device team_slave_1 added [ 86.872164][ T5797] Bluetooth: hci3: command tx timeout [ 86.893927][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.901072][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.927454][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.951202][ T5797] Bluetooth: hci2: command tx timeout [ 86.951608][ T5791] Bluetooth: hci1: command tx timeout [ 86.956914][ T5797] Bluetooth: hci0: command tx timeout [ 87.002940][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.009973][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.036653][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.054830][ T5788] hsr_slave_0: entered promiscuous mode [ 87.061476][ T5788] hsr_slave_1: entered promiscuous mode [ 87.067813][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.075870][ T5788] Cannot create hsr debugfs directory [ 87.119593][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.126762][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.152760][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.229043][ T5787] hsr_slave_0: entered promiscuous mode [ 87.236152][ T5787] hsr_slave_1: entered promiscuous mode [ 87.242921][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.250510][ T5787] Cannot create hsr debugfs directory [ 87.320628][ T5786] hsr_slave_0: entered promiscuous mode [ 87.327354][ T5786] hsr_slave_1: entered promiscuous mode [ 87.333712][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.341555][ T5786] Cannot create hsr debugfs directory [ 87.632207][ T5785] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 87.662145][ T5785] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 87.674121][ T5785] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 87.688514][ T5785] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 87.767395][ T5788] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 87.780397][ T5788] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.803792][ T5788] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.819237][ T5788] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.917016][ T5787] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 87.930061][ T5787] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 87.943573][ T5787] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 87.956037][ T5787] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.029204][ T5786] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.056970][ T5786] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.070327][ T5786] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.094876][ T5786] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.159999][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.234245][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.254267][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.261778][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.295708][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.302943][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.315792][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.366824][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.395619][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.402853][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.417328][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.444576][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.451780][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.488015][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.532240][ T143] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.539410][ T143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.576261][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.604895][ T143] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.612151][ T143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.640538][ T5788] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 88.651660][ T5788] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 88.668933][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.724615][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.731950][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.803435][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.810657][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.830012][ T5787] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 88.952121][ T5791] Bluetooth: hci3: command tx timeout [ 88.975224][ T5786] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.032182][ T5791] Bluetooth: hci0: command tx timeout [ 89.032539][ T5793] Bluetooth: hci2: command tx timeout [ 89.037784][ T5791] Bluetooth: hci1: command tx timeout [ 89.104136][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.233968][ T5785] veth0_vlan: entered promiscuous mode [ 89.283538][ T5785] veth1_vlan: entered promiscuous mode [ 89.380101][ T5785] veth0_macvtap: entered promiscuous mode [ 89.405933][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.424733][ T5785] veth1_macvtap: entered promiscuous mode [ 89.472056][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.500575][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.523280][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.544751][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.557025][ T5785] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.567003][ T5785] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.577719][ T5785] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.587090][ T5785] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.730101][ T5787] veth0_vlan: entered promiscuous mode [ 89.775688][ T5788] veth0_vlan: entered promiscuous mode [ 89.792855][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.804401][ T5788] veth1_vlan: entered promiscuous mode [ 89.820633][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.845121][ T5787] veth1_vlan: entered promiscuous mode [ 89.864389][ T5786] veth0_vlan: entered promiscuous mode [ 89.895752][ T5786] veth1_vlan: entered promiscuous mode [ 89.927559][ T2882] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.954932][ T2882] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.977626][ T5788] veth0_macvtap: entered promiscuous mode [ 89.989390][ T5788] veth1_macvtap: entered promiscuous mode [ 90.016388][ T5787] veth0_macvtap: entered promiscuous mode [ 90.030351][ T5787] veth1_macvtap: entered promiscuous mode [ 90.063905][ T5786] veth0_macvtap: entered promiscuous mode [ 90.089359][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.104879][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.118082][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.182808][ T5786] veth1_macvtap: entered promiscuous mode [ 90.197870][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.210100][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.222759][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.230743][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.245705][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.255959][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.269075][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.280528][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.300939][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.315870][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.325876][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.336366][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.349594][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.369828][ T5788] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.379914][ T5788] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.390285][ T5788] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.401426][ T5788] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.427264][ T5787] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.436180][ T5787] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.445204][ T5787] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.454443][ T5787] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.479808][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.494876][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.504935][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.516770][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.528040][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.538844][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.552198][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.608089][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.620259][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.630367][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.642216][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.653762][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.665596][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.677328][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.754961][ T5786] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.765265][ T5786] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.775291][ T5786] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.784187][ T5786] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.926405][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.945658][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.980874][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.005188][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.031439][ T5791] Bluetooth: hci3: command tx timeout [ 91.076635][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.109650][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.117284][ T5791] Bluetooth: hci2: command tx timeout [ 91.117327][ T5791] Bluetooth: hci0: command tx timeout [ 91.121297][ T5791] Bluetooth: hci1: command tx timeout [ 91.157788][ T5888] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 91.187385][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.200404][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.300808][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.313395][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.409421][ T143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.447453][ T143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.482706][ T5888] kvm: emulating exchange as write [ 91.673286][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.343139][ T9] cfg80211: failed to load regulatory.db [ 92.486566][ T5901] Bluetooth: MGMT ver 1.22 [ 92.600698][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 92.661803][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.670752][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.679608][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.702747][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 92.741465][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.750351][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.759301][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.768181][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.875908][ T5899] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 93.121185][ T5791] Bluetooth: hci3: command tx timeout [ 93.203374][ T5791] Bluetooth: hci1: command tx timeout [ 93.206594][ T5793] Bluetooth: hci0: command tx timeout [ 93.209014][ T5791] Bluetooth: hci2: command tx timeout [ 93.440932][ T5911] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11'. [ 93.544808][ T5913] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11'. [ 93.586871][ T5915] syzkaller0: entered promiscuous mode [ 93.593862][ T5915] syzkaller0: entered allmulticast mode [ 94.986162][ T5926] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off. [ 95.004753][ T5926] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 95.014155][ T5926] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 95.141244][ T5833] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 95.368863][ T5833] usb 4-1: config 0 has no interfaces? [ 95.385608][ T5833] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 95.395246][ T5833] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.419441][ T5833] usb 4-1: config 0 descriptor?? [ 95.732767][ T969] usb 4-1: USB disconnect, device number 2 [ 96.237498][ T5936] netlink: 3672 bytes leftover after parsing attributes in process `syz.1.19'. [ 96.331170][ T969] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 96.572990][ T969] usb 4-1: config 0 has no interfaces? [ 96.586902][ T969] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 96.631081][ T969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.792439][ T969] usb 4-1: config 0 descriptor?? [ 97.021428][ T5947] kvm: pic: non byte write [ 97.026027][ T5947] kvm: pic: non byte write [ 97.030926][ T5947] kvm: pic: single mode not supported [ 97.031280][ T5947] kvm: pic: level sensitive irq not supported [ 97.077548][ T969] usb 4-1: USB disconnect, device number 3 [ 97.255420][ T5951] syz.1.24[5951]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 97.309494][ T5951] loop1: detected capacity change from 0 to 2048 [ 97.327074][ T5951] ======================================================= [ 97.327074][ T5951] WARNING: The mand mount option has been deprecated and [ 97.327074][ T5951] and is ignored by this kernel. Remove the mand [ 97.327074][ T5951] option from the mount to silence this warning. [ 97.327074][ T5951] ======================================================= [ 97.403744][ T5951] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 97.424557][ T5951] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 97.675252][ T5955] loop0: detected capacity change from 0 to 128 [ 97.775348][ T5840] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 97.881341][ T5955] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 53) [ 97.900446][ T5955] FAT-fs (loop0): Filesystem has been set read-only [ 98.959958][ T5840] usb 4-1: device descriptor read/all, error -71 [ 99.167779][ T5971] loop2: detected capacity change from 0 to 4096 [ 99.251464][ T5971] ntfs3: loop2: Failed to load $MFT (-22). [ 99.397928][ T5976] syzkaller0: entered promiscuous mode [ 99.421109][ T5976] syzkaller0: entered allmulticast mode [ 99.559039][ T5981] loop2: detected capacity change from 0 to 512 [ 99.603731][ T5981] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 99.657058][ T5981] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.714515][ T5981] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 3: comm syz.2.34: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 99.884802][ T5787] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1154: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 99.965081][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.343107][ T5999] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.934319][ T5992] loop1: detected capacity change from 0 to 128 [ 101.063669][ T23] IPVS: starting estimator thread 0... [ 101.191227][ T6007] IPVS: using max 26 ests per chain, 62400 per kthread [ 101.455823][ T28] audit: type=1326 audit(1764625444.189:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6009 comm="syz.2.41" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0485f8f749 code=0x0 [ 104.213452][ T6060] loop2: detected capacity change from 0 to 64 [ 104.447983][ T6065] binder: 6064:6065 ioctl c0306201 200000000080 returned -14 [ 105.574858][ T6070] loop3: detected capacity change from 0 to 32768 [ 105.750099][ T6070] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 106.003298][ T6070] XFS (loop3): Ending clean mount [ 106.036942][ T6070] XFS (loop3): Quotacheck needed: Please wait. [ 106.072235][ T2882] XFS (loop3): Metadata CRC error detected at xfs_agfl_read_verify+0x188/0x240, xfs_agfl block 0x3 [ 106.088484][ T2882] XFS (loop3): Unmount and run xfs_repair [ 106.094617][ T2882] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 106.102707][ T2882] 00000000: 58 41 46 ff 07 00 00 00 bf dc 47 fc 10 d8 4e ed XAF.......G...N. [ 106.112307][ T2882] 00000010: a5 62 11 a8 31 b3 f7 91 00 00 00 00 00 00 00 00 .b..1........... [ 106.123511][ T2882] 00000020: a5 3b c8 8a ff ff ff ff 00 00 00 07 00 00 00 08 .;.............. [ 106.133215][ T2882] 00000030: 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c ................ [ 106.142396][ T2882] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 106.151833][ T2882] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 106.176828][ T2882] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 106.186279][ T2882] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 106.196197][ T2882] XFS (loop3): metadata I/O error in "xfs_alloc_read_agfl+0x1eb/0x3a0" at daddr 0x3 len 1 error 74 [ 106.213963][ T6070] XFS (loop3): Quotacheck: Unsuccessful (Error -117): Disabling quotas. [ 106.545377][ T6070] XFS (loop3): Metadata CRC error detected at xfs_agfl_read_verify+0x188/0x240, xfs_agfl block 0x3 [ 106.563238][ T6070] XFS (loop3): Unmount and run xfs_repair [ 106.569227][ T6070] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 106.586979][ T6070] 00000000: 58 41 46 ff 07 00 00 00 bf dc 47 fc 10 d8 4e ed XAF.......G...N. [ 106.599743][ T6070] 00000010: a5 62 11 a8 31 b3 f7 91 00 00 00 00 00 00 00 00 .b..1........... [ 106.640628][ T6070] 00000020: a5 3b c8 8a ff ff ff ff 00 00 00 07 00 00 00 08 .;.............. [ 106.677618][ T6070] 00000030: 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c ................ [ 106.708195][ T6070] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 106.755116][ T6070] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 106.764854][ T6070] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 106.773910][ T6070] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 106.783054][ T6070] XFS (loop3): metadata I/O error in "xfs_alloc_read_agfl+0x1eb/0x3a0" at daddr 0x3 len 1 error 74 [ 106.834758][ T6070] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x518/0x8a0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 107.073596][ T6070] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 108.362969][ T5786] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 109.101604][ T5833] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 110.121118][ T5833] usb 1-1: Using ep0 maxpacket: 16 [ 110.166191][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 110.192135][ T5833] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 110.207143][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.228019][ T5833] usb 1-1: Product: syz [ 110.241044][ T5833] usb 1-1: Manufacturer: syz [ 110.258938][ T5833] usb 1-1: SerialNumber: syz [ 110.287184][ T5833] usb 1-1: config 0 descriptor?? [ 110.346940][ T5833] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 110.364612][ T5833] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 111.503111][ T6151] loop2: detected capacity change from 0 to 2048 [ 111.525568][ T5833] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 111.584232][ T6154] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 111.697580][ T6156] loop1: detected capacity change from 0 to 512 [ 111.700241][ T28] audit: type=1800 audit(1764625454.429:3): pid=6151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.73" name="bus" dev="loop2" ino=2097152 res=0 errno=0 [ 111.732022][ T6156] EXT4-fs: Ignoring removed bh option [ 111.769674][ T6156] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 111.798091][ T6156] EXT4-fs (loop1): orphan cleanup on readonly fs [ 111.825354][ T6156] EXT4-fs (loop1): 1 truncate cleaned up [ 111.855068][ T6156] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 111.885177][ T6159] loop3: detected capacity change from 0 to 512 [ 111.932331][ T5833] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 111.940935][ T5833] em28xx 1-1:0.0: board has no eeprom [ 111.997896][ T6159] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.067046][ T6159] ext4 filesystem being mounted at /11/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.136980][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.219434][ T6164] Zero length message leads to an empty skb [ 112.265960][ T6159] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5916: Out of memory [ 112.285779][ T6159] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #3: comm syz.3.75: mark_inode_dirty error [ 112.315433][ T6159] EXT4-fs warning (device loop3): ext4_read_block_bitmap_nowait:487: Cannot get buffer for block bitmap - block_group = 0, block_bitmap = 38402 [ 112.340431][ T6159] EXT4-fs warning (device loop3): ext4_read_block_bitmap_nowait:487: Cannot get buffer for block bitmap - block_group = 0, block_bitmap = 38402 [ 112.366878][ T6159] EXT4-fs warning (device loop3): ext4_read_block_bitmap_nowait:487: Cannot get buffer for block bitmap - block_group = 0, block_bitmap = 38402 [ 112.386884][ T5833] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 112.387235][ T6159] EXT4-fs warning (device loop3): ext4_read_block_bitmap_nowait:487: Cannot get buffer for block bitmap - block_group = 0, block_bitmap = 38402 [ 112.409450][ T5833] em28xx 1-1:0.0: dvb set to bulk mode. [ 112.419752][ T6159] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5916: Out of memory [ 112.425118][ T23] em28xx 1-1:0.0: Binding DVB extension [ 112.434070][ T6159] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #3: comm syz.3.75: mark_inode_dirty error [ 112.446909][ T6159] Quota error (device loop3): write_blk: dquota write failed [ 112.456273][ T6159] Quota error (device loop3): qtree_write_dquot: Error -12 occurred while creating quota [ 112.468524][ T6159] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.75: Failed to acquire dquot type 0 [ 113.232029][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.263046][ T5786] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5916: Out of memory [ 113.332694][ T5786] EXT4-fs error (device loop3): ext4_quota_off:7217: inode #3: comm syz-executor: mark_inode_dirty error [ 113.354673][ T6130] em28xx 1-1:0.0: writing to i2c device at 0x0 failed (error=-5) [ 113.491489][ T23] em28xx 1-1:0.0: Registering input extension [ 113.527207][ T969] usb 1-1: USB disconnect, device number 2 [ 113.552148][ T969] em28xx 1-1:0.0: Disconnecting em28xx [ 113.583290][ T969] em28xx 1-1:0.0: Closing input extension [ 113.688565][ T969] em28xx 1-1:0.0: Freeing device [ 113.923771][ T23] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 114.141089][ T23] usb 2-1: Using ep0 maxpacket: 32 [ 114.169576][ T23] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 114.187398][ T23] usb 2-1: config 0 has no interface number 0 [ 114.201150][ T23] usb 2-1: config 0 interface 184 has no altsetting 0 [ 114.215957][ T28] audit: type=1326 audit(1764625456.939:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6202 comm="syz.2.90" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0485f8f749 code=0x0 [ 114.242194][ T23] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 114.251578][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.259622][ T23] usb 2-1: Product: syz [ 114.281031][ T23] usb 2-1: Manufacturer: syz [ 114.285792][ T23] usb 2-1: SerialNumber: syz [ 114.302179][ T23] usb 2-1: config 0 descriptor?? [ 114.312194][ T23] smsc75xx v1.0.0 [ 114.594408][ T6199] loop0: detected capacity change from 0 to 32768 [ 114.956799][ T23] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 114.981561][ T23] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 115.184980][ T6215] netlink: 24 bytes leftover after parsing attributes in process `syz.2.93'. [ 115.463258][ T6220] binder: 6217:6220 ioctl c0306201 2000000001c0 returned -14 [ 115.888414][ T6227] binder: 6225:6227 ioctl c0306201 200000000440 returned -14 [ 116.469105][ T23] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000118: -71 [ 116.493323][ T6235] loop0: detected capacity change from 0 to 4096 [ 116.521782][ T23] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write RX_ADDRH: -71 [ 116.553886][ T23] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to set mac address [ 116.588426][ T23] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 116.608562][ T23] smsc75xx: probe of 2-1:0.184 failed with error -71 [ 116.637419][ T23] usb 2-1: USB disconnect, device number 2 [ 116.641730][ T6235] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 116.929017][ T6235] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 116.972256][ T6235] ntfs3: loop0: Failed to load $Extend (-22). [ 116.978382][ T6235] ntfs3: loop0: Failed to initialize $Extend. [ 117.428503][ T6235] ntfs3: loop0: ino=1f, "file2" failed to open parent directory r=5 to update [ 117.769094][ T5922] ntfs3: loop0: ino=1f, failed to open parent directory r=5 to update [ 119.734001][ T6278] netlink: 16 bytes leftover after parsing attributes in process `syz.0.110'. [ 119.934292][ T6280] overlayfs: failed to clone upperpath [ 120.519749][ T6292] loop3: detected capacity change from 0 to 128 [ 120.553400][ T6293] loop1: detected capacity change from 0 to 256 [ 120.584575][ T6293] exfat: Deprecated parameter 'namecase' [ 120.590300][ T6293] exfat: Deprecated parameter 'namecase' [ 120.891865][ T6292] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 120.957841][ T6292] ext4 filesystem being mounted at /25/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 121.770299][ T6293] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5430151d, utbl_chksum : 0xe619d30d) [ 122.090191][ T5786] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 122.276797][ T789] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 122.362069][ T6308] syzkaller0: entered promiscuous mode [ 122.398877][ T6308] syzkaller0: entered allmulticast mode [ 122.473094][ T789] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 122.493783][ T789] usb 2-1: New USB device found, idVendor=0a5c, idProduct=bd1f, bcdDevice=53.1a [ 122.507358][ T789] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.525303][ T789] usb 2-1: Product: syz [ 122.539414][ T789] usb 2-1: Manufacturer: syz [ 122.551632][ T789] usb 2-1: SerialNumber: syz [ 122.589950][ T789] usb 2-1: config 0 descriptor?? [ 122.877240][ T969] usb 2-1: USB disconnect, device number 3 [ 126.384453][ T6355] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 131.341408][ T5840] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 131.541096][ T5840] usb 1-1: Using ep0 maxpacket: 16 [ 131.556690][ T5840] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.575505][ T5840] usb 1-1: config 0 interface 0 has no altsetting 0 [ 131.584624][ T5840] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 131.616251][ T5840] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.634348][ T5840] usb 1-1: config 0 descriptor?? [ 131.663896][ T6394] syzkaller0: entered promiscuous mode [ 131.676311][ T6394] syzkaller0: entered allmulticast mode [ 132.100637][ T5840] nzxt-smart2 0003:1E71:2009.0001: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.0-1/input0 [ 132.737121][ T6413] overlayfs: failed to clone upperpath [ 132.759633][ T6413] overlayfs: failed to clone upperpath [ 133.006730][ T6406] loop1: detected capacity change from 0 to 32768 [ 133.041937][ T6406] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.154 (6406) [ 133.115019][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.122677][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.161329][ T6406] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 133.190815][ T6406] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 133.200649][ T6406] BTRFS info (device loop1): force clearing of disk cache [ 133.216297][ T6406] BTRFS info (device loop1): enabling auto defrag [ 133.233901][ T6406] BTRFS info (device loop1): max_inline at 727 [ 133.263420][ T6406] BTRFS info (device loop1): enabling disk space caching [ 133.281322][ T6406] BTRFS info (device loop1): disk space caching is enabled [ 133.466614][ T23] usb 1-1: USB disconnect, device number 3 [ 133.706335][ T6406] BTRFS info (device loop1): enabling ssd optimizations [ 133.782766][ T6406] BTRFS info (device loop1): rebuilding free space tree [ 134.550782][ T6406] BTRFS info (device loop1): disabling free space tree [ 134.559353][ T6406] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 134.575281][ T6406] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 134.907050][ T2882] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 135.091282][ T28] audit: type=1800 audit(1764625477.819:5): pid=6447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.154" name="bus" dev="loop1" ino=263 res=0 errno=0 [ 135.498684][ T6455] sd 0:0:1:0: PR command failed: 1026 [ 135.522999][ T5785] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 135.533305][ T6455] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 135.591194][ T6455] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 138.627724][ T789] kernel write not supported for file bpf-prog (pid: 789 comm: kworker/0:2) [ 138.958029][ T6502] loop3: detected capacity change from 0 to 128 [ 146.438619][ T6548] sched: RT throttling activated [ 151.783419][ T6608] syzkaller0: entered promiscuous mode [ 151.810245][ T6608] syzkaller0: entered allmulticast mode [ 152.004070][ T6612] syzkaller0: entered promiscuous mode [ 152.009755][ T6612] syzkaller0: entered allmulticast mode [ 153.452686][ T6632] syzkaller0: entered promiscuous mode [ 153.478686][ T6632] syzkaller0: entered allmulticast mode [ 153.550516][ T6639] loop0: detected capacity change from 0 to 764 [ 154.271119][ T6647] process 'syz.0.224' launched './file2' with NULL argv: empty string added [ 154.758107][ T6653] loop0: detected capacity change from 0 to 16 [ 154.804950][ T6653] erofs: (device loop0): mounted with root inode @ nid 36. [ 155.023180][ T6659] erofs: (device loop0): z_erofs_readahead: readahead error at folio 87 @ nid 36 [ 155.047627][ T6659] erofs: (device loop0): z_erofs_readahead: readahead error at folio 86 @ nid 36 [ 155.107441][ T6659] syz.0.226: attempt to access beyond end of device [ 155.107441][ T6659] loop0: rw=524288, sector=8, nr_sectors = 24 limit=16 [ 155.157229][ T6659] syz.0.226: attempt to access beyond end of device [ 155.157229][ T6659] loop0: rw=524288, sector=14425508768, nr_sectors = 8 limit=16 [ 155.451871][ T6649] gtp0: entered promiscuous mode [ 155.826638][ T6667] genirq: Flags mismatch irq 4. 00000000 (pcl812) vs. 00000000 (ttyS0) [ 156.138557][ T6661] syz.3.229 (6661) used greatest stack depth: 20112 bytes left [ 158.141126][ T5833] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 158.285911][ T6688] binder_alloc: 6687: pid 6687 spamming oneway? 2 buffers allocated for a total size of 5120 [ 158.381940][ T5833] usb 2-1: Using ep0 maxpacket: 16 [ 158.552666][ T6692] loop0: detected capacity change from 0 to 128 [ 158.566544][ T6694] Cannot find add_set index 65532 as target [ 158.595247][ T5833] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.615524][ T5833] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.625664][ T5833] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 158.635034][ T5833] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.648529][ T5833] usb 2-1: config 0 descriptor?? [ 159.637100][ T5833] usbhid 2-1:0.0: can't add hid device: -71 [ 159.651804][ T5833] usbhid: probe of 2-1:0.0 failed with error -71 [ 159.669440][ T5833] usb 2-1: USB disconnect, device number 4 [ 160.700802][ T6722] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 161.459226][ T6712] loop3: detected capacity change from 0 to 32768 [ 162.376473][ T6712] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 162.522599][ T6741] overlayfs: failed to resolve './file0': -2 [ 162.622595][ T28] audit: type=1800 audit(1764625505.359:6): pid=6712 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.244" name="file1" dev="loop3" ino=17058 res=0 errno=0 [ 163.931163][ T6712] syz.3.244 (6712) used greatest stack depth: 19696 bytes left [ 164.232308][ T6758] loop0: detected capacity change from 0 to 8 [ 164.536204][ T5786] (syz-executor,5786,1):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72 [ 164.755017][ T5786] ocfs2: Unmounting device (7,3) on (node local) [ 168.000810][ T6785] loop3: detected capacity change from 0 to 16 [ 168.015257][ T6783] tipc: Started in network mode [ 168.037878][ T6783] tipc: Node identity ac14140f, cluster identity 4711 [ 168.064246][ T6785] erofs: (device loop3): mounted with root inode @ nid 36. [ 168.084903][ T6783] tipc: New replicast peer: 255.255.255.255 [ 168.136235][ T6783] tipc: Enabled bearer , priority 10 [ 168.146953][ T6785] syz.3.260: attempt to access beyond end of device [ 168.146953][ T6785] loop3: rw=0, sector=8, nr_sectors = 32 limit=16 [ 168.203277][ T6785] syz.3.260: attempt to access beyond end of device [ 168.203277][ T6785] loop3: rw=524288, sector=16, nr_sectors = 32 limit=16 [ 168.241194][ T6785] syz.3.260: attempt to access beyond end of device [ 168.241194][ T6785] loop3: rw=524288, sector=8, nr_sectors = 32 limit=16 [ 168.340621][ T5786] BUG: Bad page state in process syz-executor pfn:24fbe [ 168.348406][ T5786] page:ffffea000093ef80 refcount:0 mapcount:0 mapping:ffff88805bc787c8 index:0x2 pfn:0x24fbe [ 168.358810][ T5786] aops:z_erofs_cache_aops ino:0 [ 168.363800][ T5786] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 168.371925][ T5786] page_type: 0xffffffff() [ 168.377204][ T5786] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805bc787c8 [ 168.386067][ T5786] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 168.394866][ T5786] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 168.402288][ T5786] page_owner tracks the page as allocated [ 168.408515][ T5786] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6785, tgid 6784 (syz.3.260), ts 168146459941, free_ts 160429343381 [ 168.430674][ T5786] post_alloc_hook+0x1cd/0x210 [ 168.435614][ T5786] get_page_from_freelist+0x195c/0x19f0 [ 168.441363][ T5786] __alloc_pages+0x1e3/0x460 [ 168.446011][ T5786] z_erofs_do_read_page+0x20c0/0x3680 [ 168.451495][ T5786] z_erofs_pcluster_readmore+0x2cf/0x450 [ 168.457196][ T5786] z_erofs_read_folio+0x208/0x540 [ 168.462449][ T5786] filemap_read_folio+0x167/0x760 [ 168.467521][ T5786] do_read_cache_folio+0x470/0x7e0 [ 168.472901][ T5786] erofs_bread+0x16f/0x630 [ 168.477386][ T5786] erofs_namei+0x28c/0xf00 [ 168.482804][ T5786] erofs_lookup+0x135/0x310 [ 168.487371][ T5786] path_openat+0x10b8/0x3190 [ 168.492200][ T5786] do_filp_open+0x1c5/0x3d0 [ 168.496769][ T5786] do_sys_openat2+0x12c/0x1c0 [ 168.501561][ T5786] __x64_sys_creat+0x90/0xb0 [ 168.506191][ T5786] do_syscall_64+0x55/0xb0 [ 168.510645][ T5786] page last free stack trace: [ 168.515416][ T5786] free_unref_page_prepare+0x7ce/0x8e0 [ 168.521005][ T5786] free_unref_page_list+0xbe/0x860 [ 168.526167][ T5786] release_pages+0x1fa0/0x2220 [ 168.531023][ T5786] tlb_flush_mmu+0x368/0x4f0 [ 168.535744][ T5786] tlb_finish_mmu+0xc3/0x1d0 [ 168.540379][ T5786] exit_mmap+0x3f0/0xb50 [ 168.544754][ T5786] __mmput+0x118/0x3c0 [ 168.548859][ T5786] exit_mm+0x1da/0x2c0 [ 168.553072][ T5786] do_exit+0x88e/0x23c0 [ 168.557274][ T5786] do_group_exit+0x21b/0x2d0 [ 168.561979][ T5786] get_signal+0x12fc/0x1400 [ 168.566528][ T5786] arch_do_signal_or_restart+0x9c/0x7b0 [ 168.572219][ T5786] exit_to_user_mode_loop+0x70/0x110 [ 168.577562][ T5786] exit_to_user_mode_prepare+0xf6/0x180 [ 168.584214][ T5786] syscall_exit_to_user_mode+0x1a/0x50 [ 168.589719][ T5786] do_syscall_64+0x61/0xb0 [ 168.594365][ T5786] Modules linked in: [ 168.598322][ T5786] CPU: 0 PID: 5786 Comm: syz-executor Not tainted syzkaller #0 [ 168.605987][ T5786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 168.616090][ T5786] Call Trace: [ 168.619404][ T5786] [ 168.622372][ T5786] dump_stack_lvl+0x16c/0x230 [ 168.627097][ T5786] ? show_regs_print_info+0x20/0x20 [ 168.632337][ T5786] ? swiotlb_print_info+0x70/0x70 [ 168.637431][ T5786] bad_page+0x14b/0x170 [ 168.641631][ T5786] free_unref_page_prepare+0x887/0x8e0 [ 168.647143][ T5786] free_unref_page+0x32/0x2e0 [ 168.651870][ T5786] ? __folio_put+0xef/0x210 [ 168.656409][ T5786] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 168.662965][ T5786] erofs_shrink_workstation+0x118/0x290 [ 168.668554][ T5786] ? erofs_shrinker_unregister+0x170/0x170 [ 168.674404][ T5786] ? io_schedule+0xd0/0xd0 [ 168.678872][ T5786] ? kobject_put+0x43c/0x470 [ 168.683510][ T5786] erofs_shrinker_unregister+0x5d/0x170 [ 168.689106][ T5786] erofs_put_super+0x4e/0x150 [ 168.693845][ T5786] ? erofs_free_inode+0xb0/0xb0 [ 168.698727][ T5786] generic_shutdown_super+0x134/0x2b0 [ 168.704131][ T5786] kill_block_super+0x44/0x90 [ 168.708823][ T5786] erofs_kill_sb+0x4c/0x140 [ 168.713359][ T5786] deactivate_locked_super+0x97/0x100 [ 168.718752][ T5786] cleanup_mnt+0x429/0x4c0 [ 168.723187][ T5786] task_work_run+0x1ce/0x250 [ 168.727803][ T5786] ? task_work_cancel+0x240/0x240 [ 168.732879][ T5786] ? exit_to_user_mode_loop+0x3b/0x110 [ 168.738377][ T5786] exit_to_user_mode_loop+0xe6/0x110 [ 168.743686][ T5786] exit_to_user_mode_prepare+0xf6/0x180 [ 168.749246][ T5786] syscall_exit_to_user_mode+0x1a/0x50 [ 168.754735][ T5786] do_syscall_64+0x61/0xb0 [ 168.759178][ T5786] ? clear_bhb_loop+0x40/0x90 [ 168.763882][ T5786] ? clear_bhb_loop+0x40/0x90 [ 168.768616][ T5786] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 168.774533][ T5786] RIP: 0033:0x7f9674390a77 [ 168.778991][ T5786] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 168.798621][ T5786] RSP: 002b:00007fff26416b78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 168.807074][ T5786] RAX: 0000000000000000 RBX: 00007f9674413d7d RCX: 00007f9674390a77 [ 168.815142][ T5786] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff26416c30 [ 168.823126][ T5786] RBP: 00007fff26416c30 R08: 0000000000000000 R09: 0000000000000000 [ 168.831111][ T5786] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff26417cc0 [ 168.839090][ T5786] R13: 00007f9674413d7d R14: 0000000000029123 R15: 00007fff26417d00 [ 168.847086][ T5786] [ 168.851371][ T5786] Disabling lock debugging due to kernel taint [ 168.857604][ T5786] BUG: Bad page state in process syz-executor pfn:24fbf [ 168.864794][ T5786] page:ffffea000093efc0 refcount:0 mapcount:0 mapping:ffff88805bc787c8 index:0x3 pfn:0x24fbf [ 168.875095][ T5786] aops:z_erofs_cache_aops ino:0 [ 168.880326][ T5786] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 168.888889][ T5786] page_type: 0xffffffff() [ 168.893453][ T5786] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805bc787c8 [ 168.902124][ T5786] raw: 0000000000000003 0000000000000000 00000000ffffffff 0000000000000000 [ 168.910745][ T5786] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 168.918151][ T5786] page_owner tracks the page as allocated [ 168.923932][ T5786] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6785, tgid 6784 (syz.3.260), ts 168146478322, free_ts 160429356370 [ 168.945908][ T5786] post_alloc_hook+0x1cd/0x210 [ 168.950712][ T5786] get_page_from_freelist+0x195c/0x19f0 [ 168.956398][ T5786] __alloc_pages+0x1e3/0x460 [ 168.961113][ T5786] z_erofs_do_read_page+0x20c0/0x3680 [ 168.966517][ T5786] z_erofs_pcluster_readmore+0x2cf/0x450 [ 168.972219][ T5786] z_erofs_read_folio+0x208/0x540 [ 168.977264][ T5786] filemap_read_folio+0x167/0x760 [ 168.982366][ T5786] do_read_cache_folio+0x470/0x7e0 [ 168.987522][ T5786] erofs_bread+0x16f/0x630 [ 168.992841][ T5786] erofs_namei+0x28c/0xf00 [ 168.997293][ T5786] erofs_lookup+0x135/0x310 [ 169.001946][ T5786] path_openat+0x10b8/0x3190 [ 169.006568][ T5786] do_filp_open+0x1c5/0x3d0 [ 169.011128][ T5786] do_sys_openat2+0x12c/0x1c0 [ 169.015830][ T5786] __x64_sys_creat+0x90/0xb0 [ 169.020445][ T5786] do_syscall_64+0x55/0xb0 [ 169.024967][ T5786] page last free stack trace: [ 169.029661][ T5786] free_unref_page_prepare+0x7ce/0x8e0 [ 169.035183][ T5786] free_unref_page_list+0xbe/0x860 [ 169.040330][ T5786] release_pages+0x1fa0/0x2220 [ 169.045151][ T5786] tlb_flush_mmu+0x368/0x4f0 [ 169.049763][ T5786] tlb_finish_mmu+0xc3/0x1d0 [ 169.054421][ T5786] exit_mmap+0x3f0/0xb50 [ 169.058707][ T5786] __mmput+0x118/0x3c0 [ 169.062859][ T5786] exit_mm+0x1da/0x2c0 [ 169.066959][ T5786] do_exit+0x88e/0x23c0 [ 169.071173][ T5786] do_group_exit+0x21b/0x2d0 [ 169.075796][ T5786] get_signal+0x12fc/0x1400 [ 169.080332][ T5786] arch_do_signal_or_restart+0x9c/0x7b0 [ 169.085977][ T5786] exit_to_user_mode_loop+0x70/0x110 [ 169.091326][ T5786] exit_to_user_mode_prepare+0xf6/0x180 [ 169.097724][ T5786] syscall_exit_to_user_mode+0x1a/0x50 [ 169.103322][ T5786] do_syscall_64+0x61/0xb0 [ 169.107773][ T5786] Modules linked in: [ 169.111729][ T5786] CPU: 0 PID: 5786 Comm: syz-executor Tainted: G B syzkaller #0 [ 169.120780][ T5786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 169.130867][ T5786] Call Trace: [ 169.134190][ T5786] [ 169.137156][ T5786] dump_stack_lvl+0x16c/0x230 [ 169.141881][ T5786] ? show_regs_print_info+0x20/0x20 [ 169.147122][ T5786] ? swiotlb_print_info+0x70/0x70 [ 169.152188][ T5786] bad_page+0x14b/0x170 [ 169.156386][ T5786] free_unref_page_prepare+0x887/0x8e0 [ 169.161893][ T5786] free_unref_page+0x32/0x2e0 [ 169.166628][ T5786] ? __folio_put+0xef/0x210 [ 169.171152][ T5786] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 169.171189][ T23] tipc: Node number set to 2886997007 [ 169.177586][ T5786] erofs_shrink_workstation+0x118/0x290 [ 169.177611][ T5786] ? erofs_shrinker_unregister+0x170/0x170 [ 169.194595][ T5786] ? io_schedule+0xd0/0xd0 [ 169.199048][ T5786] ? kobject_put+0x43c/0x470 [ 169.203654][ T5786] erofs_shrinker_unregister+0x5d/0x170 [ 169.209237][ T5786] erofs_put_super+0x4e/0x150 [ 169.213926][ T5786] ? erofs_free_inode+0xb0/0xb0 [ 169.218795][ T5786] generic_shutdown_super+0x134/0x2b0 [ 169.224196][ T5786] kill_block_super+0x44/0x90 [ 169.228900][ T5786] erofs_kill_sb+0x4c/0x140 [ 169.233444][ T5786] deactivate_locked_super+0x97/0x100 [ 169.238851][ T5786] cleanup_mnt+0x429/0x4c0 [ 169.243300][ T5786] task_work_run+0x1ce/0x250 [ 169.247925][ T5786] ? task_work_cancel+0x240/0x240 [ 169.252979][ T5786] ? exit_to_user_mode_loop+0x3b/0x110 [ 169.258470][ T5786] exit_to_user_mode_loop+0xe6/0x110 [ 169.263787][ T5786] exit_to_user_mode_prepare+0xf6/0x180 [ 169.269394][ T5786] syscall_exit_to_user_mode+0x1a/0x50 [ 169.274878][ T5786] do_syscall_64+0x61/0xb0 [ 169.279348][ T5786] ? clear_bhb_loop+0x40/0x90 [ 169.284050][ T5786] ? clear_bhb_loop+0x40/0x90 [ 169.288838][ T5786] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 169.294755][ T5786] RIP: 0033:0x7f9674390a77 [ 169.299194][ T5786] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 169.318825][ T5786] RSP: 002b:00007fff26416b78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 169.327253][ T5786] RAX: 0000000000000000 RBX: 00007f9674413d7d RCX: 00007f9674390a77 [ 169.335237][ T5786] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff26416c30 [ 169.343215][ T5786] RBP: 00007fff26416c30 R08: 0000000000000000 R09: 0000000000000000 [ 169.351193][ T5786] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff26417cc0 [ 169.359263][ T5786] R13: 00007f9674413d7d R14: 0000000000029123 R15: 00007fff26417d00 [ 169.367246][ T5786] [ 169.371379][ T5786] BUG: Bad page state in process syz-executor pfn:2def2 [ 169.379165][ T5786] page:ffffea0000b7bc80 refcount:0 mapcount:0 mapping:ffff88805bc787c8 index:0x4 pfn:0x2def2 [ 169.389512][ T5786] aops:z_erofs_cache_aops ino:0 [ 169.394448][ T5786] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 169.402272][ T5786] page_type: 0xffffffff() [ 169.407434][ T5786] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805bc787c8 [ 169.416198][ T5786] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 169.424896][ T5786] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 169.432369][ T5786] page_owner tracks the page as allocated [ 169.438101][ T5786] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6785, tgid 6784 (syz.3.260), ts 168146496911, free_ts 160429330471 [ 169.460143][ T5786] post_alloc_hook+0x1cd/0x210 [ 169.465003][ T5786] get_page_from_freelist+0x195c/0x19f0 [ 169.470570][ T5786] __alloc_pages+0x1e3/0x460 [ 169.475325][ T5786] z_erofs_do_read_page+0x20c0/0x3680 [ 169.480724][ T5786] z_erofs_pcluster_readmore+0x2cf/0x450 [ 169.486405][ T5786] z_erofs_read_folio+0x208/0x540 [ 169.491506][ T5786] filemap_read_folio+0x167/0x760 [ 169.496581][ T5786] do_read_cache_folio+0x470/0x7e0 [ 169.502483][ T5786] erofs_bread+0x16f/0x630 [ 169.506939][ T5786] erofs_namei+0x28c/0xf00 [ 169.511745][ T5786] erofs_lookup+0x135/0x310 [ 169.516286][ T5786] path_openat+0x10b8/0x3190 [ 169.520887][ T5786] do_filp_open+0x1c5/0x3d0 [ 169.525518][ T5786] do_sys_openat2+0x12c/0x1c0 [ 169.530237][ T5786] __x64_sys_creat+0x90/0xb0 [ 169.534910][ T5786] do_syscall_64+0x55/0xb0 [ 169.539363][ T5786] page last free stack trace: [ 169.544089][ T5786] free_unref_page_prepare+0x7ce/0x8e0 [ 169.549580][ T5786] free_unref_page_list+0xbe/0x860 [ 169.554771][ T5786] release_pages+0x1fa0/0x2220 [ 169.559573][ T5786] tlb_flush_mmu+0x368/0x4f0 [ 169.564238][ T5786] tlb_finish_mmu+0xc3/0x1d0 [ 169.568858][ T5786] exit_mmap+0x3f0/0xb50 [ 169.573167][ T5786] __mmput+0x118/0x3c0 [ 169.577253][ T5786] exit_mm+0x1da/0x2c0 [ 169.581407][ T5786] do_exit+0x88e/0x23c0 [ 169.585595][ T5786] do_group_exit+0x21b/0x2d0 [ 169.590202][ T5786] get_signal+0x12fc/0x1400 [ 169.594930][ T5786] arch_do_signal_or_restart+0x9c/0x7b0 [ 169.600511][ T5786] exit_to_user_mode_loop+0x70/0x110 [ 169.606470][ T5786] exit_to_user_mode_prepare+0xf6/0x180 [ 169.612210][ T5786] syscall_exit_to_user_mode+0x1a/0x50 [ 169.617700][ T5786] do_syscall_64+0x61/0xb0 [ 169.622176][ T5786] Modules linked in: [ 169.626095][ T5786] CPU: 0 PID: 5786 Comm: syz-executor Tainted: G B syzkaller #0 [ 169.635114][ T5786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 169.645171][ T5786] Call Trace: [ 169.648453][ T5786] [ 169.651483][ T5786] dump_stack_lvl+0x16c/0x230 [ 169.656172][ T5786] ? show_regs_print_info+0x20/0x20 [ 169.661414][ T5786] ? swiotlb_print_info+0x70/0x70 [ 169.666459][ T5786] bad_page+0x14b/0x170 [ 169.670652][ T5786] free_unref_page_prepare+0x887/0x8e0 [ 169.676124][ T5786] free_unref_page+0x32/0x2e0 [ 169.680821][ T5786] ? __folio_put+0xef/0x210 [ 169.685420][ T5786] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 169.691855][ T5786] erofs_shrink_workstation+0x118/0x290 [ 169.697409][ T5786] ? erofs_shrinker_unregister+0x170/0x170 [ 169.703223][ T5786] ? io_schedule+0xd0/0xd0 [ 169.707657][ T5786] ? kobject_put+0x43c/0x470 [ 169.712263][ T5786] erofs_shrinker_unregister+0x5d/0x170 [ 169.717839][ T5786] erofs_put_super+0x4e/0x150 [ 169.722546][ T5786] ? erofs_free_inode+0xb0/0xb0 [ 169.727423][ T5786] generic_shutdown_super+0x134/0x2b0 [ 169.732838][ T5786] kill_block_super+0x44/0x90 [ 169.737556][ T5786] erofs_kill_sb+0x4c/0x140 [ 169.742082][ T5786] deactivate_locked_super+0x97/0x100 [ 169.747472][ T5786] cleanup_mnt+0x429/0x4c0 [ 169.751906][ T5786] task_work_run+0x1ce/0x250 [ 169.756519][ T5786] ? task_work_cancel+0x240/0x240 [ 169.761573][ T5786] ? exit_to_user_mode_loop+0x3b/0x110 [ 169.767132][ T5786] exit_to_user_mode_loop+0xe6/0x110 [ 169.772432][ T5786] exit_to_user_mode_prepare+0xf6/0x180 [ 169.777999][ T5786] syscall_exit_to_user_mode+0x1a/0x50 [ 169.783471][ T5786] do_syscall_64+0x61/0xb0 [ 169.787985][ T5786] ? clear_bhb_loop+0x40/0x90 [ 169.792681][ T5786] ? clear_bhb_loop+0x40/0x90 [ 169.797382][ T5786] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 169.803300][ T5786] RIP: 0033:0x7f9674390a77 [ 169.807732][ T5786] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 169.827534][ T5786] RSP: 002b:00007fff26416b78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 169.835958][ T5786] RAX: 0000000000000000 RBX: 00007f9674413d7d RCX: 00007f9674390a77 [ 169.843935][ T5786] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff26416c30 [ 169.851919][ T5786] RBP: 00007fff26416c30 R08: 0000000000000000 R09: 0000000000000000 [ 169.859895][ T5786] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff26417cc0 [ 169.867955][ T5786] R13: 00007f9674413d7d R14: 0000000000029123 R15: 00007fff26417d00 [ 169.875938][ T5786]