last executing test programs:

36.116628227s ago: executing program 3 (id=1153):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r1, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @window, @sack_perm, @sack_perm, @timestamp, @timestamp, @timestamp, @timestamp], 0x20000149)

35.952699775s ago: executing program 3 (id=1156):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1c, &(0x7f0000001000), &(0x7f00000013c0)=0x4)

35.952374848s ago: executing program 3 (id=1157):
connect$inet6(0xffffffffffffffff, &(0x7f0000000380)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c)
close(0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0xc39}, 0x14}}, 0x0)

35.87241687s ago: executing program 3 (id=1158):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000400)={[{@iocharset={'iocharset', 0x3d, 'cp850'}}, {@umask={'umask', 0x3d, 0x5}}, {@namecase}, {}, {@fmask={'fmask', 0x3d, 0x8}}, {@discard}, {@dmask={'dmask', 0x3d, 0x9}}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@utf8}, {@allow_utime={'allow_utime', 0x3d, 0xce38}}]}, 0x1, 0x1528, &(0x7f00000037c0)="$eJzs3AuYT9X6OPD3XWvtMSS+TXIZ1lrv5ptclkmSXJLkkiRJkuSWkDTJkYTEEJI0JCG5DEkMIblMTBr3+/2SkCRNkoTklqz/M+FxOnX+p/M7/XKe37yf59mP9X73ftd+9/f9XvbeZubbrkNrNaldvRERwX8EL/yTBACxADAQAPICQAAA5ePKx2Wtzykx6T/bCftzPZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/D9/+yMv///D8ksM/bLNWWu6wYQ80dTuP/ZG/f//6zgj2zE/c/euP/ZVeyVLoD9F+D3f3aQ45+u4f5nb9x/xrKzK33/+UovEPkvew6O5LzQmL/q+BljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsb/AaX+ZAoBL4ytdF2OMMcYYY4wxxv48PseVroAxxhhjjDHGGGP/+xAESFAQQAzkgFjICblAAMDVkAfyQgSugTi4FvLBdZAfCkBBKATxUBiKgAYDFghCKArFIArXQ3G4AUpASSgFpcFBGUiAG6Es3ATl4GYoD7dABbgVKkIlqAxV4DaoCrdDNbgDqsOdUANqQi2oDXdBHbgb6sI9UA/uhfpwHzSA+6EhPACN4EFoDA9BE3gYmsIj0AyaQwtoCa3+R/nPQ094AXpBb0iCPtAXXoR+0B8GwEswEF6GQfAKDIZXIRmGwFB4DYbB6zAc3oARMBJGwZswGt6CMTAWxsF4SIEJMBHehknwDkyGd2EKTIVUmAbT4T2YATNhFrwPs+EDmANzYR7MhzT4EBbAQkiHj2ARfAwZsBiWwFJYBsthBayEVbAa1sBaWAfrYQNshE2wGbbAVtgG22EHfAI74VPYBbthD3wGe+HzfzP/1D/kd0NAQIECFSqMwRiMxVjMhbkwN+bGPJgHIxjBOIzDfJgP82N+LIgFMR7jsQgWQYMGCQmLYlGMYhSLY3EsgSWwFJZChw4TMAHL4k1YDstheSyPFbACVsRKWAmrYBWsilWxGlbD6lgda2ANrIW18C68C/tgXayL9bAe1sf6l25PYSNshI2xMTbBJtgUm2IzbIYtsAW2wlbYGltjG2yD7bAdtsf22AE7YCImYkfsiJ2wE3bGztgFu2BX7IrdsDt2z3w+B+AL+AL2xhqiD/bFvtgPk3MMwJfwJXwZB+Er+Aq+isk4BIfia/gavo7D8SSOwJE4CkdhVfEWjsGxSGI8pmAKTsSJOAknYVah7+JUTMVpOB2n4wyciTPxfZyNH+AHOBfn4nxMwzRcgAsxHdNxEZ7CDFyMS3ApLsPluAxX4ipciWtwLa7B9bgeN+JG3IybcStuxe24HT9BBYCf4m7cjcm4F/fiPtyH+3E/HsADmImZeBAP4iE8hIfxMB7BI3gUj+FxPIYn8ASexFN4Gk/jWTyL5/DZ+K8bf1JydTKILEooESNiRKyIFblELpFb5BZ5RB4RERERJ+JEPpFP5Bf5RUFRUMSLeFFEFBFGGEEijAEAERVRUVwUFyVECVFKlBJOOJEgEkRZUVaUE+VEeXGLqCBuFRVFJdHWVRFVRFXRzlUTd4jqorqoIWqKWqK2qC3qiDqirqgr6ol6or6oLxqI+0VD0QcH4IMiqzNNxBBsKoZiM9FcyIufYK3FcGwj2op24nExEkdgB9HaJYqnREcxBjuJv4mx+IzoIsZjV/Gc6Ca6ix7iedFTtHG9RG8xGfuIvmIq9hP9xQDxkpiBNcX7ODtnLfGqSBZDxFDxmpiPr4vh4g0xQowUo8SbYrR4S4wRY8U4MV6kiAlionhbTBLviMniXTFFTBWpYpqYLt4TM8RMMUu8L2aLD8QcMVfME/NFmvhQLBALRbr4SCwSH4sMsVgsEUvFMrFcrBArxSqxWqwRa8U6sV5sEBvFJrFZbBFbxTaxXewQn4id4lOxS+wWe8RnYq/4XOwTX4j94ktxQHwlMsXX4qD4RhwS34rD4jtxRHwvjopj4rj4QZwQP4qT4pQ4Lc6Is+IncU78LM4LL0CiFFJKJQMZI3PIWJlT5pJXydwyuPjsXiPj5LUyn7xO5pcFZEFZSMbLwrKI1NJIK0mGsqgsJqPyellc3iBLyJKylCwtnSwjE+SNsqy8SZaTN8vy8hZZQd4qK8pKsrKsIm+TVeXtEiIX9lFD1pS1ZG15l0yCu2VdeY+sJ++V9eV9soG8XzaUD8hG8kHZWD4km8iHZVP5iGwmm8sWsqVsJR+VreVjso1sK9vJx2V7+YTsIJ+UifIp2VH6iy+RZ2QX+azsKp+T3WR32UP+LM9LL3vJ3hL6gOwrX5T9ZH85IBYA5MtykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZviunyKkyVU6TA+TAX2aaJeW/zH/7d/IH/7L3jXKT3Cy3yK1ym9wud8hP5E65U+6Su+QeuUfulXvlPrlP7pf75QF5QGbKTHlQHpSH5CF5WB6WR+QReVQek2fkD/KE/FGelKfkKXlGnpVn5bmLzwEoVEJJpVSgYlQOFatyqlzqKpVbXa3yqLwqoq5RcepalU9dp/KrAqqgKqTiVWFVRGlllFWkQlVUFVNRdT1efMGoUqq0cqqMSlA3/jv5qri6QZVQJX+Vf6m+pH9SXyvVSrVWrVUb1Ua1U+1Ue9VedVAdVKJKVB1VR9VJdVKdVWfVRXVRXVVX1U11Uz1UD9VT9VS9VC+VpJJUX/Wi6qf6qwHqJTVQvawGqUFqsBqsklWyGqqGqmFqmBquhqsRaoQapUap0Wq0GqPGqHFqnEpRKWqimqgmqUlqspqspqgpKlWlqulqupqhZqhZapaarWarOWqOmqfmqTSVphaoBSpdpatFapHKUIvVYrVULVXL1XK1Uq1Uq9VqtVatVevVepWhNqlNaovaorapbWqH2qF2qp1ql9ql9qg9aq/aq/apfWq/2q8OqAMqU2Wqg+qgOqQOqcPqsDqijqij6qg6ro6rE+qEOqlOqtPqtDqrzqpz6pw6r85nnfYFIhCBClQQE8QEsUFskCvIFeQOcgd5gjxBJIgEcUFckC+4LsgfFAgKBoWC+KBwUCTQgQlsIC42PRpcHxQPbghKBCWDUkHpwAVlgoTgxqBscFNQLrg5KB/cElQIbg0qBpWCykGV4LaganB7UC24I6ge3BnUCGoGtYLawV1BneDuoG5wT1AvuDeoH9wXNAjuDxoGDwSNggeDxsFDQZPg4aBp8EjQLGgetAhaBq3+1Pm9P1ngMddL99ZJuo/uq1/U/XR/PUC/pAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erJ+V0/RU3Wqnqan6/f0DD1Tz9Lv69n6Az1Hz9Xz9Hydpj/UC/RCna4/0ov0xzpDL9ZL9FK9TC/XK/RKvUqv1mv0Wr1Or9cb9Ea9SW/WW/RWvU1v1zv0J3qn/lTv0rv1Hv2Z3qs/1/v0F3q//lIf0F/pTP21Pqi/0Yf0t/qw/k4f0d/ro/qYPq5/0Cf0j/qkPqVP6zP6rP5Jn9M/6/PaZ53cZ329G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emn8ln8pv8pqApaOJNvCliipgsZMgUNUVN1ERNcVPclDAlTClTyjjjTIJJMGVNWVPOlDPlTXlTwVQwFU1FU9lUNreZ28zt5nZzh7nD3GnuNDVNTVPb1DZ1TB1T19Q19Uw9U9/UNw1MA9PQNDSNTCPT2DQ2TUwT09Q0Nc1MM9PCtDCtTCvT2rQ2bUwb0860M+1Ne9PBdDCJJtF0NB1NJ9PJdDadTRfTxXQ1XU030830MD1MT9PT9DK9TJJJMn1NX9PP9DMDzAAz0Aw0g8wgM9gMNskm2Qw1Q80wM8wMN8PNCDPSjMo6UTVvmTFmrBlnxpsUk2ImmolmkplkJpvJZoqZYlJNqpluppsZZoaZZWaZ2Wa2mWPmmHlmnkkzaWaBWWDSTbpZZBaZDJNhlpglZplZZlaYFWaVWWXWmDVmHawzG8wGs8lsMlvMFrPNbDM7zA6z0+w0u8wus8fsMXvNXrPP7DP7zX5zwBwwmSbTHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81ZU+Di96U3sTanzWWvsrnt1TaPzWv/MS5oC9l4W9gWsdrmtwV+FRtrbQlb0paypa2zZWyCvfE3cUVbyVa2Vexttqq93Vb7TVzH3m3r2ntsPXuvrW3v+lVc395nG9iHbUNEANvcNrYtbRP7sG1qH7HNbHPbwra07e0TtoN90ibap2xH+/Rv4gV2oV1lV9s1dq3dZXfb0/aMPWS/tWftT7aX7W0H2pftIPuKHWxftcl2yG/iUfZNO9q+ZcfYsXacHf+beIqdalPtNDvdvmdn2Jm/idPsh3a2Tbdz7Fw7z87/Jc6qKd1+ZBfZj22GDWCJXWqX2eV2hV15qVaf1663G+xGu9N+arfYrXab3W53XDoRtrvtHvuZ3Ws/twftN3a//dIesIdtpv36lzjr+A7b7+wR+709ao/Z4/YHe8L+qC5lZx37D/Zne956C4QEJElRQDGUg2IpJ+Wiqyg3XU15KC9F6BqKo2spH11H+akAFaRCFE+FqQhpMmSJKKSiVIyidD1dKq8UlSZHZSiBbqSydBOVo5upPN1CFehWqkiVqDJVoduoKt1O1egOqk53Ug2qSbWoNt1Fdehuqkv3UD26l+rTfdSA7qeG9AA1ogepMT1ETehhakqPUDNqTi2oJbWiR6k1PUZtqC21o8epPT1BHehJSqSnqCM9TZ3ob9SZnqEu9Cx1peeoG3WnHvQ89aQXqBf1piTqQ33pRepH/WkAvUQD6WUaRK/QYHqVkmkIDaXXaBi9TsPpDRpBI2kUvUmj6S0aQ2NpHI2nFJpAE+ltmkTv0GR6l6bQVEqlaTSd3qMZNJNm0fs0mz6gOTSX5tF8SqMPaQEtpHT6iBbRx5RBi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQJ7STPqVdtJv20Ge0lz6nffQF7acv6QB9RZn0NR2kb+gQfUuH6Tvfm76no3SMjtMPdIJ+pJN0ik7TGTpLP9E5+pnOkycIMRShDFUYhDFhjjA2zBnmCq8Kc4dXh3nCvGEkvCaMC68N84XXhfnDAmHBsFAYHxYOi4Q6NKENKQzDomGxMBpeHxYPbwhLhCXDUmHp0IVlwoTwxrBseFNYLrw5LB/eElYIbw0rhpXCh++tEt4WVg1vD6uFd4TVwzvDGmHNsFZYO7wrrBPeHdYN7wnrhfeG5cL7wgbh/WHD8IGwUfhg2Dh8KGwSPhw2DR8Jm4XNwxZhy7BV+GjYOnwsbBO2DduFj4ftwyfCDuGTYWL4VNgxfPqX9fct/Ofrk8I+Yd/wxfDF0Pt75Lzo/Gha9MPogujCaHr0o+ii6MfRjOji6JLo0uiy6PLoiujK6Kro6uia6Nrouuj66Iboxqj3tXOAQyecdMoFLsblcLEup8vlrnK53dUuj8vrIu4aF+eudfncdS6/K+AKukIu3hV2RZx2xllHLnRFXTEXdde74u4GV8KVdKVcaedcGZfgWrpWrpVr7R5zbVxb18497h53T7gn3JPuSfeU6+iedp3c31xn94zr4p51z7rnXDfX3fVwz7uebkKeC+/JJNfX9XX9XD83wA1wA91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfFTXGpLtVNd9PdDDfDVZ15YS9z3Bw3z81zaS7NLXBZ54zpbpFb5DJchlvilrhlbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vl816Y1O11+9w+t9/tdwfcVy7Tfe0Oum/cIfetO+y+c0fc9+6oO+aOux/cCfejO+lOudPujDvrfnLn3M/uvPMuJTIhMjHydmRS5J3I5Mi7kSmRqZHUyLTI9Mh7kRmRmZFZkfcjsyMfROZE5kbmReZH0iIfRhZEFkbSIx9FFkU+jmREFkeWRJZGlkWWR7wvvCX0RX0xH/XX++L+Bl/Cl/SlfGnvfBmf4G/0Zf1Nvpy/2Zf3t/gK/lZf0Vfylf0jvplv7lv4lr6Vf9S39o/5Nr6tb+cf9+39E76Df9In+qd8R/+07+T/5jv7Z3wX/6zv6p/z3Xx338M/73v6F3wv39sn+T6+r3/R9/P9/QD/kh/oX/aD/Ct+sH/VJ/shfqh/zQ/zr/vh/g0/wo/0o2Le9KMvXSLDeJ/iJ/iJ/m0/yb/jJ/t3/RQ/1af6aX66f8/P8DP9LP++n+0/8HP8XD/Pz/dp/kO/wC/06f4jv8h/7DP84ks3lf0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9Dv+J3+k/9bv8br/Hf+b3+s/9Pv+F3++/9Af8Vz7Tf+0P+m/8If+tP+y/80f89/6oP+aP+x/8Cf+jP+lP+dP+jD/rf/Ln/M/+PP/OGmOMMcbYHzLh8lD8es2F2/l9fidH/N3GfQHg6q2FMv9+fdYZ5br8F8b9RXz7CAA81bvrg5eWGjWSkpIubpshISg2F+DS/wRliYHL8WJoB09AIrSFsr9bf3/R/Sz9i/mjtwDk+rucWLgcX57/CwBM+p35H3181IIK4em4/8/8cwFKFLuckxMux4uh3S/3V9pCuX9Sf4HW/6L+nF+mALT5u5zccDm+XH8CPAZPQ+KvtmSMMcYYY4wxxi7oLyp3vnT9eeknPn/v+jxeXc7JAZfjf3V9zhhjjDHGGGOMsSvvme49nnw0MbFt539/UO1/lPWHB03hf2tmHvzuwHuAS48oAPgPJwTIGsi/8ig2/yX7Sr741vnHVcvO+AD+O1r5Zwyu8AcTY4wxxhhj7E93+aT/14+rK1UQY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDGWDf0Vf07sSh8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9vwAAAP//kfb+pw==")
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mounts\x00')
r1 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
r2 = memfd_create(&(0x7f0000000180)='\x00\xac=W[[\x87\x12\x04\xd5\xbc\x80K\x06\xcd]4(\xa2\xee2>\xa1\x9c\x86x\x1c\x9f\x97\x87\xd9c\xecR\xd6\xe8\xf3Y\x121p^\xc1\x0f\x00\x00\x00\x00\x00\x00\x00t\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00M\xc2N%\x93t[\xf3\xee\xa4\xb4\xfbf\x8dz7\\\x8e\xac\x18\x00\xfd\x89\xe1d\xfa\xcfb\xf3\xdc\xd4CY\x9a\xef\xa3\\\xa7\xa9^\xafL:[\x8e\x83U\xff\xfd\xb0\xfa\xdaL\xa99\x9b\xcfA\xe4n\xa0^\n\x1c\x84\x04\xc5a\xdf\xe5\xd4Hyn\xba:/\xa5\xf4\xaa\xfa\xcd\xc7T\x83\xf5N^\xf2n\xd0=\xb9\t\xdd-F\xacb\xac \xd3\xccj\x13\xa2\x9fLu\'\xed\x91\x867\xaa\xf5\xa0]\xb6\xaa\xea\xfd\xde\xa6\xec\b\x16\x86l:;\xf9\xdb\xcf\x88\"\xca\xe0E\xdb\xec\xf9\xb3\xed\a\x00\x00\x00\x00\x00\x00\x00\xd6.\xf7\x92\xc42\xdf\xefE\xce}\x1b\xda\xdd?\n6\xe1\xb1\xd8Y\x960\xd1\x00\x00\x00\x00\x00\x00MW\x8f\xc6\x82\xe4\x15\xf7\xe9\xd8\xc5b\x0e\x91\xc5\xc76$\x18\xa4\xbe\xe8V\x8d-\xe3\x8fC\xd5\xf5\xd6L\xe3\xce\xa1\x8dz\xce\xa7\xa5\xc8\xcbhM\x1b\xf8\x98\xc4\xfbD6\x88\xfd\xe5i\x8a\xd8\xcfm\x81Z\x19\xf0\xef\xc15\xe8\xcb\xf5\t\t\x00\x17\xfa\x1fqb\xe7\"\xcb4\xb8\xe5/\xd52\x17\x12\x1d\xd8\x87\xb9|\x8d\x83\xea\xcc\x94\xebZ\xae\xaf\x19\xa4\xb2\xc6\xe1\x926B\xb6\x89Z\xa9\xb5/\xbb\x9d&\xeeO\xb3\xb3\xd4\b`\xa9f\x84\xad\t\x1a\xc2\xd5\x88\xbfo\x80V\x93\x9fX\xd7\xff\x03\xb7J\xed\x183\xe3\x7f\xfaq,\xca\x06\xb0\xc9\x92\x93\xa5I\x89\xb7\x85\x90\xb7\x1b0\xce\xd7!\x8fD\x96\xe1 ^>\x9f\x04\x89<\xb7S\x7f\x1a\x88\xab$\xd3y\xc2\xe1\x99\xbch\xd3\x83\xcd\x7f\xc5n\xb1\xc1X \xe2\xbb\x1f\x01\x90\xb1O\x8d\x7f\xa8\xd4\xdbO\xef\x99\xf3\xd3M\x0f\t\x7f\n,\x84\x1f\xfa\xe2\xc8\x99\x97Oq\xae\x9b\x86h\xfa3\xb9\xfd\xbb\xd4^\xc0t\xa7]Y\xe9\x7f[\x11\xb1\xf3m\x17F\x9d\x18\xe2\xe1\x01\xb6f=-?\xbcI\xf2\xd9\xc4>-\xc0E\x9a\x82\xcc7S\xd4\xb6\'\xd2DY\xa5\x83,\xd1\xbc\xc7\xf6\xe0\x1f o\x06\xc2t\x14\xc2\xe0\x92\xc1\x8a\x85>@\xc9\xb0% \xc7\x13l\x8bJ\xe5\xec\x1dE\xf5\xc5\xe2\xe3\x10G7r#\xbc\x95&\x14\x1e\x97\xce\x83>Q@\xfb\xeb=\x1e\xb3\xd5H\x02\x86\xc6\xf3\xe1i\\\x1d\xf4\xc1\xacJC+\xc8}\x1b{\x86\x17\x00\n\"\xec\xa5x\xe6\xb1i\xeb\xb3\xb7I\x90\x9eai\xde\x01\xdc\xfeA\x05Sn\xe6\xe8^\xdf\x8c`\x17\xca\xbd\\QG\xb15\x82*=\xbd\xe9\xaf\x12<\xd7\xe1$\xa4\xdaU\xfb^\xd8!\xacxy\xd5X\xef\x03\xa7\x10\xa1C#S~\x0f\x17\t>X\\mv0\x9eZ\x89\xf4\xae\a\xc8\x16\xd2t\x16\xf3X%Q\xbd\xe9\x86V\xf2\x99^0\xe8xI(\xde-\x04s\x15\x06#2\xef\xef@\xa3t0d^^\xad\xf6\xad\xe0\x16\xf6\xa8\x99!\x0e\x9d+;D&\xebN\x94\x12\x04\x95o\xd6\x9fl\xcb\x16gc\xf5(\xaa_\xec\x9aiE\f\xd4\xc6\xf2\xae\x85n\x995\xcd\xa7\xbb\xf0pz\xaf\tC\x1cq\xaa\x92,Li\r\x95Z\x89\"\xaf]\x95\xb9b_\xe4\xba\xd4\x93\xab\xe1\xb9\xd8E[\xbb\xc9.M+\xbe\x81<z\xf2\xe8\xf4\x93\xe6h\x97\x7f\xaf\xc5\x06g\fI\xa58\xf5\x18x\xc9\xb9\x03\t\x06\x96gf5\xb0\xc8\x86\x14\xe2\x01\x1f\x80\xe7Ol\xba\x93\xaa\x15\x87I7W\x87\xc4;p\xc5\x1e\"K5r\xec6\xac\xf0;\xf8 \xad\xc9\xf0\x16\xce\x17\xa1%f\x12\x80\x03N[qz\xf0q\xbd\xb8s\xe5>N\xd2\xae\xf4\x18\xd0\xe7\x98\x90,\xce\ft\xc4\xc7\x02\xaa\xc7\xeb1;\x86b\x8f\x12{k#c\x1d@\xc31\x00\xd2}f\x8cX\xce\xed\xa4\xe4\xca`<_}\'\xce\x81\xb3O\xae\xa1\xbfwcN,\xf2#\x16\xc4\xad\a&\xb1U\x83w\xd0K\xaa\xdf\x84\xe5\xe4\xdb\xa3G(\x7fv\x93\xb8m\x96\xd89Kb\xa9\x852\xb9\xcaG\x8b\x11\x16\x16\xeeI\x14\xcb\xe4\x9a\x1e\xb6^\xa3\xaa^\xdc\xcfo\xfb\xd6<\xa2\xc6\xbdj\xc4\xb1B\xf3S}\xfeI\xe2e\xec}o\xcfB\xa6\x877\'\x80\x82\t\xec\xc1&\xb8\xa9\x82&\xb8XQ8M@\xaa\x1f\vj\x9aW\xec\x92\x19\xdb^\x9d\x94\x87-&\x00/z\xa2\xd7\x01\\\t\xae~\xed\no\x1a\x9cKG^+\xc9\xe0v\xc0\x96\xc4\xcc\xb7\xdd\xdf\xf9\x01\x91\xe5\to[\x97\xbe\x110\x93\x14\xf8\x8a\x8d\xeb\t\xe7?/C\xaa\xd9\xc4\xc9\xbe\x12\xed\xb3*f\xd1J\x14\x80Iy4\xa9\xf88C\xe3', 0x0)
write(r2, &(0x7f0000000140)='/', 0x1)
sendfile(r2, r2, &(0x7f0000001000), 0xfec)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x100000c, 0x11, r2, 0x0)
mount(&(0x7f0000000080)=@filename='\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x105043, 0x0)
sendfile(r1, r0, 0x0, 0x8000000d)

34.918687327s ago: executing program 3 (id=1166):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$bt_hci(r0, 0x84, 0x1, &(0x7f0000000500)=""/4049, &(0x7f00000004c0)=0xfd1)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x110)
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mlock2(&(0x7f0000fe2000/0x4000)=nil, 0x4000, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r5 = fanotify_init(0x202, 0x0)
fanotify_mark(r5, 0x1, 0x4800003e, r4, 0x0)
r6 = dup2(r5, r4)
read$FUSE(r6, &(0x7f0000001a40)={0x2020}, 0x2020)

33.630964623s ago: executing program 3 (id=1176):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x3)
r0 = io_uring_setup(0xdac, &(0x7f0000000180))
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r1, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(r1, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0xfdef}, {0x0}], 0x2}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)='z', 0xfdef}], 0x1}}], 0x3, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

27.590331272s ago: executing program 4 (id=1204):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0)
mbind(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000300), 0x203, 0x0)

27.207007704s ago: executing program 4 (id=1208):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmsg$kcm(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000680)=""/233, 0xe9}], 0x1}, 0x0)
sendmsg$alg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
sendmsg$nl_route_sched_retired(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000d40)=@delqdisc={0x80, 0x25, 0x0, 0x0, 0x0, {}, [@q_dsmark={{0xb}, {0x8, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}]}}, @q_dsmark={{0xb}, {0x14, 0x2, [@TCA_DSMARK_INDICES={0x6}, @TCA_DSMARK_DEFAULT_INDEX={0x6}]}}, @q_dsmark={{0xb}, {0xc, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6}]}}, @q_dsmark={{0xb}, {0x4}}]}, 0x80}}, 0x0)

26.878772795s ago: executing program 4 (id=1210):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$bt_hci(r0, 0x84, 0x1, &(0x7f0000000500)=""/4049, &(0x7f00000004c0)=0xfd1)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x110)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mlock2(&(0x7f0000fe2000/0x4000)=nil, 0x4000, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r6 = fanotify_init(0x202, 0x0)
fanotify_mark(r6, 0x1, 0x4800003e, r5, 0x0)
r7 = dup2(r6, r5)
read$FUSE(r7, &(0x7f0000001a40)={0x2020}, 0x2020)
r8 = syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0xed89, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000000380)=<r9=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r8, 0x3f70, 0x0, 0x0, 0x0, 0x0)
fanotify_init(0x202, 0x0)

25.799898618s ago: executing program 4 (id=1211):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @multicast1}}}, 0x84)
openat$dlm_control(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r1, 0x0, 0xfe33)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040))
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
keyctl$read(0xb, 0x0, 0x0, 0xfffffffffffffff0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000001c0))
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x800700, &(0x7f00000000c0)={[{@jqfmt_vfsv1}, {@bsdgroups}, {@errors_remount}, {@user_xattr}, {@bsdgroups}, {@block_validity}, {@stripe={'stripe', 0x3d, 0x5}}]}, 0x2, 0x44a, &(0x7f0000000400)="$eJzs281vFOUfAPDvzLbl9+OtFfEFRK0SY+NLSwsqBy8aTTxgNNEDHuu2EMJCDa2JECLVGLyYGBI9G48m/gXevBj1ZOJV74aEKBfQU83MzsDuslsobHcr+/kkA8+z82yf57vPPDPPzLMbwMAaz/5JIrZGxG8RMVrPNhcYr/939fLZ6t+Xz1aTWFl5688kL3fl8tlqWbR835YiM5FGpJ8kRSXNFk+fOT5bq82fKvJTSyfem1o8febZYydmj84fnT85c/Dggf3TLzw/81xX4sziurL7w4U9u15758Lr1cMX3v3p26y9W4v9jXF0y3gW+F8rudZ9T3S7sj7b1pBOhvrYENakEhFZdw3n4380KnG980bj1Y/72jhgXWXXpk2ddy+vAHexJPrdAqA/ygt9dv9bbj2aemwIl16q3wBlcV8ttvqeoUiLMsMt97fdNB4Rh5f/+SrbYp2eQwAANPqs+uWheKbd/C+N+xvKbS/WUMYi4p6I2BER90bEzoi4LyIv+0BEPLjG+luXhm6c/6QXbyuwW5TN/14s1raa53/l7C/GKkVuWx7/cHLkWG1+X/GZTMTwpiw/vUod37/y6+ed9jXO/7Itq7+cCxbtuDjU8oBubnZpNp+UdsGljyJ2D7WLP7m2EpBExK6I2L22P729TBx76ps9nQrdPP5VdGGdaeXriCfr/b8cLfGXktXXJ6f+F7X5fVPlUXGjn385/2an+u8o/i7I+n9z8/HfWmQsaVyvXVx7Hed//7TjPc3tHv8jydv5+WikeO2D2aWlU9MRI8mhPN/0+sz195b5snwW/8Te9uN/R/GeLP6HIiI7iB+OiEci4tGi7Y9FxOMRsXeV+H98ufO+jdD/c23Pf9eO/5b+X3uicvyH7zrVf2v9fyBPTRSv5Oe/m7jVBt7JZwcAAAD/FWn+HfgknbyWTtPJyfp3+HfG5rS2sLj09JGF90/O1b8rPxbDafmka7Theeh0slz8xXp+pnhWXO7fXzw3/qLy/zw/WV2ozfU5dhh0WzqM/8wflX63Dlh37dbRZkb60BCg51rHf9qcPfdGLxsD9JTfa8Pgusn4T3vVDqD3XP9hcLUb/+da8tYC4O7k+g+Dy/iHwWX8w+Ay/mEg3cnv+iUGORHphmiGxDol+n1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I5/AwAA///K8u7c")
syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x1269, r3)
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='tracefs\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x2204c3b, &(0x7f0000000300)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0x0])
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x220080e, &(0x7f0000000080)={[{@data_writeback}, {@prjquota}, {@grpjquota}, {@bsdgroups}, {@nouser_xattr}]}, 0x1, 0x4e6, &(0x7f0000001400)="$eJzs3U1vW0sZAODXzpeTm3uTe+kCENBSCgVVdRK3jaouoKwQQpUQXYLUhsSNothxFDulCV2k/wGJSqxgyQ9g3RV7Ngh2bMoCiY8I1FRiYXSOT1I3tZvQfDiKn0c6OmdmHL8zdc9M/brxBNC3LkXEVkQMR8TDiJjI6nPZEXdbR/K4V9tP53e2n87notm8/89c2p7URdvPJD7KnrMQET/6XsRPc+/GrW9sLs9VKuW1rDzVqK5O1Tc2ry9V5xbLi+WVUml2Znb69o1bpWMb68XqcHb15Zd/2PrWz5NujWc17eM4Tq2hD+3FSQxGxA9OIlgPDGTjGe51R/gg+Yj4LCIup/f/RAykryYAcJ41mxPRnGgvAwDnXT7NgeXyxSwXMB75fLHYyuFdiLF8pVZvXHtUW19ZaOXKJmMo/2ipUp7OcoWTMZRLyjPp9ZtyaV/5RkR8GhG/GBlNy8X5WmWhl//wAYA+9tG+9f8/I631HwA45wq97gAAcOqs/wDQf6z/ANB/rP8A0H+s/wDQf6z/ANB/rP8A0Fd+eO9ecjR3su+/Xni8sb5ce3x9oVxfLlbX54vztbXV4mKttph+Z0/1oOer1GqrMzdj/cnkt1frjan6xuaDam19pfEg/V7vB+WhUxkVAPA+n1588edcRGzdGU2PaNvLwVoN51u+1x0Aemag1x0AesZuX9C/jvAeX3oAzokOW/S+pRARo/srm81m8+S6BJywq1+Q/4d+1Zb/97+Aoc/I/0P/kv+H/tVs5g67538c9oEAwNkmxw90+fz/s+z82+zDgZ8s7H/E85PsFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxtu/v/FrO9wMcjny8WIz6OiMkYyj1aqpSnI+KTiPjTyNBIUp7pcZ8BgKPK/y2X7f91deLK+P7W4dzrkfQcET/71f1fPplrNNb+mNT/a6++8TyrL/Wi/wDAQXbX6fTc9kb+1fbT+d3jNPvz9+9GRKEVf2d7OHb24g/GYHouxFBEjP07l5Vbcm25i6PYehYRn+80/lyMpzmQ1s6n++MnsT8+1fj5t+Ln07bWOfmz+Nwx9AX6zYtk/rnb6f7Lx6X03Pn+L6Qz1NFl81/yVPM76Rz4Jv7u/DfQZf67dNgYN3///dbV6LttzyK+OBixG3unbf7ZjZ/rEv/KIeP/5UtfudytrfnriKvROX57rKlGdXWqvrF5fak6t1heLK+USrMzs9O3b9wqTaU56qnuq8E/7lz7pFtbMv6xLvELB4z/64cc/2/++/DHX31P/G9+rVP8fFx4T/xkTfzGIePPjf2u0K0tib/QZfwHvf7XDhn/5V8339k2HADonfrG5vJcpVJec+Hi7F8kf2XPQDc6XnzntGINx//1U83mB8XqNmMcR9YNOAv2bvqIeN3rzgAAAAAAAAAAAAAAAB2dxm8s9XqMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CwAA///77dI4")
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r4 = socket(0x10, 0x2, 0x0)
write(r4, &(0x7f0000000100)="240000001e005f0514f9f407faac47000a000000040000000000080008000100000000ff", 0x24)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='.\x00', 0x84406d, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000002340)='net/udplite6\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="1808000000000000000000000600000018100000", @ANYRES32, @ANYBLOB="000000000000000000000000000000001800000000000000000000000000000095000000000000003000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70200000000000085000000040000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x21)

24.844774828s ago: executing program 4 (id=1214):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"})
r1 = syz_open_pts(r0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0)
fsopen(&(0x7f0000000000)='ramfs\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180800000000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xb}, 0x48)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0x3)

19.020714119s ago: executing program 4 (id=1226):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3e8, 0x4, &(0x7f0000000040)=@framed={{0xffffffb7, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x75}, [@ldst]}, &(0x7f00000002c0)='GPL\x00', 0x0, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x2a)

7.683606423s ago: executing program 2 (id=1258):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
pipe(0x0)
write$uinput_user_dev(r0, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c)
r1 = dup(r0)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5)
ioctl$UI_DEV_CREATE(r1, 0x5501)
write$uinput_user_dev(r1, &(0x7f0000001100)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c)

7.580294738s ago: executing program 0 (id=1259):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r0, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000006c0)={@link_local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @multicast2, @private}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0x10, 0x0, 0x0, 0x0, {[@exp_smc={0xfe, 0x6}, @timestamp={0x8, 0xa}]}}}}}}}, 0x0)

7.457233285s ago: executing program 0 (id=1260):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$bt_hci(r0, 0x84, 0x1, &(0x7f0000000500)=""/4049, &(0x7f00000004c0)=0xfd1)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x110)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mlock2(&(0x7f0000fe2000/0x4000)=nil, 0x4000, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x202, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
r8 = dup2(r7, r6)
read$FUSE(r8, &(0x7f0000001a40)={0x2020}, 0x2020)
r9 = syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0xed89, 0x0, 0x0, 0x0, 0x0, r2}, &(0x7f0000000380)=<r10=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r9, 0x3f70, 0x0, 0x0, 0x0, 0x0)
dup2(0xffffffffffffffff, r1)

7.364422768s ago: executing program 2 (id=1261):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000140)={[{@nossd_spread}, {@nodatacow}, {@enospc_debug}, {@nossd}, {@nodatasum}, {@autodefrag}, {@user_subvol_rm}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, 0x0, 0x0)
mknod(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
fsync(r3)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)

6.279753368s ago: executing program 0 (id=1262):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r3, 0x5000aea5, 0x0)

5.924485238s ago: executing program 0 (id=1264):
r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmmsg$alg(r0, &(0x7f0000004780)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000007b00)=[{{0x0, 0x0, &(0x7f0000002a00)=[{&(0x7f00000001c0)=""/144, 0x90}], 0x1}}, {{0x0, 0x0, &(0x7f0000002cc0)=[{&(0x7f0000002bc0)=""/93, 0x5d}, {&(0x7f0000000480)=""/99, 0x63}], 0x2}}], 0x2, 0x0, 0x0)
sendmmsg(r0, 0x0, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000400)={0x0, 0x0}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000340)='htcp\x00', 0x5)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10)
recvmsg(r1, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1, 0x0, 0x2000000000000}, 0x700)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @remote}]}, &(0x7f0000002100)=0x10)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000300)={0x0, 0x3, 0x4, 0x0, 0x0, [{{}, 0xd}, {{r1}, 0x1ff}, {{}, 0x10001}, {{}, 0x7}]})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0xd, &(0x7f0000000440)={r4}, 0x8)

5.776621622s ago: executing program 0 (id=1265):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000600), 0x6828, 0x0)
ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f00000000c0)=""/159)

4.062162986s ago: executing program 1 (id=1267):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f00000000c0)={0xc, r1})
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r0, 0x3b65, 0x4)

3.949906615s ago: executing program 1 (id=1268):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r0, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000006c0)={@link_local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @multicast2, @private}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0x10, 0x0, 0x0, 0x0, {[@exp_smc={0xfe, 0x6}, @timestamp={0x8, 0xa}]}}}}}}}, 0x0)

3.810234868s ago: executing program 1 (id=1269):
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$netlink(0x10, 0x3, 0x0)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
socket$packet(0x11, 0x2, 0x300)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000100)=@ethtool_link_settings={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2]}})
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0x36, 0x0, 0x0)
syz_open_dev$ndb(&(0x7f0000000140), 0x0, 0x2421e0c1e292ae41)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xffffffd7}], 0x1, 0x0, 0x0)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
sendmsg$rds(r2, &(0x7f0000001300)={&(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000011c0)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000480)=[{&(0x7f0000000780)=""/160, 0xa0}, {&(0x7f0000000880)=""/87, 0x57}, {0x0, 0x1fffffff}], 0x3}}], 0x48}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
msync(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x3)
r4 = dup(r3)
write$uinput_user_dev(r4, &(0x7f0000000380)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c)
ioctl$UI_DEV_CREATE(r4, 0x5501)
signalfd(0xffffffffffffffff, &(0x7f0000000740), 0x8)
pselect6(0x40, &(0x7f0000000080), &(0x7f0000000180)={0x7ff}, 0x0, 0x0, 0x0)
munlock(&(0x7f0000e4a000/0x1000)=nil, 0x1000)
munlock(&(0x7f0000d2f000/0x2000)=nil, 0x2000)

3.370476032s ago: executing program 2 (id=1270):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$bt_hci(r0, 0x84, 0x1, &(0x7f0000000500)=""/4049, &(0x7f00000004c0)=0xfd1)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x110)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mlock2(&(0x7f0000fe2000/0x4000)=nil, 0x4000, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x202, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
r8 = dup2(r7, r6)
read$FUSE(r8, &(0x7f0000001a40)={0x2020}, 0x2020)
syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0xed89, 0x0, 0x0, 0x0, 0x0, r2}, &(0x7f0000000380)=<r9=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r10 = fanotify_init(0x202, 0x0)
dup2(r10, r1)

3.01654476s ago: executing program 0 (id=1271):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000480)={[{@nodiscard}, {}, {@acl}, {@alloc_mode_reuse}, {@inline_xattr}, {@disable_roll_forward}, {@background_gc_on}, {@nouser_xattr}, {@noflush_merge}, {@background_gc_off}, {@fsync_mode_strict}, {@adaptive_mode}, {@jqfmt_vfsold}, {@noinline_dentry}]}, 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0, 0x0)
open_by_handle_at(r0, &(0x7f0000001080)=ANY=[@ANYBLOB="4b000000020000000b"], 0x0)

2.281690813s ago: executing program 1 (id=1272):
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0)
renameat2(r0, &(0x7f00000001c0)='./file0\x00', r0, &(0x7f0000000200)='.\x02\x00', 0x4)
mount(&(0x7f00000000c0)=@filename='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='ubifs\x00', 0x0, 0x0)

1.514302577s ago: executing program 2 (id=1273):
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x5, &(0x7f0000000ac0), 0x1, 0xa0d, &(0x7f0000002080)="$eJzs3U1sXEcdAPB5a6/TfJRsSkJNGtqEQls+ajeOCR8RNFVzIWoqbpUqLlGalog0IFIJWvWQ5MSNVlW48iFOvVSAkOgFRT1xqUQjcempcOBAFKRKHKCQGMWeWa//2eXtOonX6/39pPHsvJndmbd++/bte29mEjC2Got/5+enq5Quvv3Gkb8/9LfNN5Y83i7RWvw72ZFqppSqnJ4Mr/fBxFJ87cNXT3SLqzS3+Lek09NX28/dmlI6l/amS6mVdl+8/Pq7c08dO3/0wr733jx05c6sPQAAjJdvXTo0v+svf7pvx0dv3X84bWovL8fnrZzelo/7D+cD/3L830gr01VH6DQVyk3m0AjlJrqU66ynGcpN9qh/Krxus0e5TTX1T3Qs67beMMrKdtxKVWNmRbrRmJlZ+k2eFn/XT1UzZ06dfv7skBoK3Hb/fCCltFcQhHEMC9uHvQcCWBKvF97kXDyzcGvarzbZX/1Xn2h0fz7cBmu9/S+pzg23/mXq///1/+q8PQ63z0bdmsp6lc/RtpyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JNW7HavVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEB61a8b24hK/nxvr6Yv6km/66a/M01+Vtq8rfW5MM4++1LP0mvVcu/8+Nv+kHPh5XzbHfn+GMDtieejxy0/njf76Butf54PzGsZ78//szJrzz37OWl+/+r9vZ/PW/ve3O6lT9bl3KBcr4wnldv3/vfWllPo0e5e0J77u5SfvHxzpXlqp3Lr5M69jM3tWN65fO29yq3Z2W5Vii3OYe7Qnvj8cmW8Lxy/FH2q+X9mgzr2wzrMRXaUfYrO3Ic2wGrUbbHXvf/l+1zOjWr50+dPvlYTpft9I8TzU03lu9f43YDt67f/j/TaWX/n23t5c1G535h+/LyqnO/0ArL53osP5DT5XvuOxObF5fPnPje6edu98rDmDv78ivfPX769MkfeOCBBx60Hwx7zwTcabMvvfj92bMvv/LoqRePv3DyhZNnDhw8eGBu7uBXD8zPLh7Xz3Ye3QMbyfKX/rBbAgAAAAAAAAAAAPTrh0ePXP7zO19+f6n//3L/v9L/v9z5W/r//zj0/4/95Es/+NIPcEeX/MUyYYDVqVCumcPHQ3t3hnp2hed9Isftefxy//9SXRzXtbTn3rA8jt9byoXhBG4aL2UqjEES5wv8dI4v5PiXCYao2tx9cY7rxrcu23oZn8K4FKOp/N/K1lDGMSn9v3uN61T2/zvWoI3cfmvRnXDY6wh09w/jfwvC2IaFBbN4AOvDsOf/LOc9S3zmD9+860Yoxa4+sXJ/GccvhVux3uefVP/Gmv+zPf9d3/u/MGNea3X1/vtnV97vqDbt7rf+uP5lHOidg9X/Ua6/rM3Dqb/6F34R6o8XhPr0n1D/lj7rv2n996yu/v/m+svb9siD/da/1OKqsbId8bxxuf4XzxsX18L6l7E9B17/VU7UeD3XD+NsVOaZHdSozP/bS7wP40s5XXaE5T6HON/JoO0v91eU74Fd4fWrmu838/+Otq/luO7zUOb/Ldtjq0u60ZFudnlvN+q+BkbVB67/CcLYhoWFhTt7QqvGUCtn6O//sH8nDLv+Yb//deL8v/EYPs7/G/Pj/L8xP87/G/Pj/HoxP87/G9/POP9vzL83vG6cH3i6Jv+TNfm7a/Lvq8nfU5P/qZr8fTX599fkP1CTf09N/oM1+Z+pyf9sTf5DNfmP1OR/riZ/oyv9UcZ1/WGcxf55Pv8wPsr1n16f/501+cDo+ulb+5989jffbi31/59qnw8p1/EO53Qz/3b+UU7H696pI30j752c/mvIX+/nO2CcxPEz4vf7wzX5wOgq93n5fMMYqrqP2NPvuFW9jvMZLZ/P8Rdy/MUcP5rjmRzP5nh/jufWqH3cGU/++neHXquWf+9vD/n93k8e+wPFcaIO9NmeeH5g0PvZ4zh+g7rV+lfZHQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBoGot/5+enq5Quvv3GkWeOnZq9seTxdonW4t/JjlSz/byUHsvxRI5/nh9c+/DVE53x9RxXaS5VqWovT09fbde0NaV0Lu1Nl1Ir7b54+fV35546dv7ohX3vvXnoyp17BwAAAGDj+18AAAD//8xlDh4=")
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
open_by_handle_at(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="2000000061000000000000000000000000000000aa9f00"/35], 0x0)

1.432539832s ago: executing program 1 (id=1274):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000340)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x7}}, {@debug}], [{@hash}, {@hash}, {@dont_hash}]}, 0xfd, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r1, &(0x7f0000000200), 0xf000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x1b, &(0x7f0000000180), 0x87c5)

1.216362145s ago: executing program 2 (id=1275):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000ac0), 0x0}, 0x20)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000140), 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
io_setup(0x6, 0x0)
epoll_create1(0x0)
epoll_create1(0x0)
epoll_create(0xa5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640), 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wg0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)={{0x14}, [@NFT_MSG_DELRULE={0x38, 0x6, 0xa, 0x135cfb4307d517, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x80}}, 0x0)

1.080753191s ago: executing program 1 (id=1276):
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
r1 = socket(0x2, 0x2, 0x0)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_DO_IT(r2, 0xab03)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x6)
ioctl$NBD_DISCONNECT(r2, 0xab08)

0s ago: executing program 2 (id=1277):
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xc0}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x6d)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000100)={'syz0\x00', {0x2}, 0x0, [0x0, 0x0, 0x4, 0x0, 0x5, 0x0, 0x0, 0x80000001, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x717a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0xf, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x5, 0x0, 0x402], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x81f], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x200, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf25, 0x0, 0x7], [0x0, 0x0, 0xe6c7, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x1]}, 0x45c)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f00000000c0)='./file1\x00')
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r6, &(0x7f0000000180)='./bus\x00', 0x0)
mkdirat(r6, &(0x7f0000000200)='./bus/file0\x00', 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x100)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r7, 0x40049366, 0x0)
ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0)
readv(r5, &(0x7f0000001900)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1)

kernel console output (not intermixed with test programs):

452][ T9593] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  432.396699][ T9672] : entered promiscuous mode
[  432.414233][ T5147] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found
[  432.421379][ T5147] cdc_ncm 5-1:1.0: bind() failure
[  432.622325][   T58] usb 1-1: string descriptor 0 read error: -71
[  432.637743][ T1107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  432.637928][   T58] usb 1-1: USB disconnect, device number 29
[  432.680385][ T1107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  432.737556][ T9166] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  432.755454][ T9166] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  432.764689][ T9684] netlink: 'syz.1.892': attribute type 41 has an invalid length.
[  433.407091][ T9688] loop3: detected capacity change from 0 to 32768
[  433.809816][ T5114] Bluetooth: hci3: command tx timeout
[  433.913120][ T9688] bcachefs (loop3): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names
[  433.938685][ T5114] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3
[  434.045655][ T9688] bcachefs (loop3): recovering from clean shutdown, journal seq 10
[  434.078626][ T9688] bcachefs (loop3): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2
[  434.078626][ T9688]   running recovery passes: check_allocations
[  434.143234][ T5147] usb 5-1: USB disconnect, device number 24
[  434.185211][ T9705] ipvlan2: entered promiscuous mode
[  434.241055][ T9705] ipvlan2: entered allmulticast mode
[  434.254975][ T9705] netdevsim netdevsim0 netdevsim1: entered allmulticast mode
[  434.273567][ T9688] bcachefs (loop3): accounting_read... done
[  434.297752][ T9688] bcachefs (loop3): alloc_read... done
[  434.311390][ T9688] bcachefs (loop3): stripes_read... done
[  434.341646][ T9688] bcachefs (loop3): snapshots_read... done
[  434.360359][ T9688] bcachefs (loop3): check_allocations...
[  434.366612][ T9688] btree ptr not marked in member info btree allocated bitmap
[  434.366625][ T9688]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4fe84214937890c3 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down
[  434.376369][ T9700] netlink: 32 bytes leftover after parsing attributes in process `syz.2.874'.
[  434.476459][ T9713] team0: entered promiscuous mode
[  434.492486][ T9688] bcachefs (loop3): inconsistency detected - emergency read only at journal seq 10
[  434.523919][ T9688] bcachefs (loop3): bch2_gc_mark_key(): error fsck_errors_not_fixed
[  434.556919][ T9713] team_slave_1: entered promiscuous mode
[  434.565886][ T9688] bcachefs (loop3): bch2_gc_btree(): error fsck_errors_not_fixed
[  434.600164][ T9688] bcachefs (loop3): bch2_gc_btrees(): error fsck_errors_not_fixed
[  434.620137][ T9688] bcachefs (loop3): bch2_check_allocations(): error fsck_errors_not_fixed
[  434.640247][ T9688] bcachefs (loop3): bch2_fs_recovery(): error fsck_errors_not_fixed
[  434.654471][ T9716] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  434.666669][ T9688] bcachefs (loop3): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[  434.722448][ T9688] bcachefs (loop3): shutting down
[  434.772043][ T9688] bcachefs (loop3): shutdown complete
[  434.896404][ T9716] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  435.010003][ T9717] netlink: 8 bytes leftover after parsing attributes in process `syz.2.898'.
[  436.016611][   T29] audit: type=1326 audit(1720145156.317:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9721 comm="syz.4.899" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7cebb75bd9 code=0x0
[  436.161350][ T9726] netlink: 'syz.4.900': attribute type 10 has an invalid length.
[  436.258286][ T9712] team0: left promiscuous mode
[  436.263079][ T9712] team_slave_1: left promiscuous mode
[  436.339078][ T9731] loop2: detected capacity change from 0 to 2048
[  436.357487][ T5114] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  436.471023][ T9731]  loop2: p1 < > p4
[  436.480034][ T9731] loop2: p4 size 8388608 extends beyond EOD, truncated
[  436.507777][   T46] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  436.525197][ T4551]  loop2: p1 < > p4
[  436.555188][ T4551] loop2: p4 size 8388608 extends beyond EOD, truncated
[  436.694319][ T9733] bridge: RTM_NEWNEIGH with unconfigured vlan 4 on bridge_slave_0
[  436.707741][   T46] usb 5-1: Using ep0 maxpacket: 8
[  436.725247][   T46] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  436.733411][ T5572] udevd[5572]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  436.739963][ T5109] udevd[5109]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  436.807701][   T46] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  436.840733][   T46] usb 5-1: config 1 has no interface number 1
[  436.875266][   T46] usb 5-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30
[  436.937493][ T9736] cgroup: noprefix used incorrectly
[  436.949071][ T5572] udevd[5572]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  436.966070][   T46] usb 5-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping
[  436.967450][ T5097] udevd[5097]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  437.068966][   T46] usb 5-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113
[  437.138036][   T46] usb 5-1: config 1 interface 2 has no altsetting 0
[  437.164279][   T46] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  437.181709][   T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.197532][   T46] usb 5-1: Product: 쑿퉈ਝ쑻
[  437.209355][   T46] usb 5-1: Manufacturer: ф
[  437.219974][   T46] usb 5-1: SerialNumber: syz
[  437.401371][ T9743] netlink: 'syz.0.904': attribute type 41 has an invalid length.
[  437.501297][   T46] usb 5-1: USB disconnect, device number 25
[  437.745773][ T5572] udevd[5572]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  437.917722][ T5145] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  438.134269][ T5145] usb 1-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  438.174555][ T5145] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  438.195773][ T5145] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  438.211738][ T5145] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.357005][ T9755] ipvlan3: entered promiscuous mode
[  438.368418][ T9755] ipvlan3: entered allmulticast mode
[  438.418549][ T5186] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  438.453568][ T9747] openvswitch: : Dropping previously announced user features
[  438.624733][ T5186] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  438.668464][ T5186] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  438.825744][ T5145] usb 1-1: string descriptor 0 read error: -71
[  438.845214][ T5145] usb 1-1: USB disconnect, device number 30
[  438.867773][ T5186] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.464176][ T5113] Bluetooth: hci0: command tx timeout
[  439.627833][   T29] audit: type=1326 audit(1720145160.437:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9759 comm="syz.1.910" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc468d75bd9 code=0x0
[  439.672427][ T5186] usb 5-1: config 0 descriptor??
[  439.961155][   T11] bridge_slave_1: left allmulticast mode
[  440.000600][ T5186] ath6kl: Failed to submit usb control message: -71
[  440.005177][   T11] bridge_slave_1: left promiscuous mode
[  440.011570][ T5186] ath6kl: unable to send the bmi data to the device: -71
[  440.027669][ T5186] ath6kl: Unable to send get target info: -71
[  440.046678][ T5186] ath6kl: Failed to init ath6kl core: -71
[  440.068806][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  440.076899][ T5186] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[  440.106474][ T5186] usb 5-1: USB disconnect, device number 26
[  440.184880][   T11] bridge_slave_0: left allmulticast mode
[  440.215588][   T11] bridge_slave_0: left promiscuous mode
[  440.240432][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  440.453631][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[  440.460727][ T5147] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  440.467718][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[  440.728273][ T5147] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  440.849149][ T5147] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.114714][ T9774] loop0: detected capacity change from 0 to 32768
[  441.140098][ T9777] cgroup: noprefix used incorrectly
[  441.156812][ T5147] usb 3-1: config 0 descriptor??
[  441.167848][ T5113] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  441.183314][ T5113] Bluetooth: hci0: Injecting HCI hardware error event
[  441.194450][ T5114] Bluetooth: hci0: hardware error 0x00
[  441.319671][ T9774] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names
[  441.335646][ T9774] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  441.343677][ T9774] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2
[  441.343677][ T9774]   running recovery passes: check_allocations
[  441.426678][ T9774] bcachefs (loop0): accounting_read... done
[  441.432722][ T9774] bcachefs (loop0): alloc_read... done
[  441.438761][ T9774] bcachefs (loop0): stripes_read... done
[  441.444448][ T9774] bcachefs (loop0): snapshots_read... done
[  441.450386][ T9774] bcachefs (loop0): check_allocations...
[  441.504747][ T9774] btree ptr not marked in member info btree allocated bitmap
[  441.504766][ T9774]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4fe84214937890c3 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down
[  441.532893][ T9774] bcachefs (loop0): inconsistency detected - emergency read only at journal seq 10
[  441.542806][ T9774] bcachefs (loop0): bch2_gc_mark_key(): error fsck_errors_not_fixed
[  441.550821][ T9774] bcachefs (loop0): bch2_gc_btree(): error fsck_errors_not_fixed
[  441.558587][ T9774] bcachefs (loop0): bch2_gc_btrees(): error fsck_errors_not_fixed
[  441.566437][ T9774] bcachefs (loop0): bch2_check_allocations(): error fsck_errors_not_fixed
[  441.575137][ T9774] bcachefs (loop0): bch2_fs_recovery(): error fsck_errors_not_fixed
[  441.583226][ T9774] bcachefs (loop0): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[  441.592743][ T9774] bcachefs (loop0): shutting down
[  441.612000][ T9774] bcachefs (loop0): shutdown complete
[  442.288022][ T5147] ath6kl: Failed to submit usb control message: -110
[  442.294790][ T5147] ath6kl: unable to send the bmi data to the device: -110
[  442.962384][ T5147] ath6kl: Unable to send get target info: -110
[  443.022598][ T5147] ath6kl: Failed to init ath6kl core: -110
[  443.056637][ T5147] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -110
[  443.287826][ T5186] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  443.414802][ T9812] loop3: detected capacity change from 0 to 2048
[  443.460674][ T9812]  loop3: p1 < > p4
[  443.481638][ T9812] loop3: p4 size 8388608 extends beyond EOD, truncated
[  443.496187][ T5192] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  443.576505][ T5186] usb 2-1: Using ep0 maxpacket: 8
[  443.688588][ T5114] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  443.779892][ T5186] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  443.983748][ T5192] usb 1-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  444.115897][ T5186] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  444.139827][ T5572] udevd[5572]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  444.150304][ T5192] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  444.159387][ T5186] usb 2-1: config 1 has no interface number 1
[  444.169692][ T5109] udevd[5109]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  444.180235][ T5186] usb 2-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30
[  444.191561][ T5192] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  444.217489][ T5186] usb 2-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping
[  444.230246][ T5192] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  444.249189][ T5186] usb 2-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113
[  444.268175][ T5186] usb 2-1: config 1 interface 2 has no altsetting 0
[  444.299505][ T5186] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  444.309883][ T5186] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  444.325686][ T5186] usb 2-1: Product: 쑿퉈ਝ쑻
[  444.331419][ T5186] usb 2-1: Manufacturer: ф
[  444.349725][ T5186] usb 2-1: SerialNumber: syz
[  444.418057][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  444.438213][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  444.452688][   T11] bond0 (unregistering): Released all slaves
[  444.494650][ T9793] netlink: 'syz.4.915': attribute type 41 has an invalid length.
[  444.526266][ T9805] netlink: 'syz.1.917': attribute type 10 has an invalid length.
[  444.540986][ T8344] usb 3-1: USB disconnect, device number 29
[  444.558542][ T9814] bridge: RTM_NEWNEIGH with unconfigured vlan 4 on bridge_slave_0
[  444.605236][ T9809] openvswitch: : Dropping previously announced user features
[  444.616799][   T11] : left promiscuous mode
[  444.627378][ T5192] usb 1-1: string descriptor 0 read error: -71
[  444.651968][ T5192] usb 1-1: USB disconnect, device number 31
[  444.694463][ T5186] usb 2-1: USB disconnect, device number 30
[  444.961568][ T9824] team0: entered promiscuous mode
[  444.969751][ T9824] team_slave_0: entered promiscuous mode
[  444.981806][ T9824] team_slave_1: entered promiscuous mode
[  444.988068][ T9824] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  445.111845][   T29] audit: type=1326 audit(1720145165.997:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9819 comm="syz.3.921" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8a84775bd9 code=0x0
[  446.147729][ T5186] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  446.154936][ T9823] team0: left promiscuous mode
[  446.165146][ T9823] team_slave_0: left promiscuous mode
[  446.176158][ T9823] team_slave_1: left promiscuous mode
[  446.210858][ T9823] netdevsim netdevsim4 netdevsim0: left promiscuous mode
[  446.348923][ T5186] usb 2-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  446.377825][ T5186] usb 2-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  446.417384][ T5186] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  446.447877][ T5186] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.514569][   T11] hsr_slave_0: left promiscuous mode
[  446.684257][ T9844] loop4: detected capacity change from 0 to 2048
[  446.752584][ T9844]  loop4: p1 < > p4
[  446.815513][ T9844] loop4: p4 size 8388608 extends beyond EOD, truncated
[  447.205544][   T11] hsr_slave_1: left promiscuous mode
[  447.320033][ T5097] udevd[5097]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  447.323570][ T5109] udevd[5109]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  447.362331][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  447.399997][ T9849] netlink: 60 bytes leftover after parsing attributes in process `syz.0.927'.
[  447.408492][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  447.442719][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  447.451761][ T9851] netlink: 60 bytes leftover after parsing attributes in process `syz.0.927'.
[  447.457773][ T5186] usb 2-1: string descriptor 0 read error: -71
[  447.474645][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  447.491685][ T5186] usb 2-1: USB disconnect, device number 31
[  447.533345][   T11] veth1_macvtap: left promiscuous mode
[  447.542206][   T11] veth0_macvtap: left promiscuous mode
[  447.552038][   T11] veth1_vlan: left promiscuous mode
[  447.565645][   T11] veth0_vlan: left promiscuous mode
[  447.720109][ T5572] udevd[5572]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  449.351304][   T11] team0 (unregistering): Port device team_slave_1 removed
[  449.626295][   T11] team0 (unregistering): Port device team_slave_0 removed
[  450.484696][ T9845] bridge: RTM_NEWNEIGH with unconfigured vlan 4 on bridge_slave_0
[  450.907445][ T9875] netlink: 'syz.0.932': attribute type 41 has an invalid length.
[  451.690928][ T9881] netlink: 24 bytes leftover after parsing attributes in process `syz.3.933'.
[  451.704878][ T9881] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  451.715262][ T5104] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  451.769780][ T9881] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  452.140238][ T5104] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  452.170975][   T29] audit: type=1326 audit(1720145173.067:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.4.934" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7cebb75bd9 code=0x0
[  452.256361][ T5104] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  452.363295][ T9893] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  452.514842][ T5104] usb 2-1: config 0 descriptor??
[  452.615719][ T9893] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  452.720964][ T9894] netlink: 8 bytes leftover after parsing attributes in process `syz.2.935'.
[  453.128335][ T5104] ath6kl: Failed to submit usb control message: -71
[  453.148187][ T5104] ath6kl: unable to send the bmi data to the device: -71
[  453.155258][ T5104] ath6kl: Unable to send get target info: -71
[  453.194738][ T5104] ath6kl: Failed to init ath6kl core: -71
[  453.233601][ T5104] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[  453.285992][ T5104] usb 2-1: USB disconnect, device number 32
[  454.483007][ T9915] team0: entered promiscuous mode
[  454.488336][ T9915] team_slave_0: entered promiscuous mode
[  455.172514][ T9919] loop2: detected capacity change from 0 to 2048
[  456.199369][ T5113] Bluetooth: hci3: ISO packet for unknown connection handle 0
[  456.452337][ T9915] team_slave_1: entered promiscuous mode
[  456.519904][ T9920]  loop2: p1 < > p4
[  456.526936][ T9920] loop2: p4 size 8388608 extends beyond EOD, truncated
[  456.554083][ T9919]  loop2: p1 < > p4
[  456.559488][ T9919] loop2: p4 size 8388608 extends beyond EOD, truncated
[  456.613896][ T4551]  loop2: p1 < > p4
[  456.620500][ T4551] loop2: p4 size 8388608 extends beyond EOD, truncated
[  456.659777][ T9919] bridge: RTM_NEWNEIGH with unconfigured vlan 4 on bridge_slave_0
[  456.766949][ T5109] udevd[5109]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  456.798179][ T5572] udevd[5572]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  456.963148][ T5572] udevd[5572]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  457.017509][ T5109] udevd[5109]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  457.089944][ T5572] udevd[5572]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  457.107463][ T5109] udevd[5109]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  457.205749][ T9910] team0: left promiscuous mode
[  457.225024][ T9910] team_slave_0: left promiscuous mode
[  457.244848][ T9910] team_slave_1: left promiscuous mode
[  457.380620][ T5104] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  458.034078][ T9943] team0: entered promiscuous mode
[  458.048076][ T9943] team_slave_0: entered promiscuous mode
[  458.057840][ T9943] team_slave_1: entered promiscuous mode
[  458.076527][ T9943] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  458.095492][ T9946] netlink: 'syz.2.946': attribute type 41 has an invalid length.
[  458.130182][ T5104] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  458.149722][ T5104] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  458.177471][ T5104] usb 1-1: config 0 descriptor??
[  458.348632][ T5114] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3
[  458.546208][ T5104] ath6kl: Failed to submit usb control message: -71
[  458.597802][ T5104] ath6kl: unable to send the bmi data to the device: -71
[  458.612719][ T5104] ath6kl: Unable to send get target info: -71
[  458.634664][ T5104] ath6kl: Failed to init ath6kl core: -71
[  458.650645][ T5104] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  458.702376][ T5104] usb 1-1: USB disconnect, device number 32
[  458.736208][ T9953] netlink: 32 bytes leftover after parsing attributes in process `syz.2.948'.
[  458.736872][ T9945] loop3: detected capacity change from 0 to 32768
[  458.754240][ T9942] team0: left promiscuous mode
[  458.767795][ T9942] team_slave_0: left promiscuous mode
[  458.777080][ T9945] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.945 (9945)
[  458.780530][ T9942] team_slave_1: left promiscuous mode
[  458.802108][ T9942] netdevsim netdevsim4 netdevsim0: left promiscuous mode
[  458.827892][ T9945] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  458.848467][ T9945] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  458.874983][ T9945] BTRFS info (device loop3): using free-space-tree
[  459.061310][ T9945] BTRFS info (device loop3): rebuilding free space tree
[  459.200205][ T9979] loop2: detected capacity change from 0 to 2048
[  459.435220][ T9979]  loop2: p1 < > p4
[  459.441226][ T9979] loop2: p4 size 8388608 extends beyond EOD, truncated
[  459.737784][ T5114] Bluetooth: hci3: ISO packet for unknown connection handle 0
[  459.799288][ T9980] bridge: RTM_NEWNEIGH with unconfigured vlan 4 on bridge_slave_0
[  460.090186][ T5097] udevd[5097]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  460.142022][ T5109] udevd[5109]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  460.233246][ T9987] team0: entered promiscuous mode
[  460.256488][ T9987] team_slave_1: entered promiscuous mode
[  461.997452][ T9986] team0: left promiscuous mode
[  462.008405][ T9986] team_slave_1: left promiscuous mode
[  462.046050][T10004] loop2: detected capacity change from 0 to 2048
[  462.053204][ T5114] Bluetooth: hci3: ISO packet for unknown connection handle 0
[  462.208435][ T5104] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  462.930378][T10006]  loop2: p1 < > p4
[  462.935186][T10006] loop2: p4 size 8388608 extends beyond EOD, truncated
[  462.982937][T10004]  loop2: p1 < > p4
[  462.987871][T10004] loop2: p4 size 8388608 extends beyond EOD, truncated
[  463.091081][T10004] bridge: RTM_NEWNEIGH with unconfigured vlan 4 on bridge_slave_0
[  463.101176][ T5104] usb 2-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  463.118390][ T5104] usb 2-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  463.142376][T10009] team0: entered promiscuous mode
[  463.155603][ T5104] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  463.169062][T10009] team_slave_1: entered promiscuous mode
[  463.171000][ T5572] udevd[5572]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  463.182984][ T5104] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  463.197534][ T5109] udevd[5109]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  463.372339][ T5109] udevd[5109]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  463.373166][ T5572] udevd[5572]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  463.516660][T10015] netlink: 24 bytes leftover after parsing attributes in process `syz.2.958'.
[  463.545783][T10001] : entered promiscuous mode
[  463.616267][T10016] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  463.738520][ T5104] usb 2-1: string descriptor 0 read error: -71
[  463.750938][ T5104] usb 2-1: USB disconnect, device number 33
[  463.787439][T10012] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  463.997140][T10007] team0: left promiscuous mode
[  464.033792][T10007] team_slave_1: left promiscuous mode
[  464.191928][T10020] team0: entered promiscuous mode
[  464.197086][T10020] team_slave_1: entered promiscuous mode
[  464.267983][ T8906] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  464.379755][ T5104] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  464.797162][ T5104] usb 5-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  464.840254][ T5104] usb 5-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  465.305469][ T5104] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  465.316006][ T5104] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  465.626542][T10034] loop3: detected capacity change from 0 to 2048
[  466.664024][T10035]  loop3: p1 < > p4
[  466.709393][T10035] loop3: p4 size 8388608 extends beyond EOD, truncated
[  466.958432][T10034]  loop3: p1 < > p4
[  466.963778][T10034] loop3: p4 size 8388608 extends beyond EOD, truncated
[  466.990034][T10018] : entered promiscuous mode
[  467.042439][ T9822] udevd[9822]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  467.083569][ T5109] udevd[5109]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  467.179718][T10039] netlink: 24 bytes leftover after parsing attributes in process `syz.1.965'.
[  467.183836][ T5109] udevd[5109]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  467.219318][ T5097] udevd[5097]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  467.266626][T10019] team0: left promiscuous mode
[  467.278771][T10039] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  467.299563][ T5104] usb 5-1: string descriptor 0 read error: -71
[  467.309417][ T5104] usb 5-1: USB disconnect, device number 27
[  467.324608][T10019] team_slave_1: left promiscuous mode
[  467.531069][T10053] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  467.848805][ T5192] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  468.216845][ T5192] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  468.247928][ T5192] usb 4-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  468.278503][ T5192] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  468.287576][ T5192] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.416340][T10059] team0: entered promiscuous mode
[  468.422784][T10059] team_slave_0: entered promiscuous mode
[  468.428672][T10059] team_slave_1: entered promiscuous mode
[  468.442301][ T5114] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3
[  468.444782][T10059] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  468.584707][T10052] : entered promiscuous mode
[  468.781963][T10061] netlink: 32 bytes leftover after parsing attributes in process `syz.2.970'.
[  468.917538][ T5192] usb 4-1: string descriptor 0 read error: -71
[  468.937383][ T5192] usb 4-1: USB disconnect, device number 20
[  470.596913][T10058] team0: left promiscuous mode
[  470.639993][T10058] team_slave_0: left promiscuous mode
[  470.677541][T10058] team_slave_1: left promiscuous mode
[  470.683361][T10058] netdevsim netdevsim4 netdevsim0: left promiscuous mode
[  470.761796][ T2529] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  471.045663][ T2529] usb 4-1: config 0 has an invalid interface number: 106 but max is 0
[  471.176661][ T2529] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  471.290054][ T2529] usb 4-1: config 0 has no interface number 0
[  471.337231][ T2529] usb 4-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 255, changing to 11
[  471.386079][ T2529] usb 4-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid maxpacket 59391, setting to 1024
[  471.456105][ T2529] usb 4-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  471.517853][ T2529] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  471.538655][ T2529] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  471.560314][ T2529] usb 4-1: config 0 descriptor??
[  471.566725][T10090] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  471.606628][ T2529] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  471.919754][T10083] loop2: detected capacity change from 0 to 32768
[  471.945752][T10083] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.977 (10083)
[  472.033935][T10083] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  472.087752][T10083] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  472.119666][T10083] BTRFS info (device loop2): using free-space-tree
[  472.473102][T10094] loop1: detected capacity change from 0 to 32768
[  472.625327][ T9166] usb 4-1: Failed to submit usb control message: -110
[  472.664355][T10094] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.981 (10094)
[  472.691089][ T9166] usb 4-1: unable to send the bmi data to the device: -110
[  472.718088][ T9166] usb 4-1: unable to get target info from device
[  472.724552][ T9166] usb 4-1: could not get target info (-110)
[  472.731393][ T9166] usb 4-1: could not probe fw (-110)
[  472.745535][T10094] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  472.767868][T10094] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  472.776815][T10094] BTRFS info (device loop1): using free-space-tree
[  472.997425][T10131] netlink: 24 bytes leftover after parsing attributes in process `syz.4.984'.
[  473.055092][T10132] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  473.274247][T10094] BTRFS info (device loop1): rebuilding free space tree
[  473.292084][T10128] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  473.318079][ T9593] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  473.379366][ T5104] usb 4-1: USB disconnect, device number 21
[  473.502727][T10120] loop0: detected capacity change from 0 to 32768
[  473.575237][T10120] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.986 (10120)
[  473.659195][ T8977] BTRFS info (device loop1): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  473.776924][T10120] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  473.870953][T10120] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  474.022151][T10120] BTRFS info (device loop0): using free-space-tree
[  476.436096][T10195] pimreg: entered allmulticast mode
[  477.241225][T10201] loop2: detected capacity change from 0 to 2048
[  477.607005][ T5114] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  477.693115][T10202]  loop2: p1 < > p4
[  477.698848][T10202] loop2: p4 size 8388608 extends beyond EOD, truncated
[  477.845681][T10201]  loop2: p1 < > p4
[  477.851413][T10201] loop2: p4 size 8388608 extends beyond EOD, truncated
[  478.691381][T10212] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.721753][ T5572] udevd[5572]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  478.785571][ T9132] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  478.798238][ T5109] udevd[5109]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  478.876497][T10212] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.924995][ T5572] udevd[5572]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  478.930902][ T5109] udevd[5109]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  478.956289][T10214] netlink: 32 bytes leftover after parsing attributes in process `syz.4.997'.
[  479.118012][T10218] pimreg: entered allmulticast mode
[  480.459789][T10241] loop2: detected capacity change from 0 to 2048
[  480.482367][T10243] team0: entered promiscuous mode
[  480.506647][T10243] team_slave_1: entered promiscuous mode
[  480.525272][T10243] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  480.549001][T10241] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  480.574445][T10241] ext4 filesystem being mounted at /25/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  480.637907][T10245] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1007'.
[  480.796717][T10222] loop3: detected capacity change from 0 to 32768
[  480.838064][T10222] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1002 (10222)
[  480.880413][T10222] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  480.896088][T10242] team0: left promiscuous mode
[  480.909853][T10222] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  480.924757][T10242] team_slave_1: left promiscuous mode
[  481.211282][T10242] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[  481.577541][T10222] BTRFS info (device loop3): using free-space-tree
[  481.917049][T10228] loop0: detected capacity change from 0 to 32768
[  482.015197][T10228] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.999 (10228)
[  482.363346][ T9593] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  482.454742][T10228] BTRFS info (device loop0): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  482.619961][ T5186] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  482.670803][T10228] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  482.714967][T10228] BTRFS info (device loop0): using free-space-tree
[  482.758493][T10228] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[  482.759128][T10228] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  482.787212][T10228] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  482.801152][T10222] BTRFS error (device loop3): open_ctree failed
[  482.825703][T10228] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  482.827834][T10228] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  482.889761][ T5186] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  482.908966][T10228] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  482.909757][T10228] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  482.929245][ T5186] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  482.965269][ T5186] usb 2-1: config 0 descriptor??
[  482.988469][T10228] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  483.013481][T10228] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  483.092678][T10228] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  483.138823][T10228] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  483.185994][T10228] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  483.217839][ T5186] ath6kl: Failed to submit usb control message: -71
[  483.269266][T10228] BTRFS error (device loop0): open_ctree failed
[  483.282624][T10296] loop2: detected capacity change from 0 to 2048
[  483.289255][ T5186] ath6kl: unable to send the bmi data to the device: -71
[  483.296317][ T5186] ath6kl: Unable to send get target info: -71
[  483.343430][ T5186] ath6kl: Failed to init ath6kl core: -71
[  483.364676][ T5186] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[  483.401575][T10296] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  483.437827][T10296] ext4 filesystem being mounted at /27/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  483.438277][ T5186] usb 2-1: USB disconnect, device number 34
[  484.790122][ T9593] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  484.797283][T10288] loop4: detected capacity change from 0 to 32768
[  484.831405][T10288] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1011 (10288)
[  485.048567][T10288] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  485.914068][T10288] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  485.956015][T10288] BTRFS info (device loop4): using free-space-tree
[  485.964664][T10288] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[  485.988593][T10288] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  486.025679][T10288] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  486.043798][T10300] loop3: detected capacity change from 0 to 32768
[  486.078908][T10288] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  486.079528][T10288] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  486.176174][T10288] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  486.228308][T10288] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  486.254570][T10288] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  486.304588][T10288] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  486.339761][T10288] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  486.376465][T10288] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  486.414705][T10288] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  486.456121][T10288] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  486.474443][T10327] loop1: detected capacity change from 0 to 8
[  486.485005][T10288] BTRFS error (device loop4): open_ctree failed
[  486.580313][T10327] SQUASHFS error: lzo decompression failed, data probably corrupt
[  486.592078][T10327] SQUASHFS error: Failed to read block 0x28d: -5
[  486.599020][T10327] SQUASHFS error: Unable to read metadata cache entry [28b]
[  486.624285][T10327] SQUASHFS error: Unable to read inode 0x11f
[  487.603925][ T5186] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  487.997790][ T5186] usb 1-1: Using ep0 maxpacket: 32
[  488.016144][ T5186] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16
[  488.042380][ T5186] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8
[  488.116892][ T5186] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  488.203469][ T5186] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  488.284112][ T5186] usb 1-1: Product: Р
[  488.326605][ T5186] usb 1-1: Manufacturer: 舭࿔꣋ம唄澁㱄묘꯻韇ᾖ苷ഐ䌿킁ᗁ䧛˥䲵馂쬴㛉괳탰軣釓뎤竱⭜ꔍ殖
[  488.693722][ T5186] usb 1-1: SerialNumber: ꖏ鐋몵驪埤탷伖䀗쾛䳻氷꣑闣蕋撟䍜칕콦ﵽ딜볓滷쑤㩴튄췤Ꮅ⠁Ϯដଽ鄡䗃
[  490.187894][ T2529] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[  490.357205][ T5186] usb 1-1: can't set config #1, error -71
[  490.532682][ T5186] usb 1-1: USB disconnect, device number 33
[  490.541646][ T2529] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 520, setting to 64
[  490.584852][ T2529] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  490.878277][ T2529] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  490.911959][ T2529] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  491.500283][ T2529] usb 5-1: SerialNumber: syz
[  491.600034][T10356] loop1: detected capacity change from 0 to 8
[  491.630482][ T2529] usb 5-1: can't set config #1, error -71
[  491.637967][ T2529] usb 5-1: USB disconnect, device number 28
[  491.668202][T10356] SQUASHFS error: lzo decompression failed, data probably corrupt
[  491.854046][T10356] SQUASHFS error: Failed to read block 0x28d: -5
[  491.885069][T10356] SQUASHFS error: Unable to read metadata cache entry [28b]
[  492.638807][T10356] SQUASHFS error: Unable to read inode 0x11f
[  492.749070][ T5186] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  492.750448][T10380] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1032'.
[  492.786330][T10380] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  492.882692][T10380] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  492.902885][T10382] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  492.940314][T10382] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  492.999835][ T5186] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  493.055096][ T5186] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  493.083895][ T5186] usb 4-1: config 0 descriptor??
[  493.219992][T10372] loop4: detected capacity change from 0 to 32768
[  493.412122][ T5186] ath6kl: Failed to submit usb control message: -71
[  493.466121][ T5186] ath6kl: unable to send the bmi data to the device: -71
[  493.493592][ T5186] ath6kl: Unable to send get target info: -71
[  493.525174][ T5186] ath6kl: Failed to init ath6kl core: -71
[  493.548856][ T5186] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  493.628210][ T5186] usb 4-1: USB disconnect, device number 22
[  494.621396][T10402] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1037'.
[  497.644536][T10404] binder: 10397:10404 ioctl c0306201 0 returned -14
[  500.041510][T10414] loop3: detected capacity change from 0 to 8
[  500.090342][T10414] SQUASHFS error: lzo decompression failed, data probably corrupt
[  500.134684][T10414] SQUASHFS error: Failed to read block 0x28d: -5
[  500.145438][T10414] SQUASHFS error: Unable to read metadata cache entry [28b]
[  500.155140][T10414] SQUASHFS error: Unable to read inode 0x11f
[  500.365192][T10430] loop0: detected capacity change from 0 to 1024
[  501.891404][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[  501.902725][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[  501.920498][T10430] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  504.312047][ T9132] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  504.735864][T10442] loop4: detected capacity change from 0 to 4096
[  504.745742][T10449] loop1: detected capacity change from 0 to 4096
[  504.771669][T10449] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512).
[  504.943091][T10455] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1051'.
[  505.616350][T10444] loop3: detected capacity change from 0 to 32768
[  505.736548][T10471] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1054'.
[  505.816036][T10444] bcachefs (loop3): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names
[  505.879625][T10444] bcachefs (loop3): recovering from clean shutdown, journal seq 10
[  505.909774][T10444] bcachefs (loop3): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2
[  505.909774][T10444]   running recovery passes: check_allocations
[  506.082053][T10444] bcachefs (loop3): accounting_read... done
[  506.107714][T10444] bcachefs (loop3): alloc_read... done
[  506.132230][T10444] bcachefs (loop3): stripes_read... done
[  506.154957][T10444] bcachefs (loop3): snapshots_read... done
[  506.181307][T10444] bcachefs (loop3): check_allocations...
[  506.219564][T10444] btree ptr not marked in member info btree allocated bitmap
[  506.219588][T10444]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4fe84214937890c3 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down
[  506.347324][T10444] bcachefs (loop3): inconsistency detected - emergency read only at journal seq 10
[  506.402661][T10444] bcachefs (loop3): bch2_gc_mark_key(): error fsck_errors_not_fixed
[  506.455434][T10444] bcachefs (loop3): bch2_gc_btree(): error fsck_errors_not_fixed
[  506.492631][T10444] bcachefs (loop3): bch2_gc_btrees(): error fsck_errors_not_fixed
[  506.545775][T10444] bcachefs (loop3): bch2_check_allocations(): error fsck_errors_not_fixed
[  506.592400][T10444] bcachefs (loop3): bch2_fs_recovery(): error fsck_errors_not_fixed
[  506.636287][T10444] bcachefs (loop3): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[  506.708706][T10444] bcachefs (loop3): shutting down
[  506.827423][T10444] bcachefs (loop3): shutdown complete
[  507.567674][ T5113] Bluetooth: hci3: command tx timeout
[  507.955043][T10483] loop2: detected capacity change from 0 to 4096
[  508.014330][T10484] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  509.001611][T10477] loop1: detected capacity change from 0 to 32768
[  509.397485][T10504] loop2: detected capacity change from 0 to 1024
[  509.596881][T10477] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names
[  510.023680][T10477] bcachefs (loop1): recovering from clean shutdown, journal seq 10
[  510.033042][T10477] bcachefs (loop1): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2
[  510.033042][T10477]   running recovery passes: check_allocations
[  510.072578][T10477] bcachefs (loop1): bch2_journal_reclaim_start(): error creating journal reclaim thread EINTR
[  510.083480][T10477] bcachefs (loop1): bch2_fs_recovery(): error EINTR
[  510.262779][T10477] bcachefs (loop1): bch2_fs_start(): error starting filesystem EINTR
[  510.310396][T10477] bcachefs (loop1): shutting down
[  510.339492][T10477] bcachefs (loop1): shutdown complete
[  510.872380][T10521] loop4: detected capacity change from 0 to 4096
[  510.884506][T10521] ntfs3: loop4: Different NTFS sector size (2048) and media sector size (512).
[  511.189550][T10532] netlink: 'syz.0.1071': attribute type 1 has an invalid length.
[  511.218091][T10521] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  511.949054][T10521] ntfs3: loop4: ino=21, The size of extended attributes must not exceed 64KiB
[  511.966941][T10536] veth0_to_team: entered promiscuous mode
[  512.042586][T10536] bond1: (slave macvlan2): Enslaving as a backup interface with a down link
[  512.619385][T10535] loop3: detected capacity change from 0 to 32768
[  512.775458][T10535] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  513.080743][T10535] XFS (loop3): Ending clean mount
[  513.094594][T10572] loop0: detected capacity change from 0 to 1024
[  513.805667][T10578] netlink: 'syz.1.1082': attribute type 41 has an invalid length.
[  513.997155][ T8906] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  514.808348][T10592] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1087'.
[  514.886335][T10592] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  514.894192][T10592] IPv6: NLM_F_CREATE should be set when creating new route
[  515.028699][T10597] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1087'.
[  515.056464][T10574] loop4: detected capacity change from 0 to 32768
[  515.119541][T10574] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1080 (10574)
[  515.152532][T10574] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  515.185171][T10574] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  515.254893][T10574] BTRFS info (device loop4): using free-space-tree
[  515.270703][T10600] bridge0: port 1(bridge_slave_0) entered disabled state
[  515.365716][T10601] bridge0: port 1(bridge_slave_0) entered blocking state
[  515.372994][T10601] bridge0: port 1(bridge_slave_0) entered forwarding state
[  516.733540][T10639] loop2: detected capacity change from 0 to 1024
[  517.761429][ T8859] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  518.150929][T10627] loop3: detected capacity change from 0 to 40427
[  518.408685][T10627] F2FS-fs (loop3): invalid crc value
[  518.562547][T10627] F2FS-fs (loop3): Found nat_bits in checkpoint
[  518.795248][T10636] loop0: detected capacity change from 0 to 32768
[  518.918023][T10627] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  518.944957][T10636] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  519.006620][T10670] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1102'.
[  519.096061][T10636] XFS (loop0): Ending clean mount
[  519.129449][T10665] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  519.136741][T10665] IPv6: NLM_F_CREATE should be set when creating new route
[  519.195493][T10674] net_ratelimit: 8 callbacks suppressed
[  519.195510][T10674] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  519.313034][T10670] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1102'.
[  519.494539][ T9132] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  519.504172][T10680] overlayfs: refusing to follow metacopy origin for (/file0)
[  519.693574][T10685] netlink: 'syz.3.1109': attribute type 41 has an invalid length.
[  519.767325][T10687] capability: warning: `syz.2.1106' uses deprecated v2 capabilities in a way that may be insecure
[  519.888340][   T58] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  520.088409][   T58] usb 5-1: Using ep0 maxpacket: 32
[  520.215770][   T58] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  520.242824][   T58] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  520.263220][   T58] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  520.287756][   T58] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  520.307711][   T58] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  520.328664][   T58] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  520.357124][   T58] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  520.377278][   T58] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.402053][   T58] usb 5-1: Product: syz
[  520.406263][   T58] usb 5-1: Manufacturer: syz
[  520.427631][   T58] usb 5-1: SerialNumber: syz
[  520.494628][T10689] loop3: detected capacity change from 0 to 32768
[  520.521722][T10689] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1110 (10689)
[  520.639257][T10689] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  520.657653][T10683] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  520.673357][T10689] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  520.692605][T10689] BTRFS info (device loop3): using free-space-tree
[  520.722002][T10683] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  520.885969][   T58] cdc_ncm 5-1:1.0: bind() failure
[  520.917306][   T58] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  520.948831][   T58] cdc_ncm 5-1:1.1: bind() failure
[  520.973504][   T58] usb 5-1: USB disconnect, device number 29
[  521.018509][T10712] loop0: detected capacity change from 0 to 2048
[  521.105285][T10712] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  521.161054][T10712] ext4 filesystem being mounted at /63/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  521.322002][T10712] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1107: bg 0: block 265: padding at end of block bitmap is not set
[  521.824607][ T8906] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  521.964194][ T9132] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  524.031458][T10741] netlink: 'syz.3.1117': attribute type 4 has an invalid length.
[  525.174767][T10753] loop1: detected capacity change from 0 to 1024
[  525.527888][    T8] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  525.749260][    T8] usb 1-1: Using ep0 maxpacket: 32
[  525.801691][    T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  525.816408][    T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  525.829135][    T8] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  525.875005][    T8] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  525.904138][    T8] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  525.924741][    T8] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  525.938229][    T8] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  525.957680][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  526.001369][    T8] usb 1-1: Product: syz
[  526.018217][    T8] usb 1-1: Manufacturer: syz
[  526.022893][    T8] usb 1-1: SerialNumber: syz
[  526.868004][T10752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  526.897346][T10752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  527.015977][    T8] cdc_ncm 1-1:1.0: bind() failure
[  527.044158][    T8] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  527.077796][    T8] cdc_ncm 1-1:1.1: bind() failure
[  527.116812][    T8] usb 1-1: USB disconnect, device number 34
[  527.214219][T10778] loop4: detected capacity change from 0 to 64
[  527.711568][T10789] ubi0: attaching mtd0
[  527.718236][T10788] loop0: detected capacity change from 0 to 1024
[  527.774947][T10789] ubi0: scanning is finished
[  527.927715][T10789] ubi0: empty MTD device detected
[  528.462846][T10789] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  528.494081][T10794] loop4: detected capacity change from 0 to 2048
[  528.504047][T10789] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  528.513033][T10789] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  528.521171][T10789] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  528.530592][T10789] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  528.537736][T10789] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  528.588088][T10789] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1906183653
[  528.602228][T10789] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  528.621469][T10796] ubi0: background thread "ubi_bgt0d" started, PID 10796
[  528.652964][T10794] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  528.708886][T10794] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  528.748193][T10800] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 265: padding at end of block bitmap is not set
[  528.879471][ T8859] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  529.008032][T10808] loop3: detected capacity change from 0 to 1024
[  529.031119][T10804] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  529.040749][T10808] EXT4-fs: Ignoring removed nomblk_io_submit option
[  529.077939][T10804] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  529.108890][T10808] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  529.296943][ T8906] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  529.646214][T10825] dlm: no local IP address has been set
[  529.687744][T10825] dlm: cannot start dlm midcomms -107
[  529.718792][T10825] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1146'.
[  529.722482][T10827] loop3: detected capacity change from 0 to 1024
[  529.907008][T10795] loop2: detected capacity change from 0 to 40427
[  529.951795][T10795] F2FS-fs (loop2): invalid crc value
[  529.985708][T10795] F2FS-fs (loop2): Found nat_bits in checkpoint
[  530.185886][T10795] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  530.204328][T10836] loop4: detected capacity change from 0 to 2048
[  530.291366][T10812] loop0: detected capacity change from 0 to 32768
[  530.306407][T10836] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  530.340355][T10836] ext4 filesystem being mounted at /76/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  530.344757][T10812] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  530.422282][T10795] F2FS-fs (loop2): sanity_check_inode: corrupted inode i_blocks i_ino=b iblocks=0, run fsck to fix.
[  530.498978][ T8859] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  530.529741][ T9593] syz-executor: attempt to access beyond end of device
[  530.529741][ T9593] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  530.597827][ T9593] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  530.732102][T10812] XFS (loop0): Ending clean mount
[  530.734042][T10858] loop3: detected capacity change from 0 to 256
[  530.758632][T10858] exfat: Deprecated parameter 'namecase'
[  530.786860][T10858] exfat: Deprecated parameter 'utf8'
[  530.846156][T10858] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  531.123160][ T9132] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  531.546672][T10874] loop1: detected capacity change from 0 to 2048
[  531.602509][T10874] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  531.752394][T10874] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  531.906611][ T8977] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  532.191184][T10891] loop1: detected capacity change from 0 to 512
[  532.260147][T10891] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  532.358789][T10891] ext4 filesystem being mounted at /80/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  532.394760][T10891] EXT4-fs error (device loop1): ext4_find_dest_de:2066: inode #2: block 3: comm syz.1.1167: bad entry in directory: inode out of bounds - offset=12, inode=255, rec_len=12, size=2048 fake=1
[  532.446338][T10899] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1172'.
[  532.506168][T10891] EXT4-fs error (device loop1): ext4_find_dest_de:2066: inode #2: block 3: comm syz.1.1167: bad entry in directory: inode out of bounds - offset=12, inode=255, rec_len=12, size=2048 fake=1
[  532.689274][ T8977] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  533.017320][  T144] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  533.143494][  T144] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  533.256326][  T144] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  533.399759][  T144] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  533.457177][T10898] loop4: detected capacity change from 0 to 32768
[  533.526946][T10898] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  533.555991][T10919] process 'syz.2.1182' launched './file1' with NULL argv: empty string added
[  533.917253][  T144] bridge_slave_1: left allmulticast mode
[  533.943152][ T5114] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  533.954036][  T144] bridge_slave_1: left promiscuous mode
[  533.954086][ T5114] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  533.968653][ T5114] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  533.998668][ T5114] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  534.006928][ T5114] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  534.006938][T10898] XFS (loop4): Ending clean mount
[  534.022258][ T5114] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  534.027415][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[  534.115621][  T144] bridge_slave_0: left allmulticast mode
[  534.131896][  T144] bridge_slave_0: left promiscuous mode
[  534.143027][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[  534.297379][ T8859] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  534.575860][   T29] audit: type=1326 audit(1720145255.467:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10939 comm="syz.1.1187" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc468d75bd9 code=0x0
[  535.827944][T10956] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1188'.
[  535.894656][  T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  535.938095][  T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  535.963849][  T144] bond0 (unregistering): Released all slaves
[  536.000591][T10960] loop4: detected capacity change from 0 to 64
[  536.106019][  T144] : left promiscuous mode
[  536.127868][ T5114] Bluetooth: hci1: command tx timeout
[  536.841098][T10930] chnl_net:caif_netlink_parms(): no params data found
[  536.961269][  T144] hsr_slave_0: left promiscuous mode
[  536.967483][  T144] hsr_slave_1: left promiscuous mode
[  536.993379][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  537.013060][  T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  537.035705][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  537.055215][  T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  537.156226][  T144] veth1_macvtap: left promiscuous mode
[  537.180851][  T144] veth0_macvtap: left promiscuous mode
[  537.187277][  T144] veth1_vlan: left promiscuous mode
[  537.192754][  T144] veth0_vlan: left promiscuous mode
[  538.186490][T10997] loop2: detected capacity change from 0 to 2048
[  538.210916][ T5114] Bluetooth: hci1: command tx timeout
[  538.313177][T11000] loop4: detected capacity change from 0 to 2048
[  538.340749][T11000] EXT4-fs: Invalid want_extra_isize 7
[  538.400092][T10997] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  538.573749][ T9593] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  538.695486][T11008] loop4: detected capacity change from 0 to 2048
[  538.773949][T11010] loop2: detected capacity change from 0 to 1024
[  538.805365][T11008] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  538.834541][T11010] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  538.888848][T11010] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  538.967431][ T8859] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  539.202101][ T9593] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  539.397767][T11022] nbd0: detected capacity change from 0 to 12
[  539.456162][ T5572] block nbd0: Send control failed (result -89)
[  539.463732][T11028] block nbd0: NBD_DISCONNECT
[  539.487232][ T5572] block nbd0: Request send failed, requeueing
[  539.503441][ T5572] block nbd0: Disconnected due to user request.
[  539.514642][T11028] block nbd0: Send disconnect failed -89
[  539.548212][   T42] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  539.559421][   T42] Buffer I/O error on dev nbd0, logical block 0, async page read
[  539.571738][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  539.584661][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  539.640107][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  539.690099][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  539.701126][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  539.727816][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  539.747814][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  539.937905][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  539.968917][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  539.980822][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  539.998468][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  540.007703][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  540.029007][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  540.038368][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  540.176222][ T5572] ldm_validate_partition_table(): Disk read failed.
[  540.282296][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  540.294963][ T5114] Bluetooth: hci1: command tx timeout
[  540.416324][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  540.525314][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  540.585000][  T144] team0 (unregistering): Port device team_slave_1 removed
[  540.623259][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  540.685669][ T5572] Dev nbd0: unable to read RDB block 0
[  540.727972][ T5572]  nbd0: unable to read partition table
[  540.733791][ T5572] nbd0: partition table beyond EOD, truncated
[  540.808315][ T5572] ldm_validate_partition_table(): Disk read failed.
[  540.837174][ T5572] Dev nbd0: unable to read RDB block 0
[  540.917886][ T5572]  nbd0: unable to read partition table
[  540.936457][  T144] team0 (unregistering): Port device team_slave_0 removed
[  540.944051][ T5572] nbd0: partition table beyond EOD, truncated
[  540.964906][T11022] ldm_validate_partition_table(): Disk read failed.
[  540.986496][T11041] loop4: detected capacity change from 0 to 512
[  540.995384][T11022] Dev nbd0: unable to read RDB block 0
[  541.028142][T11022]  nbd0: unable to read partition table
[  541.033965][T11022] nbd0: partition table beyond EOD, truncated
[  541.108768][T11041] EXT4-fs error (device loop4): ext4_xattr_inode_iget:436: comm syz.4.1211: Parent and EA inode have the same ino 15
[  541.122348][T11032] loop2: detected capacity change from 0 to 32768
[  541.197825][T11032] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1209 (11032)
[  541.224738][T11041] EXT4-fs (loop4): Remounting filesystem read-only
[  541.270530][T11041] EXT4-fs (loop4): 1 orphan inode deleted
[  541.305291][T11041] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  541.331972][T11032] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  541.407795][T11032] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  541.437826][T11032] BTRFS info (device loop2): using free-space-tree
[  541.789577][T10863] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  542.377943][ T5114] Bluetooth: hci1: command tx timeout
[  542.527593][    C1] DEBUG: waiting rtnl_mutex for 562 jiffies.
[  542.534230][    C1] task:syz-executor    state:D stack:21024 pid:10930 tgid:10930 ppid:10909  flags:0x00004000
[  542.544497][    C1] Call Trace:
[  542.547834][    C1]  <TASK>
[  542.550803][    C1]  __schedule+0x1800/0x4a60
[  542.555370][    C1]  ? __pfx___schedule+0x10/0x10
[  542.560319][    C1]  ? __pfx_lock_release+0x10/0x10
[  542.565375][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[  542.570947][    C1]  ? schedule+0x90/0x320
[  542.575213][    C1]  schedule+0x14b/0x320
[  542.579421][    C1]  schedule_preempt_disabled+0x13/0x30
[  542.584905][    C1]  __mutex_lock+0x6a4/0xd70
[  542.589491][    C1]  ? __mutex_lock+0x527/0xd70
[  542.594199][    C1]  ? rtnetlink_rcv_msg+0x847/0x1180
[  542.599488][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  542.604554][    C1]  ? get_rtnl_holder+0x144/0x190
[  542.609585][    C1]  rtnetlink_rcv_msg+0x847/0x1180
[  542.614650][    C1]  ? rtnetlink_rcv_msg+0x208/0x1180
[  542.619946][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  542.625442][    C1]  ? is_bpf_text_address+0x285/0x2a0
[  542.630805][    C1]  ? __pfx_validate_chain+0x10/0x10
[  542.636056][    C1]  ? __pfx_validate_chain+0x10/0x10
[  542.641351][    C1]  ? arch_stack_walk+0x16d/0x1b0
[  542.646326][    C1]  ? mark_lock+0x9a/0x360
[  542.650747][    C1]  ? __pfx_validate_chain+0x10/0x10
[  542.655983][    C1]  ? __lock_acquire+0x1359/0x2000
[  542.661110][    C1]  ? mark_lock+0x9a/0x360
[  542.665482][    C1]  ? __lock_acquire+0x1359/0x2000
[  542.670620][    C1]  netlink_rcv_skb+0x1e3/0x430
[  542.675427][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  542.681070][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  542.686412][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  542.691702][    C1]  netlink_unicast+0x7f0/0x990
[  542.696516][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[  542.701897][    C1]  ? __virt_addr_valid+0x183/0x530
[  542.707052][    C1]  ? __check_object_size+0x49c/0x900
[  542.709818][T11072] loop1: detected capacity change from 0 to 1024
[  542.712401][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[  542.723863][    C1]  netlink_sendmsg+0x8e4/0xcb0
[  542.728722][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  542.734041][    C1]  ? aa_sock_msg_perm+0x91/0x160
[  542.739061][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  542.744383][    C1]  ? security_socket_sendmsg+0x87/0xb0
[  542.749923][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  542.755242][    C1]  __sock_sendmsg+0x221/0x270
[  542.759997][    C1]  __sys_sendto+0x3a4/0x4f0
[  542.761108][T11072] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  542.764515][    C1]  ? __pfx___sys_sendto+0x10/0x10
[  542.778331][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  542.783552][    C1]  ? blkcg_maybe_throttle_current+0x1ab/0xb80
[  542.789712][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  542.795732][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  542.802154][    C1]  __x64_sys_sendto+0xde/0x100
[  542.806971][    C1]  do_syscall_64+0xf3/0x230
[  542.811559][    C1]  ? clear_bhb_loop+0x35/0x90
[  542.816270][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  542.822264][    C1] RIP: 0033:0x7f0e3cd7796c
[  542.826715][    C1] RSP: 002b:00007fff50db1fa0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  542.835221][    C1] RAX: ffffffffffffffda RBX: 00007f0e3da34620 RCX: 00007f0e3cd7796c
[  542.843261][    C1] RDX: 000000000000003c RSI: 00007f0e3da34670 RDI: 0000000000000003
[  542.851316][    C1] RBP: 0000000000000000 R08: 00007fff50db1ff4 R09: 000000000000000c
[  542.859337][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  542.867376][    C1] R13: 0000000000000000 R14: 00007f0e3da34670 R15: 0000000000000000
[  542.875444][    C1]  </TASK>
[  542.878514][    C1] DEBUG: holding rtnl_mutex for 596 jiffies.
[  542.884505][    C1] task:kworker/u8:5    state:D stack:19856 pid:144   tgid:144   ppid:2      flags:0x00004000
[  542.894747][    C1] Workqueue: netns cleanup_net
[  542.898397][T11048] loop0: detected capacity change from 0 to 40427
[  542.899558][    C1] Call Trace:
[  542.909270][    C1]  <TASK>
[  542.912226][    C1]  __schedule+0x1800/0x4a60
[  542.913616][T11072] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  542.916771][    C1]  ? __pfx___schedule+0x10/0x10
[  542.934128][    C1]  ? __pfx_lock_release+0x10/0x10
[  542.939227][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  542.940337][T11048] F2FS-fs (loop0): heap/no_heap options were deprecated
[  542.945172][    C1]  ? kthread_data+0x52/0xd0
[  542.956667][    C1]  ? wq_worker_sleeping+0x66/0x240
[  542.961860][    C1]  ? schedule+0x90/0x320
[  542.966144][    C1]  schedule+0x14b/0x320
[  542.970393][    C1]  synchronize_rcu_expedited+0x684/0x830
[  542.976068][    C1]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  542.982329][    C1]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  542.987680][    C1]  ? __pfx___might_resched+0x10/0x10
[  542.992984][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  542.999047][    C1]  ? __pfx_autoremove_wake_function+0x10/0x10
[  543.005146][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  543.011099][T11048] F2FS-fs (loop0): invalid crc value
[  543.011540][    C1]  synchronize_rcu+0x11b/0x360
[  543.021577][    C1]  ? __pfx_synchronize_rcu+0x10/0x10
[  543.026914][    C1]  lockdep_unregister_key+0x556/0x610
[  543.032384][    C1]  ? __pfx_lockdep_unregister_key+0x10/0x10
[  543.035675][T11048] F2FS-fs (loop0): Found nat_bits in checkpoint
[  543.038331][    C1]  ? rcu_is_watching+0x15/0xb0
[  543.038367][    C1]  ? qdisc_reset+0x3bf/0x5b0
[  543.038394][    C1]  __qdisc_destroy+0x165/0x410
[  543.038419][    C1]  dev_shutdown+0x357/0x440
[  543.038447][    C1]  unregister_netdevice_many_notify+0x9c7/0x1d20
[  543.038496][    C1]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  543.038541][    C1]  ? unregister_netdevice_queue+0x26b/0x370
[  543.082519][    C1]  ? batadv_softif_destroy_netlink+0x1e0/0x270
[  543.088936][    C1]  default_device_exit_batch+0xa0f/0xa90
[  543.094617][    C1]  ? __pfx___might_resched+0x10/0x10
[  543.099973][    C1]  ? __pfx_default_device_exit_batch+0x10/0x10
[  543.106172][    C1]  ? cfg802154_pernet_exit+0xc3/0xe0
[  543.111541][    C1]  ? __pfx_default_device_exit_batch+0x10/0x10
[  543.117761][    C1]  cleanup_net+0x89d/0xcc0
[  543.122215][    C1]  ? __pfx_cleanup_net+0x10/0x10
[  543.127184][    C1]  ? process_scheduled_works+0x945/0x1830
[  543.132979][    C1]  process_scheduled_works+0xa2c/0x1830
[  543.138612][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  543.144631][    C1]  ? assign_work+0x364/0x3d0
[  543.149312][    C1]  worker_thread+0x86d/0xd40
[  543.150387][T11048] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  543.153916][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  543.167325][    C1]  ? __kthread_parkme+0x169/0x1d0
[  543.172439][    C1]  ? __pfx_worker_thread+0x10/0x10
[  543.177619][    C1]  kthread+0x2f0/0x390
[  543.181721][    C1]  ? __pfx_worker_thread+0x10/0x10
[  543.186871][    C1]  ? __pfx_kthread+0x10/0x10
[  543.191557][    C1]  ret_from_fork+0x4b/0x80
[  543.196014][    C1]  ? __pfx_kthread+0x10/0x10
[  543.200693][    C1]  ret_from_fork_asm+0x1a/0x30
[  543.205511][    C1]  </TASK>
[  543.208599][    C1] DEBUG: waiting rtnl_mutex for 603 jiffies.
[  543.214598][    C1] task:kworker/1:3     state:D stack:20560 pid:5148  tgid:5148  ppid:2      flags:0x00004000
[  543.224858][    C1] Workqueue: events linkwatch_event
[  543.230120][    C1] Call Trace:
[  543.233418][    C1]  <TASK>
[  543.236360][    C1]  __schedule+0x1800/0x4a60
[  543.241057][    C1]  ? __pfx___schedule+0x10/0x10
[  543.245936][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  543.252005][    C1]  ? __pfx_lock_release+0x10/0x10
[  543.257048][    C1]  ? kick_pool+0x45c/0x620
[  543.261505][    C1]  ? preempt_schedule_thunk+0x1a/0x30
[  543.266891][    C1]  ? schedule+0x90/0x320
[  543.271200][    C1]  schedule+0x14b/0x320
[  543.275368][    C1]  schedule_preempt_disabled+0x13/0x30
[  543.280866][    C1]  __mutex_lock+0x6a4/0xd70
[  543.285388][    C1]  ? __mutex_lock+0x527/0xd70
[  543.290127][    C1]  ? linkwatch_event+0xe/0x60
[  543.294815][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  543.299911][    C1]  ? get_rtnl_holder+0x144/0x190
[  543.304873][    C1]  ? process_scheduled_works+0x945/0x1830
[  543.310631][    C1]  linkwatch_event+0xe/0x60
[  543.315146][    C1]  process_scheduled_works+0xa2c/0x1830
[  543.320760][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  543.326769][    C1]  ? assign_work+0x364/0x3d0
[  543.331433][    C1]  worker_thread+0x86d/0xd40
[  543.336044][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  543.341991][    C1]  ? __kthread_parkme+0x169/0x1d0
[  543.347074][    C1]  ? __pfx_worker_thread+0x10/0x10
[  543.352324][    C1]  kthread+0x2f0/0x390
[  543.356427][    C1]  ? __pfx_worker_thread+0x10/0x10
[  543.361620][    C1]  ? __pfx_kthread+0x10/0x10
[  543.366240][    C1]  ret_from_fork+0x4b/0x80
[  543.370705][    C1]  ? __pfx_kthread+0x10/0x10
[  543.375292][    C1]  ret_from_fork_asm+0x1a/0x30
[  543.380113][    C1]  </TASK>
[  543.383140][    C1] 
[  543.383140][    C1] Showing all locks held in the system:
[  543.390920][    C1] 5 locks held by kworker/u8:5/144:
[  543.396648][    C1]  #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  543.407606][    C1]  #1: ffffc90002d0fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  543.418227][    C1]  #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  543.427724][    C1]  #3: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90
[  543.437858][    C1]  #4: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[  543.448879][    C1] 2 locks held by kworker/u8:14/2913:
[  543.454254][    C1]  #0: ffff8880b943ea18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  543.464217][    C1]  #1: ffff8880b9428948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x441/0x770
[  543.475735][    C1] 1 lock held by dhcpcd/4765:
[  543.480497][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0
[  543.489732][    C1] 2 locks held by getty/4850:
[  543.494416][    C1]  #0: ffff88802a2fd0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  543.504268][    C1]  #1: ffffc90002f162f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[  543.514465][    C1] 3 locks held by kworker/1:3/5148:
[  543.519945][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  543.530979][    C1]  #1: ffffc90003ee7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  543.541990][    C1]  #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  543.551073][    C1] 1 lock held by syz-executor/8977:
[  543.556271][    C1]  #0: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830
[  543.567215][    C1] 1 lock held by syz.4.1159/10863:
[  543.572366][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[  543.581417][    C1] 1 lock held by syz-executor/10930:
[  543.586698][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180
[  543.596230][    C1] 2 locks held by syz.2.1209/11065:
[  543.601464][    C1]  #0: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650
[  543.611610][    C1]  #1: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  543.621513][    C1] 
[  543.623819][    C1] =============================================
[  543.623819][    C1] 
[  543.659430][ T9132] syz-executor: attempt to access beyond end of device
[  543.659430][ T9132] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  543.678230][ T8977] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  543.732754][ T9132] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  543.774835][ T9593] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  544.687648][    C1] DEBUG: waiting rtnl_mutex for 637 jiffies.
[  544.693726][    C1] task:dhcpcd          state:D stack:20672 pid:4765  tgid:4765  ppid:4764   flags:0x00000002
[  544.704149][    C1] Call Trace:
[  544.707438][    C1]  <TASK>
[  544.710413][    C1]  __schedule+0x1800/0x4a60
[  544.714964][    C1]  ? __pfx___schedule+0x10/0x10
[  544.719903][    C1]  ? __pfx_lock_release+0x10/0x10
[  544.724970][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[  544.730514][    C1]  ? schedule+0x90/0x320
[  544.734781][    C1]  schedule+0x14b/0x320
[  544.738995][    C1]  schedule_preempt_disabled+0x13/0x30
[  544.744471][    C1]  __mutex_lock+0x6a4/0xd70
[  544.749036][    C1]  ? __mutex_lock+0x527/0xd70
[  544.753821][    C1]  ? devinet_ioctl+0x2ce/0x1bc0
[  544.758729][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  544.763783][    C1]  ? bpf_lsm_capable+0x9/0x10
[  544.768513][    C1]  ? security_capable+0x90/0xb0
[  544.773388][    C1]  ? get_rtnl_holder+0x144/0x190
[  544.778412][    C1]  devinet_ioctl+0x2ce/0x1bc0
[  544.783132][    C1]  ? get_user_ifreq+0x1bb/0x200
[  544.788063][    C1]  inet_ioctl+0x3d7/0x4f0
[  544.792440][    C1]  ? __pfx_inet_ioctl+0x10/0x10
[  544.797355][    C1]  sock_do_ioctl+0x158/0x460
[  544.802028][    C1]  ? __pfx_sock_do_ioctl+0x10/0x10
[  544.807170][    C1]  ? __pfx_lock_release+0x10/0x10
[  544.812291][    C1]  sock_ioctl+0x629/0x8e0
[  544.816653][    C1]  ? __pfx_sock_ioctl+0x10/0x10
[  544.821573][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  544.827630][    C1]  ? bpf_lsm_file_ioctl+0x9/0x10
[  544.832593][    C1]  ? security_file_ioctl+0x87/0xb0
[  544.837751][    C1]  ? __pfx_sock_ioctl+0x10/0x10
[  544.842628][    C1]  __se_sys_ioctl+0xfc/0x170
[  544.847246][    C1]  do_syscall_64+0xf3/0x230
[  544.851801][    C1]  ? clear_bhb_loop+0x35/0x90
[  544.856518][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.862486][    C1] RIP: 0033:0x7fa9ca2fbd49
[  544.866921][    C1] RSP: 002b:00007ffdfbf95af8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  544.875411][    C1] RAX: ffffffffffffffda RBX: 00007fa9ca22d6c0 RCX: 00007fa9ca2fbd49
[  544.883433][    C1] RDX: 00007ffdfbfa5ce8 RSI: 0000000000008914 RDI: 0000000000000018
[  544.891461][    C1] RBP: 00007ffdfbfb5ea8 R08: 00007ffdfbfa5ca8 R09: 00007ffdfbfa5c58
[  544.899474][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  544.907456][    C1] R13: 00007ffdfbfa5ce8 R14: 0000000000000028 R15: 0000000000008914
[  544.915513][    C1]  </TASK>
[  544.918640][    C1] DEBUG: waiting rtnl_mutex for 801 jiffies.
[  544.924620][    C1] task:syz-executor    state:D stack:21024 pid:10930 tgid:10930 ppid:10909  flags:0x00004000
[  544.934799][    C1] Call Trace:
[  544.938095][    C1]  <TASK>
[  544.941018][    C1]  __schedule+0x1800/0x4a60
[  544.945522][    C1]  ? __pfx___schedule+0x10/0x10
[  544.950381][    C1]  ? __pfx_lock_release+0x10/0x10
[  544.955399][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[  544.960874][    C1]  ? schedule+0x90/0x320
[  544.965107][    C1]  schedule+0x14b/0x320
[  544.969276][    C1]  schedule_preempt_disabled+0x13/0x30
[  544.974725][    C1]  __mutex_lock+0x6a4/0xd70
[  544.979271][    C1]  ? __mutex_lock+0x527/0xd70
[  544.983951][    C1]  ? rtnetlink_rcv_msg+0x847/0x1180
[  544.989801][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  544.994827][    C1]  ? get_rtnl_holder+0x144/0x190
[  544.999780][    C1]  rtnetlink_rcv_msg+0x847/0x1180
[  545.004804][    C1]  ? rtnetlink_rcv_msg+0x208/0x1180
[  545.010018][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  545.015471][    C1]  ? is_bpf_text_address+0x285/0x2a0
[  545.020776][    C1]  ? __pfx_validate_chain+0x10/0x10
[  545.025967][    C1]  ? __pfx_validate_chain+0x10/0x10
[  545.031178][    C1]  ? arch_stack_walk+0x16d/0x1b0
[  545.036107][    C1]  ? mark_lock+0x9a/0x360
[  545.040447][    C1]  ? __pfx_validate_chain+0x10/0x10
[  545.045637][    C1]  ? __lock_acquire+0x1359/0x2000
[  545.050683][    C1]  ? mark_lock+0x9a/0x360
[  545.055005][    C1]  ? __lock_acquire+0x1359/0x2000
[  545.060049][    C1]  netlink_rcv_skb+0x1e3/0x430
[  545.064820][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  545.070294][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  545.075581][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  545.080788][    C1]  netlink_unicast+0x7f0/0x990
[  545.085559][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[  545.090877][    C1]  ? __virt_addr_valid+0x183/0x530
[  545.095989][    C1]  ? __check_object_size+0x49c/0x900
[  545.101297][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[  545.106503][    C1]  netlink_sendmsg+0x8e4/0xcb0
[  545.111298][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  545.116572][    C1]  ? aa_sock_msg_perm+0x91/0x160
[  545.121524][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  545.126797][    C1]  ? security_socket_sendmsg+0x87/0xb0
[  545.132305][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  545.137643][    C1]  __sock_sendmsg+0x221/0x270
[  545.142370][    C1]  __sys_sendto+0x3a4/0x4f0
[  545.146866][    C1]  ? __pfx___sys_sendto+0x10/0x10
[  545.151912][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  545.157101][    C1]  ? blkcg_maybe_throttle_current+0x1ab/0xb80
[  545.163196][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  545.169199][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  545.175531][    C1]  __x64_sys_sendto+0xde/0x100
[  545.180309][    C1]  do_syscall_64+0xf3/0x230
[  545.184795][    C1]  ? clear_bhb_loop+0x35/0x90
[  545.189484][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.195362][    C1] RIP: 0033:0x7f0e3cd7796c
[  545.199779][    C1] RSP: 002b:00007fff50db1fa0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  545.208195][    C1] RAX: ffffffffffffffda RBX: 00007f0e3da34620 RCX: 00007f0e3cd7796c
[  545.216145][    C1] RDX: 000000000000003c RSI: 00007f0e3da34670 RDI: 0000000000000003
[  545.224116][    C1] RBP: 0000000000000000 R08: 00007fff50db1ff4 R09: 000000000000000c
[  545.232117][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  545.240107][    C1] R13: 0000000000000000 R14: 00007f0e3da34670 R15: 0000000000000000
[  545.248104][    C1]  </TASK>
[  545.251123][    C1] DEBUG: holding rtnl_mutex for 833 jiffies.
[  545.257091][    C1] task:kworker/u8:5    state:D stack:19856 pid:144   tgid:144   ppid:2      flags:0x00004000
[  545.267274][    C1] Workqueue: netns cleanup_net
[  545.272066][    C1] Call Trace:
[  545.275341][    C1]  <TASK>
[  545.278284][    C1]  __schedule+0x1800/0x4a60
[  545.282794][    C1]  ? __pfx___schedule+0x10/0x10
[  545.287660][    C1]  ? __pfx_lock_release+0x10/0x10
[  545.292673][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  545.298574][    C1]  ? kthread_data+0x52/0xd0
[  545.303063][    C1]  ? wq_worker_sleeping+0x66/0x240
[  545.308181][    C1]  ? schedule+0x90/0x320
[  545.312428][    C1]  schedule+0x14b/0x320
[  545.316580][    C1]  synchronize_rcu_expedited+0x684/0x830
[  545.322241][    C1]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  545.328419][    C1]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  545.333700][    C1]  ? __pfx___might_resched+0x10/0x10
[  545.338994][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  545.344961][    C1]  ? __pfx_autoremove_wake_function+0x10/0x10
[  545.351037][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  545.357352][    C1]  synchronize_rcu+0x11b/0x360
[  545.362127][    C1]  ? __pfx_synchronize_rcu+0x10/0x10
[  545.367405][    C1]  lockdep_unregister_key+0x556/0x610
[  545.372785][    C1]  ? __pfx_lockdep_unregister_key+0x10/0x10
[  545.378683][    C1]  ? rcu_is_watching+0x15/0xb0
[  545.383433][    C1]  ? qdisc_reset+0x3bf/0x5b0
[  545.388029][    C1]  __qdisc_destroy+0x165/0x410
[  545.392791][    C1]  dev_shutdown+0x9b/0x440
[  545.397188][    C1]  unregister_netdevice_many_notify+0x9c7/0x1d20
[  545.403532][    C1]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  545.410305][    C1]  ? unregister_netdevice_queue+0x26b/0x370
[  545.416187][    C1]  ? batadv_softif_destroy_netlink+0x1e0/0x270
[  545.422361][    C1]  default_device_exit_batch+0xa0f/0xa90
[  545.428009][    C1]  ? __pfx___might_resched+0x10/0x10
[  545.433365][    C1]  ? __pfx_default_device_exit_batch+0x10/0x10
[  545.439530][    C1]  ? cfg802154_pernet_exit+0xc3/0xe0
[  545.444811][    C1]  ? __pfx_default_device_exit_batch+0x10/0x10
[  545.450996][    C1]  cleanup_net+0x89d/0xcc0
[  545.455423][    C1]  ? __pfx_cleanup_net+0x10/0x10
[  545.460391][    C1]  ? process_scheduled_works+0x945/0x1830
[  545.466112][    C1]  process_scheduled_works+0xa2c/0x1830
[  545.471693][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  545.477691][    C1]  ? assign_work+0x364/0x3d0
[  545.482272][    C1]  worker_thread+0x86d/0xd40
[  545.486857][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  545.492786][    C1]  ? __kthread_parkme+0x169/0x1d0
[  545.497844][    C1]  ? __pfx_worker_thread+0x10/0x10
[  545.503031][    C1]  kthread+0x2f0/0x390
[  545.507086][    C1]  ? __pfx_worker_thread+0x10/0x10
[  545.512216][    C1]  ? __pfx_kthread+0x10/0x10
[  545.516810][    C1]  ret_from_fork+0x4b/0x80
[  545.521254][    C1]  ? __pfx_kthread+0x10/0x10
[  545.525835][    C1]  ret_from_fork_asm+0x1a/0x30
[  545.530640][    C1]  </TASK>
[  545.533650][    C1] DEBUG: waiting rtnl_mutex for 835 jiffies.
[  545.539662][    C1] task:kworker/1:3     state:D stack:20560 pid:5148  tgid:5148  ppid:2      flags:0x00004000
[  545.549839][    C1] Workqueue: events linkwatch_event
[  545.555028][    C1] Call Trace:
[  545.558316][    C1]  <TASK>
[  545.561238][    C1]  __schedule+0x1800/0x4a60
[  545.565746][    C1]  ? __pfx___schedule+0x10/0x10
[  545.570610][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  545.576583][    C1]  ? __pfx_lock_release+0x10/0x10
[  545.581628][    C1]  ? kick_pool+0x45c/0x620
[  545.586031][    C1]  ? preempt_schedule_thunk+0x1a/0x30
[  545.591427][    C1]  ? schedule+0x90/0x320
[  545.595658][    C1]  schedule+0x14b/0x320
[  545.599821][    C1]  schedule_preempt_disabled+0x13/0x30
[  545.605261][    C1]  __mutex_lock+0x6a4/0xd70
[  545.609775][    C1]  ? __mutex_lock+0x527/0xd70
[  545.614435][    C1]  ? linkwatch_event+0xe/0x60
[  545.619121][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  545.624135][    C1]  ? get_rtnl_holder+0x144/0x190
[  545.629076][    C1]  ? process_scheduled_works+0x945/0x1830
[  545.634777][    C1]  linkwatch_event+0xe/0x60
[  545.639282][    C1]  process_scheduled_works+0xa2c/0x1830
[  545.644833][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  545.650831][    C1]  ? assign_work+0x364/0x3d0
[  545.655433][    C1]  worker_thread+0x86d/0xd40
[  545.660055][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  545.665933][    C1]  ? __kthread_parkme+0x169/0x1d0
[  545.670963][    C1]  ? __pfx_worker_thread+0x10/0x10
[  545.676059][    C1]  kthread+0x2f0/0x390
[  545.680139][    C1]  ? __pfx_worker_thread+0x10/0x10
[  545.685249][    C1]  ? __pfx_kthread+0x10/0x10
[  545.689865][    C1]  ret_from_fork+0x4b/0x80
[  545.694271][    C1]  ? __pfx_kthread+0x10/0x10
[  545.698874][    C1]  ret_from_fork_asm+0x1a/0x30
[  545.703639][    C1]  </TASK>
[  545.706644][    C1] 
[  545.706644][    C1] Showing all locks held in the system:
[  545.714374][    C1] 5 locks held by kworker/u8:5/144:
[  545.719580][    C1]  #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  545.730552][    C1]  #1: ffffc90002d0fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  545.741105][    C1]  #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  545.750540][    C1]  #3: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90
[  545.760552][    C1]  #4: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[  545.771451][    C1] 1 lock held by dhcpcd/4765:
[  545.776105][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0
[  545.785267][    C1] 2 locks held by getty/4850:
[  545.789957][    C1]  #0: ffff88802a2fd0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  545.799709][    C1]  #1: ffffc90002f162f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[  545.809809][    C1] 3 locks held by kworker/1:3/5148:
[  545.814981][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  545.825943][    C1]  #1: ffffc90003ee7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  545.836908][    C1]  #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  545.845882][    C1] 3 locks held by kworker/u8:4/9166:
[  545.851165][    C1] 1 lock held by syz.4.1159/10863:
[  545.856248][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[  545.865215][    C1] 1 lock held by syz-executor/10930:
[  545.870499][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180
[  545.879991][    C1] 1 lock held by syz.1.1218/11077:
[  545.885079][    C1] 3 locks held by syz.1.1218/11078:
[  545.890271][    C1]  #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[  545.898463][    C1]  #1: ffff888072156678 (nlk_cb_mutex-GENERIC){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780
[  545.908995][    C1]  #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: netdev_nl_napi_get_dumpit+0x15d/0x6c0
[  545.919097][    C1] 2 locks held by syz.2.1220/11080:
[  545.924270][    C1]  #0: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650
[  545.934397][    C1]  #1: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  545.944258][    C1] 
[  545.946566][    C1] =============================================
[  545.946566][    C1] 
[  546.528378][    T8] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  547.355622][T11095] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  547.368953][T10930] bridge0: port 1(bridge_slave_0) entered blocking state
[  547.376107][T10930] bridge0: port 1(bridge_slave_0) entered disabled state
[  547.403652][T10930] bridge_slave_0: entered allmulticast mode
[  547.404745][T11095] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  547.426724][T10930] bridge_slave_0: entered promiscuous mode
[  547.437719][    T8] usb 1-1: Using ep0 maxpacket: 32
[  547.460408][    T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  547.497838][T10930] bridge0: port 2(bridge_slave_1) entered blocking state
[  547.525931][T10930] bridge0: port 2(bridge_slave_1) entered disabled state
[  547.527618][    T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  547.557676][T10930] bridge_slave_1: entered allmulticast mode
[  547.567113][T10930] bridge_slave_1: entered promiscuous mode
[  547.583290][    T8] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  547.623333][    T8] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  547.658774][    T8] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  547.697661][    T8] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  547.705339][T10930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  547.742949][    T8] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  547.755268][T10930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  547.764001][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  547.787785][    T8] usb 1-1: Product: syz
[  547.792596][    T8] usb 1-1: Manufacturer: syz
[  547.828035][    T8] usb 1-1: SerialNumber: syz
[  547.880669][   T58] infiniband syz1: ib_query_port failed (-19)
[  547.999625][T10930] team0: Port device team_slave_0 added
[  548.039881][T11084] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  548.051289][T10930] team0: Port device team_slave_1 added
[  548.062040][T11084] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  548.113859][    T8] cdc_ncm 1-1:1.0: bind() failure
[  548.164328][    T8] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  548.191792][    T8] cdc_ncm 1-1:1.1: bind() failure
[  548.229526][    T8] usb 1-1: USB disconnect, device number 35
[  548.425036][  T144] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  548.549161][ T5099] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  548.597404][ T5099] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  548.607438][ T5099] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  548.621414][ T5099] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  548.631994][ T5099] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  548.643737][ T5099] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  549.010643][T11124] nbd1: detected capacity change from 0 to 12
[  549.021155][T11132] block nbd1: NBD_DISCONNECT
[  549.026228][T11132] block nbd1: Send disconnect failed -89
[  549.040967][ T5572] block nbd1: Send control failed (result -89)
[  549.110766][ T5572] block nbd1: Request send failed, requeueing
[  549.116960][ T5572] block nbd1: Disconnected due to user request.
[  549.138238][T10930] batman_adv: batadv0: Adding interface: batadv_slave_0
[  549.145221][T10930] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  549.148984][   T59] blk_print_req_error: 40 callbacks suppressed
[  549.149000][   T59] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  549.186730][   T59] buffer_io_error: 40 callbacks suppressed
[  549.186745][   T59] Buffer I/O error on dev nbd1, logical block 0, async page read
[  549.202084][ T5572] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  549.207948][T10930] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  549.226564][T10930] batman_adv: batadv0: Adding interface: batadv_slave_1
[  549.233831][T10930] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  549.260839][ T5572] Buffer I/O error on dev nbd1, logical block 0, async page read
[  549.262153][T10930] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  549.285549][ T5572] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  549.291518][T11134] loop2: detected capacity change from 0 to 2048
[  549.301926][T11134] EXT4-fs: Invalid want_extra_isize 7
[  549.314262][ T5572] Buffer I/O error on dev nbd1, logical block 0, async page read
[  549.322365][ T5572] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  549.334250][ T5572] Buffer I/O error on dev nbd1, logical block 0, async page read
[  549.360070][ T5572] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  549.382565][ T5572] Buffer I/O error on dev nbd1, logical block 0, async page read
[  549.401860][ T5572] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  549.405574][  T144] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  549.422028][ T5572] Buffer I/O error on dev nbd1, logical block 0, async page read
[  549.438751][ T5572] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  549.458112][ T5572] Buffer I/O error on dev nbd1, logical block 0, async page read
[  549.475643][ T5572] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  549.505712][ T5572] Buffer I/O error on dev nbd1, logical block 0, async page read
[  549.547681][ T5572] ldm_validate_partition_table(): Disk read failed.
[  549.554517][ T5572] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  549.589910][ T5572] Buffer I/O error on dev nbd1, logical block 0, async page read
[  549.616781][ T5572] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  549.628452][  T144] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  549.631580][ T5572] Buffer I/O error on dev nbd1, logical block 0, async page read
[  549.654455][ T5572] Dev nbd1: unable to read RDB block 0
[  549.660549][ T5572]  nbd1: unable to read partition table
[  549.666342][ T5572] nbd1: partition table beyond EOD, truncated
[  549.682710][ T5572] ldm_validate_partition_table(): Disk read failed.
[  549.703003][T10930] hsr_slave_0: entered promiscuous mode
[  549.716511][ T5572] Dev nbd1: unable to read RDB block 0
[  549.724814][ T5572]  nbd1: unable to read partition table
[  549.737335][ T5572] nbd1: partition table beyond EOD, truncated
[  549.764387][T10930] hsr_slave_1: entered promiscuous mode
[  549.886359][  T144] team0: Port device netdevsim0 removed
[  549.910041][  T144] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  550.389278][T11136] loop0: detected capacity change from 0 to 40427
[  550.522121][T11136] F2FS-fs (loop0): Found nat_bits in checkpoint
[  550.701408][T11142] loop1: detected capacity change from 0 to 40427
[  550.733783][T11136] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  550.760477][  T144] bridge_slave_1: left allmulticast mode
[  550.772084][ T5114] Bluetooth: hci4: command tx timeout
[  550.773909][  T144] bridge_slave_1: left promiscuous mode
[  550.795178][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[  550.821759][  T144] bridge_slave_0: left allmulticast mode
[  550.841722][  T144] bridge_slave_0: left promiscuous mode
[  550.847349][T11142] F2FS-fs (loop1): invalid crc value
[  550.849463][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[  550.869965][T11141] loop2: detected capacity change from 0 to 32768
[  550.879904][T11142] F2FS-fs (loop1): Found nat_bits in checkpoint
[  550.910182][T11141] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1235 (11141)
[  550.969884][T11141] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  550.989488][T11141] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  551.021634][T11141] BTRFS info (device loop2): using free-space-tree
[  551.088867][T11142] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  551.213180][ T8977] syz-executor: attempt to access beyond end of device
[  551.213180][ T8977] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  551.245707][ T8977] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  552.105302][ T9593] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  552.303705][T11187] UBIFS error (pid: 11187): cannot open "./file0", error -22
[  552.936139][ T5114] Bluetooth: hci4: command tx timeout
[  553.511703][  T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  553.526345][  T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  553.537428][  T144] bond0 (unregistering): Released all slaves
[  553.778771][ T9132] syz-executor: attempt to access beyond end of device
[  553.778771][ T9132] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  553.793736][ T9132] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  553.913633][T11128] chnl_net:caif_netlink_parms(): no params data found
[  553.924202][T11205] loop2: detected capacity change from 0 to 2048
[  553.957150][T11205] EXT4-fs: Invalid want_extra_isize 7
[  554.032283][  T144] : left promiscuous mode
[  555.012447][ T5099] Bluetooth: hci4: command tx timeout
[  555.130197][ T2529] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  555.271313][T11217] nbd0: detected capacity change from 0 to 12
[  555.294009][T11218] block nbd0: NBD_DISCONNECT
[  555.303750][ T5572] block nbd0: Send control failed (result -89)
[  555.320950][T11209] loop2: detected capacity change from 0 to 40427
[  555.336732][ T5572] block nbd0: Request send failed, requeueing
[  555.343190][ T2529] usb 2-1: Using ep0 maxpacket: 8
[  555.352622][T11128] bridge0: port 1(bridge_slave_0) entered blocking state
[  555.363136][T11209] F2FS-fs (loop2): invalid crc value
[  555.363603][ T2529] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  555.375838][T11128] bridge0: port 1(bridge_slave_0) entered disabled state
[  555.380721][ T5572] block nbd0: Disconnected due to user request.
[  555.389797][T11209] F2FS-fs (loop2): Found nat_bits in checkpoint
[  555.402278][T11128] bridge_slave_0: entered allmulticast mode
[  555.404586][   T59] blk_print_req_error: 25 callbacks suppressed
[  555.404604][   T59] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  555.408303][T11218] block nbd0: Send disconnect failed -89
[  555.417821][ T2529] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  555.423896][   T59] buffer_io_error: 25 callbacks suppressed
[  555.423911][   T59] Buffer I/O error on dev nbd0, logical block 0, async page read
[  555.431820][T11128] bridge_slave_0: entered promiscuous mode
[  555.463055][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  555.472160][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  555.489280][ T2529] usb 2-1: config 0 descriptor??
[  555.503097][T11209] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  555.517103][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  555.555960][T11128] bridge0: port 2(bridge_slave_1) entered blocking state
[  555.561058][T11209] F2FS-fs (loop2): sanity_check_inode: corrupted inode i_blocks i_ino=b iblocks=0, run fsck to fix.
[  555.573383][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  555.574404][T11128] bridge0: port 2(bridge_slave_1) entered disabled state
[  555.583894][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  555.588975][T11128] bridge_slave_1: entered allmulticast mode
[  555.590179][T11128] bridge_slave_1: entered promiscuous mode
[  555.620271][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  555.635122][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  555.644698][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  555.644806][ T9593] syz-executor: attempt to access beyond end of device
[  555.644806][ T9593] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  555.653855][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  555.675792][ T9593] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  555.676448][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  555.691085][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  555.700321][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  555.707200][T10930] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  555.727839][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  555.769069][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  555.776908][ T5572] ldm_validate_partition_table(): Disk read failed.
[  555.789150][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  555.798657][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  555.806506][ T5572] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  555.829225][ T5572] Buffer I/O error on dev nbd0, logical block 0, async page read
[  555.837205][ T5572] Dev nbd0: unable to read RDB block 0
[  555.864977][ T5572]  nbd0: unable to read partition table
[  555.871353][T10930] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  555.878464][ T5572] nbd0: partition table beyond EOD, truncated
[  555.887168][ T5572] ldm_validate_partition_table(): Disk read failed.
[  555.896260][ T5572] Dev nbd0: unable to read RDB block 0
[  555.905218][ T5572]  nbd0: unable to read partition table
[  555.911571][ T5572] nbd0: partition table beyond EOD, truncated
[  555.911685][T10930] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  556.009722][  T144] hsr_slave_0: left promiscuous mode
[  556.026655][  T144] hsr_slave_1: left promiscuous mode
[  556.050245][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  556.064893][  T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  556.089312][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  556.096768][  T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  556.157634][  T144] veth1_macvtap: left promiscuous mode
[  556.163207][  T144] veth0_macvtap: left promiscuous mode
[  556.192263][  T144] veth1_vlan: left promiscuous mode
[  556.206149][  T144] veth0_vlan: left promiscuous mode
[  556.393108][  T144] pimreg (unregistering): left allmulticast mode
[  556.630007][ T5148] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  557.100148][ T5099] Bluetooth: hci4: command tx timeout
[  557.459444][  T144] team0 (unregistering): Port device team_slave_1 removed
[  557.498653][ T5148] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  557.509836][ T5148] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  557.519759][ T5148] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  557.528941][ T5148] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  557.541033][ T5148] usb 1-1: config 0 descriptor??
[  557.566452][  T144] team0 (unregistering): Port device team_slave_0 removed
[  557.753235][ T2529] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71
[  557.782640][ T2529] asix 2-1:0.0: probe with driver asix failed with error -71
[  557.814355][ T2529] usb 2-1: USB disconnect, device number 35
[  557.969495][ T5148] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0
[  557.977824][ T5148] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0
[  558.012113][ T5148] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0003/input/input14
[  558.104870][ T5148] cm6533_jd 0003:0D8C:0022.0003: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0
[  558.193332][    T8] usb 1-1: USB disconnect, device number 36
[  558.360844][T11237] loop1: detected capacity change from 0 to 2048
[  558.374648][T11237] EXT4-fs: Invalid want_extra_isize 7
[  558.636288][T11128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  558.650546][T11244] nbd2: detected capacity change from 0 to 12
[  558.658361][T11244] block nbd2: NBD_DISCONNECT
[  558.661441][ T5572] block nbd2: Send control failed (result -89)
[  558.672485][T11128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  558.685696][ T5572] block nbd2: Request send failed, requeueing
[  558.692181][T10930] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  558.708630][ T5572] block nbd2: Disconnected due to user request.
[  558.717377][T11244] block nbd2: Send disconnect failed -89
[  558.731741][ T5572] ldm_validate_partition_table(): Disk read failed.
[  558.757695][ T5572] Dev nbd2: unable to read RDB block 0
[  558.763410][ T5572]  nbd2: unable to read partition table
[  558.769320][ T5572] nbd2: partition table beyond EOD, truncated
[  558.777612][ T5572] ldm_validate_partition_table(): Disk read failed.
[  558.784476][ T5572] Dev nbd2: unable to read RDB block 0
[  558.791876][ T5572]  nbd2: unable to read partition table
[  558.799040][ T5572] nbd2: partition table beyond EOD, truncated
[  558.915725][T11249] input: syz1 as /devices/virtual/input/input15
[  558.952072][T11128] team0: Port device team_slave_0 added
[  559.013954][T11128] team0: Port device team_slave_1 added
[  559.384657][T11128] batman_adv: batadv0: Adding interface: batadv_slave_0
[  559.427677][T11128] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  559.728583][T11128] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  560.110311][T11128] batman_adv: batadv0: Adding interface: batadv_slave_1
[  560.165742][T11128] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  560.212768][T11241] loop1: detected capacity change from 0 to 40427
[  560.233311][T11128] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  560.268620][T11241] F2FS-fs (loop1): invalid crc value
[  560.281431][T11241] F2FS-fs (loop1): Found nat_bits in checkpoint
[  560.402145][T11241] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  560.411981][T10930] 8021q: adding VLAN 0 to HW filter on device bond0
[  560.437974][T11241] F2FS-fs (loop1): sanity_check_inode: corrupted inode i_blocks i_ino=b iblocks=0, run fsck to fix.
[  560.474350][T11128] hsr_slave_0: entered promiscuous mode
[  560.492249][T11128] hsr_slave_1: entered promiscuous mode
[  560.506171][T11128] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  560.515016][ T8977] syz-executor: attempt to access beyond end of device
[  560.515016][ T8977] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  560.529738][T11128] Cannot create hsr debugfs directory
[  560.571404][ T8977] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  560.682779][T11256] loop2: detected capacity change from 0 to 32768
[  560.699234][T11256] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1261 (11256)
[  560.747291][T11256] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  560.766073][T10930] 8021q: adding VLAN 0 to HW filter on device team0
[  560.796061][T11256] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  560.856773][T11256] BTRFS info (device loop2): using free-space-tree
[  560.901863][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  560.909080][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  561.055645][ T2529] bridge0: port 2(bridge_slave_1) entered blocking state
[  561.062848][ T2529] bridge0: port 2(bridge_slave_1) entered forwarding state
[  561.147731][   T46] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  561.159752][T11292] loop1: detected capacity change from 0 to 2048
[  561.194505][T11292] EXT4-fs: Invalid want_extra_isize 7
[  561.368175][   T46] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  561.449392][   T46] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  561.516658][   T46] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  561.892727][   T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  561.994468][T11299] nbd1: detected capacity change from 0 to 12
[  562.057289][ T5109] block nbd1: Send control failed (result -89)
[  562.070080][T11303] block nbd1: NBD_DISCONNECT
[  562.071045][   T46] usb 1-1: config 0 descriptor??
[  562.082495][ T5109] block nbd1: Request send failed, requeueing
[  562.105797][ T5109] block nbd1: Disconnected due to user request.
[  562.121924][   T42] blk_print_req_error: 60 callbacks suppressed
[  562.121942][   T42] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  562.143096][   T42] buffer_io_error: 60 callbacks suppressed
[  562.143112][   T42] Buffer I/O error on dev nbd1, logical block 0, async page read
[  562.157968][ T5109] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  562.158427][T11303] block nbd1: Send disconnect failed -89
[  562.167212][ T5109] Buffer I/O error on dev nbd1, logical block 0, async page read
[  562.184340][ T5109] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  562.194232][ T5109] Buffer I/O error on dev nbd1, logical block 0, async page read
[  562.202627][ T5109] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  562.212682][ T5109] Buffer I/O error on dev nbd1, logical block 0, async page read
[  562.220892][ T5109] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  562.230825][ T5109] Buffer I/O error on dev nbd1, logical block 0, async page read
[  562.239261][ T5109] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  562.249818][ T5109] Buffer I/O error on dev nbd1, logical block 0, async page read
[  562.258140][ T5109] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  562.267369][ T5109] Buffer I/O error on dev nbd1, logical block 0, async page read
[  562.275968][ T5109] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  562.286810][ T5109] Buffer I/O error on dev nbd1, logical block 0, async page read
[  562.303478][ T5109] ldm_validate_partition_table(): Disk read failed.
[  562.310873][ T5109] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  562.320575][ T5109] Buffer I/O error on dev nbd1, logical block 0, async page read
[  562.329166][ T5109] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  562.338967][ T5109] Buffer I/O error on dev nbd1, logical block 0, async page read
[  562.348155][ T5109] Dev nbd1: unable to read RDB block 0
[  562.364240][ T5109]  nbd1: unable to read partition table
[  562.378310][ T5109] nbd1: partition table beyond EOD, truncated
[  562.506188][   T46] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0
[  562.523483][   T46] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0
[  562.544972][   T46] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0004/input/input16
[  562.575376][   T46] cm6533_jd 0003:0D8C:0022.0004: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0
[  562.585463][T11128] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  562.612879][T10930] 8021q: adding VLAN 0 to HW filter on device batadv0
[  562.623952][T11128] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  562.659982][T11128] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  562.682534][T11128] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  562.732386][   T58] usb 1-1: USB disconnect, device number 37
[  562.879851][T10930] veth0_vlan: entered promiscuous mode
[  562.908192][   T29] audit: type=1326 audit(1720145283.797:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11314 comm="syz.1.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc468d75bd9 code=0x7ffc0000
[  562.935763][T10930] veth1_vlan: entered promiscuous mode
[  562.984475][T11317] input: syz0 as /devices/virtual/input/input17
[  563.021837][   T29] audit: type=1326 audit(1720145283.797:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11314 comm="syz.1.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc468d75bd9 code=0x7ffc0000
[  563.159858][   T29] audit: type=1326 audit(1720145283.847:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11314 comm="syz.1.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7fc468d75bd9 code=0x7ffc0000
[  563.179736][ T9593] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  563.209487][T10930] veth0_macvtap: entered promiscuous mode
[  563.245027][T10930] veth1_macvtap: entered promiscuous mode
[  563.266588][   T29] audit: type=1326 audit(1720145283.847:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11314 comm="syz.1.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc468d75bd9 code=0x7ffc0000
[  563.345159][   T29] audit: type=1326 audit(1720145283.847:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11314 comm="syz.1.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc468d75bd9 code=0x7ffc0000
[  563.345188][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[  563.388488][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[  563.457641][   T29] audit: type=1326 audit(1720145283.847:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11314 comm="syz.1.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc468d75bd9 code=0x7ffc0000
[  563.482371][T11128] 8021q: adding VLAN 0 to HW filter on device bond0
[  563.598634][T11128] 8021q: adding VLAN 0 to HW filter on device team0
[  563.617648][   T29] audit: type=1326 audit(1720145283.847:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11314 comm="syz.1.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc468d75bd9 code=0x7ffc0000
[  563.652479][ T2529] bridge0: port 1(bridge_slave_0) entered blocking state
[  563.659689][ T2529] bridge0: port 1(bridge_slave_0) entered forwarding state
[  563.703821][T10930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  563.727848][   T29] audit: type=1326 audit(1720145283.847:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11314 comm="syz.1.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc468d75bd9 code=0x7ffc0000
[  563.740156][T10930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  563.796466][T10930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  563.807096][   T29] audit: type=1326 audit(1720145283.847:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11314 comm="syz.1.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc468d75bd9 code=0x7ffc0000
[  563.807144][   T29] audit: type=1326 audit(1720145283.847:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11314 comm="syz.1.1269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc468d75bd9 code=0x7ffc0000
[  563.862766][T10930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  563.889258][T10930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  563.942144][T10930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  563.999142][T10930] batman_adv: batadv0: Interface activated: batadv_slave_0
[  564.192000][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  564.199269][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  564.505718][T10930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  564.747152][T10930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  564.878655][T10930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  564.967691][T10930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  565.000955][T11338] UBIFS error (pid: 11338): cannot open "./file0", error -22
[  565.017671][T10930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  565.046220][T11342] loop2: detected capacity change from 0 to 2048
[  565.104975][T10930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  565.150229][T10930] batman_adv: batadv0: Interface activated: batadv_slave_1
[  565.217916][T10930] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  565.234505][T10930] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  565.244223][T10930] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  565.250088][T11346] loop1: detected capacity change from 0 to 2048
[  565.258428][T10930] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  565.314456][T11346] EXT4-fs: Invalid want_extra_isize 7
[  565.608443][ T2393] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  565.681059][ T2393] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  565.718081][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  565.741486][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  566.507142][ T5186] ==================================================================
[  566.515246][ T5186] BUG: KASAN: slab-use-after-free in nf_tables_trans_destroy_work+0x152b/0x1750
[  566.524303][ T5186] Read of size 2 at addr ffff88805ff185c4 by task kworker/1:6/5186
[  566.532204][ T5186] 
[  566.534544][ T5186] CPU: 1 UID: 0 PID: 5186 Comm: kworker/1:6 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0
[  566.544803][ T5186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  566.554872][ T5186] Workqueue: events nf_tables_trans_destroy_work
[  566.561228][ T5186] Call Trace:
[  566.564510][ T5186]  <TASK>
[  566.567445][ T5186]  dump_stack_lvl+0x241/0x360
[  566.572149][ T5186]  ? __pfx_dump_stack_lvl+0x10/0x10
[  566.577366][ T5186]  ? __pfx__printk+0x10/0x10
[  566.581967][ T5186]  ? _printk+0xd5/0x120
[  566.586133][ T5186]  ? __virt_addr_valid+0x183/0x530
[  566.591259][ T5186]  ? __virt_addr_valid+0x183/0x530
[  566.596390][ T5186]  print_report+0x169/0x550
[  566.600908][ T5186]  ? __virt_addr_valid+0x183/0x530
[  566.606035][ T5186]  ? __virt_addr_valid+0x183/0x530
[  566.611215][ T5186]  ? __virt_addr_valid+0x45f/0x530
[  566.616341][ T5186]  ? __phys_addr+0xba/0x170
[  566.620861][ T5186]  ? nf_tables_trans_destroy_work+0x152b/0x1750
[  566.627117][ T5186]  kasan_report+0x143/0x180
[  566.631635][ T5186]  ? nf_tables_trans_destroy_work+0x152b/0x1750
[  566.637896][ T5186]  nf_tables_trans_destroy_work+0x152b/0x1750
[  566.643980][ T5186]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  566.649980][ T5186]  ? __pfx_nf_tables_trans_destroy_work+0x10/0x10
[  566.656417][ T5186]  ? process_scheduled_works+0x9d4/0x1830
[  566.662160][ T5186]  ? process_scheduled_works+0x945/0x1830
[  566.667895][ T5186]  process_scheduled_works+0xa2c/0x1830
[  566.673471][ T5186]  ? __pfx_process_scheduled_works+0x10/0x10
[  566.679467][ T5186]  ? assign_work+0x364/0x3d0
[  566.684077][ T5186]  worker_thread+0x86d/0xd40
[  566.688687][ T5186]  ? __kthread_parkme+0x169/0x1d0
[  566.693732][ T5186]  ? __pfx_worker_thread+0x10/0x10
[  566.698869][ T5186]  kthread+0x2f0/0x390
[  566.703040][ T5186]  ? __pfx_worker_thread+0x10/0x10
[  566.708164][ T5186]  ? __pfx_kthread+0x10/0x10
[  566.712767][ T5186]  ret_from_fork+0x4b/0x80
[  566.717201][ T5186]  ? __pfx_kthread+0x10/0x10
[  566.721806][ T5186]  ret_from_fork_asm+0x1a/0x30
[  566.726590][ T5186]  </TASK>
[  566.729615][ T5186] 
[  566.731938][ T5186] Allocated by task 11360:
[  566.736353][ T5186]  kasan_save_track+0x3f/0x80
[  566.741043][ T5186]  __kasan_kmalloc+0x98/0xb0
[  566.745642][ T5186]  __kmalloc_cache_noprof+0x19c/0x2c0
[  566.751028][ T5186]  nf_tables_newtable+0x52e/0x1dc0
[  566.756150][ T5186]  nfnetlink_rcv+0x1427/0x2a90
[  566.760924][ T5186]  netlink_unicast+0x7f0/0x990
[  566.763448][T11356] block nbd1: shutting down sockets
[  566.765680][ T5186]  netlink_sendmsg+0x8e4/0xcb0
[  566.765702][ T5186]  __sock_sendmsg+0x221/0x270
[  566.780317][ T5186]  ____sys_sendmsg+0x525/0x7d0
[  566.785098][ T5186]  __sys_sendmsg+0x2b0/0x3a0
[  566.789706][ T5186]  do_syscall_64+0xf3/0x230
[  566.794226][ T5186]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  566.800159][ T5186] 
[  566.802516][ T5186] Freed by task 11350:
[  566.806589][ T5186]  kasan_save_track+0x3f/0x80
[  566.811364][ T5186]  kasan_save_free_info+0x40/0x50
[  566.816410][ T5186]  poison_slab_object+0xe0/0x150
[  566.821368][ T5186]  __kasan_slab_free+0x37/0x60
[  566.826151][ T5186]  kfree+0x149/0x360
[  566.830100][ T5186]  __nft_release_table+0xe80/0xf40
[  566.835234][ T5186]  nft_rcv_nl_event+0x55f/0x6d0
[  566.840100][ T5186]  notifier_call_chain+0x19f/0x3e0
[  566.845225][ T5186]  blocking_notifier_call_chain+0x69/0x90
[  566.850959][ T5186]  netlink_release+0x11a6/0x1b10
[  566.855903][ T5186]  sock_close+0xbc/0x240
[  566.860172][ T5186]  __fput+0x24a/0x8a0
[  566.864176][ T5186]  task_work_run+0x24f/0x310
[  566.868779][ T5186]  syscall_exit_to_user_mode+0x168/0x370
[  566.874431][ T5186]  do_syscall_64+0x100/0x230
[  566.879048][ T5186]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  566.884956][ T5186] 
[  566.887287][ T5186] Last potentially related work creation:
[  566.893004][ T5186]  kasan_save_stack+0x3f/0x60
[  566.897694][ T5186]  __kasan_record_aux_stack+0xac/0xc0
[  566.903086][ T5186]  insert_work+0x3e/0x330
[  566.907429][ T5186]  __queue_work+0xc16/0xee0
[  566.911948][ T5186]  queue_work_on+0x1c2/0x380
[  566.916552][ T5186]  rhltable_remove+0x1097/0x1160
[  566.916991][T11128] 8021q: adding VLAN 0 to HW filter on device batadv0
[  566.921489][ T5186]  __nft_release_table+0xc57/0xf40
[  566.921513][ T5186]  nft_rcv_nl_event+0x55f/0x6d0
[  566.921532][ T5186]  notifier_call_chain+0x19f/0x3e0
[  566.921552][ T5186]  blocking_notifier_call_chain+0x69/0x90
[  566.949052][ T5186]  netlink_release+0x11a6/0x1b10
[  566.954005][ T5186]  sock_close+0xbc/0x240
[  566.958270][ T5186]  __fput+0x24a/0x8a0
[  566.962267][ T5186]  task_work_run+0x24f/0x310
[  566.966868][ T5186]  syscall_exit_to_user_mode+0x168/0x370
[  566.972518][ T5186]  do_syscall_64+0x100/0x230
[  566.977116][ T5186]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  566.983031][ T5186] 
[  566.985356][ T5186] The buggy address belongs to the object at ffff88805ff18400
[  566.985356][ T5186]  which belongs to the cache kmalloc-cg-512 of size 512
[  566.999677][ T5186] The buggy address is located 452 bytes inside of
[  566.999677][ T5186]  freed 512-byte region [ffff88805ff18400, ffff88805ff18600)
[  567.013751][ T5186] 
[  567.016092][ T5186] The buggy address belongs to the physical page:
[  567.022514][ T5186] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ff18
[  567.031287][ T5186] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  567.039798][ T5186] memcg:ffff88802cd3da01
[  567.044044][ T5186] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  567.051608][ T5186] page_type: 0xfdffffff(slab)
[  567.056298][ T5186] raw: 00fff00000000040 ffff88801504f140 dead000000000100 dead000000000122
[  567.064894][ T5186] raw: 0000000000000000 0000000080100010 00000001fdffffff ffff88802cd3da01
[  567.073491][ T5186] head: 00fff00000000040 ffff88801504f140 dead000000000100 dead000000000122
[  567.082179][ T5186] head: 0000000000000000 0000000080100010 00000001fdffffff ffff88802cd3da01
[  567.090866][ T5186] head: 00fff00000000002 ffffea00017fc601 ffffffffffffffff 0000000000000000
[  567.099549][ T5186] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[  567.108306][ T5186] page dumped because: kasan: bad access detected
[  567.114736][ T5186] page_owner tracks the page as allocated
[  567.120451][ T5186] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 7610, tgid 7609 (syz.3.548), ts 277914162817, free_ts 277341215851
[  567.143124][ T5186]  post_alloc_hook+0x1f3/0x230
[  567.147909][ T5186]  get_page_from_freelist+0x2ccb/0x2d80
[  567.153480][ T5186]  __alloc_pages_noprof+0x256/0x6c0
[  567.158697][ T5186]  alloc_slab_page+0x5f/0x120
[  567.163456][ T5186]  allocate_slab+0x5a/0x2f0
[  567.167994][ T5186]  ___slab_alloc+0xcd1/0x14b0
[  567.172688][ T5186]  __slab_alloc+0x58/0xa0
[  567.177036][ T5186]  __kmalloc_cache_noprof+0x1d5/0x2c0
[  567.182428][ T5186]  alloc_fs_context+0x63/0x800
[  567.187210][ T5186]  do_new_mount+0x160/0xb40
[  567.191728][ T5186]  __se_sys_mount+0x2d6/0x3c0
[  567.196427][ T5186]  do_syscall_64+0xf3/0x230
[  567.200944][ T5186]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.206856][ T5186] page last free pid 5109 tgid 5109 stack trace:
[  567.213210][ T5186]  free_unref_page+0xd22/0xea0
[  567.217993][ T5186]  __put_partials+0xeb/0x130
[  567.222597][ T5186]  put_cpu_partial+0x17c/0x250
[  567.227375][ T5186]  __slab_free+0x2ea/0x3d0
[  567.231803][ T5186]  qlist_free_all+0x9e/0x140
[  567.236403][ T5186]  kasan_quarantine_reduce+0x14f/0x170
[  567.241878][ T5186]  __kasan_slab_alloc+0x23/0x80
[  567.246742][ T5186]  __kmalloc_noprof+0x1a6/0x400
[  567.251608][ T5186]  tomoyo_encode+0x26f/0x540
[  567.256213][ T5186]  tomoyo_path_perm+0x3ca/0x740
[  567.261074][ T5186]  tomoyo_path_symlink+0xde/0x120
[  567.266120][ T5186]  security_path_symlink+0xe3/0x140
[  567.271342][ T5186]  do_symlinkat+0x136/0x3a0
[  567.275856][ T5186]  __x64_sys_symlink+0x7a/0x90
[  567.280631][ T5186]  do_syscall_64+0xf3/0x230
[  567.285154][ T5186]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.291067][ T5186] 
[  567.293399][ T5186] Memory state around the buggy address:
[  567.299040][ T5186]  ffff88805ff18480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  567.307112][ T5186]  ffff88805ff18500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  567.315192][ T5186] >ffff88805ff18580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  567.323270][ T5186]                                            ^
[  567.329434][ T5186]  ffff88805ff18600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  567.337514][ T5186]  ffff88805ff18680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  567.345588][ T5186] ==================================================================
[  567.383567][ T5186] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  567.390831][ T5186] CPU: 1 UID: 0 PID: 5186 Comm: kworker/1:6 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0
[  567.401093][ T5186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  567.411208][ T5186] Workqueue: events nf_tables_trans_destroy_work
[  567.417572][ T5186] Call Trace:
[  567.420955][ T5186]  <TASK>
[  567.423899][ T5186]  dump_stack_lvl+0x241/0x360
[  567.428605][ T5186]  ? __pfx_dump_stack_lvl+0x10/0x10
[  567.433836][ T5186]  ? __pfx__printk+0x10/0x10
[  567.438449][ T5186]  ? preempt_schedule+0xe1/0xf0
[  567.443318][ T5186]  ? vscnprintf+0x5d/0x90
[  567.447661][ T5186]  panic+0x349/0x870
[  567.451576][ T5186]  ? check_panic_on_warn+0x21/0xb0
[  567.456708][ T5186]  ? __pfx_panic+0x10/0x10
[  567.461232][ T5186]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  567.467228][ T5186]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  567.473567][ T5186]  ? print_report+0x502/0x550
[  567.478261][ T5186]  check_panic_on_warn+0x86/0xb0
[  567.483221][ T5186]  ? nf_tables_trans_destroy_work+0x152b/0x1750
[  567.489480][ T5186]  end_report+0x77/0x160
[  567.493737][ T5186]  kasan_report+0x154/0x180
[  567.498250][ T5186]  ? nf_tables_trans_destroy_work+0x152b/0x1750
[  567.504490][ T5186]  nf_tables_trans_destroy_work+0x152b/0x1750
[  567.510549][ T5186]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  567.516524][ T5186]  ? __pfx_nf_tables_trans_destroy_work+0x10/0x10
[  567.522932][ T5186]  ? process_scheduled_works+0x9d4/0x1830
[  567.528643][ T5186]  ? process_scheduled_works+0x945/0x1830
[  567.534348][ T5186]  process_scheduled_works+0xa2c/0x1830
[  567.539893][ T5186]  ? __pfx_process_scheduled_works+0x10/0x10
[  567.545865][ T5186]  ? assign_work+0x364/0x3d0
[  567.550449][ T5186]  worker_thread+0x86d/0xd40
[  567.555034][ T5186]  ? __kthread_parkme+0x169/0x1d0
[  567.560050][ T5186]  ? __pfx_worker_thread+0x10/0x10
[  567.565148][ T5186]  kthread+0x2f0/0x390
[  567.569208][ T5186]  ? __pfx_worker_thread+0x10/0x10
[  567.574305][ T5186]  ? __pfx_kthread+0x10/0x10
[  567.578885][ T5186]  ret_from_fork+0x4b/0x80
[  567.583310][ T5186]  ? __pfx_kthread+0x10/0x10
[  567.587896][ T5186]  ret_from_fork_asm+0x1a/0x30
[  567.592662][ T5186]  </TASK>
[  567.595977][ T5186] Kernel Offset: disabled
[  567.600290][ T5186] Rebooting in 86400 seconds..