last executing test programs:

3m16.966358157s ago: executing program 1 (id=1376):
r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r0, 0x3b87, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = socket$inet6(0xa, 0x3, 0x7)
clock_adjtime(0x0, &(0x7f0000000380)={0x3ff, 0x8, 0x4101, 0x4000000000000b, 0x0, 0xf423f, 0x400000400, 0x80000000000a, 0x6, 0x100, 0x7, 0x0, 0x1, 0x81, 0x9f, 0x2, 0xfffffffffffffffc, 0x6, 0x1ff, 0x9, 0x8001, 0x3, 0x0, 0x3, 0x72a3, 0xe})
setsockopt$inet6_int(r1, 0x29, 0x4b, &(0x7f0000000000)=0x2, 0x4)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000280)=0x10, 0x4)
sendmmsg$inet6(r1, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x1, 0x0)
recvfrom$inet6(r1, 0x0, 0x0, 0x10000, &(0x7f0000000040)={0xa, 0x4e21, 0x9, @local, 0x6ee}, 0x1c)

3m16.025748633s ago: executing program 1 (id=1385):
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
close(0x3)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={<r3=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={<r4=>r3, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r1, &(0x7f0000001c00)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=[@sndrcv={0x30, 0x84, 0x1, {0xb, 0xc2, 0x5, 0x5, 0x83, 0x0, 0x467b7286, 0x200, r4}}], 0x30, 0x4001}], 0x1, 0x11)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x8, 0xfff}, 0x8)

3m15.939751557s ago: executing program 1 (id=1386):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r3, 0x1000)
ftruncate(r3, 0xc17a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f00000001c0)="2e0f01c866b9800000c00f326635000400000f300f20e06635800000000f22e0360fc77df3ff9e0000f2d99806000fa7c0b800008ed866db440026da02", 0x3d}], 0x1, 0x51, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000005700)=@vmx={0x0, 0x0, 0x2080, {}, {'\x00', "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c955000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000"}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3m15.712645359s ago: executing program 1 (id=1388):
socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x4, 0x0, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000400)='./file0\x00', &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x219d88b, 0x0)
mount$bind(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x10a78c0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
umount2(&(0x7f0000000080)='./file0/file0\x00', 0x1)

3m15.476703371s ago: executing program 1 (id=1392):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x48)
close(0x3)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0xba7e}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r1, &(0x7f0000000280), &(0x7f0000000000)=""/3, 0x2}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000100000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4)
sendmsg$unix(r4, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)

3m15.169593196s ago: executing program 1 (id=1393):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000000), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x10, 0x0, @vifc_lcl_ifindex, @remote}, 0x10)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000280)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae"}, 0x3c)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000040)=0x6, 0x4)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x1}, 0x10)
write(r1, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000000000000000800040001000000", 0x24)
recvmmsg$unix(r1, &(0x7f0000000040), 0x4000000000002ac, 0x0, 0x0)

3m14.771401555s ago: executing program 32 (id=1393):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000000), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x10, 0x0, @vifc_lcl_ifindex, @remote}, 0x10)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000280)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae"}, 0x3c)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000040)=0x6, 0x4)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x1}, 0x10)
write(r1, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000000000000000800040001000000", 0x24)
recvmmsg$unix(r1, &(0x7f0000000040), 0x4000000000002ac, 0x0, 0x0)

1m21.85199016s ago: executing program 3 (id=2176):
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x2010410, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000340)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events.local\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.bfq.sectors\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)

1m21.04510019s ago: executing program 3 (id=2184):
socket$inet6_udp(0xa, 0x2, 0x0)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000240)='./file0\x00', 0x2000085c, &(0x7f00000007c0)=ANY=[@ANYBLOB='iocharset=ascii,discard,dmask=00000000000000000000007,uid=', @ANYRESDEC=0x0, @ANYBLOB=',discard,\x00', @ANYRESDEC=0x0, @ANYRESOCT=0x0, @ANYBLOB="dd812246da16e3f3744109adecbf790b293943c866e410686871297a5f0d7ae82908f6ba144c43d8299b393f0bf8d5ce774794f45e41d2baac5bb21da7bfa7953e1b99f77929f7a4f3069219c59678f7fd86f2371cd5238783f37d25cfb853f3330632288112a663e0547534d398a77ef57503cb1b1b2548726354308bb8723bedc0c1997f043d9ff1745bc4f980882eb24cce51c0f9e6cfac5596d0013f775910ea2f18d46216b9ecd3508b347cf690c1db6bd77bff73e719be2d22b0bc374048d493bb3262859982a98b7f523ea4e8044ab6de9cdbee0cc9540eb8f06aa7b239e62bc6fab71a2ca0ff472263f9fcca9c45", @ANYRESOCT, @ANYRESHEX, @ANYRES32, @ANYRESHEX], 0xc1, 0x151a, &(0x7f0000002a80)="$eJzs3AuYjtX6MPB1r7UexjTpbZLDsO51P7xpsEyS5JCQQ5IkSZJTQtIkSUJiyClpSEKOk+QwhOQwjUnjfD7knDTZ0iRJSEiyvku7/2fvr713//3V9/m+Pffvuhbrnue97/d+3nuueZ/nva6Zb3qOqteifu1mRCT+EPjrfylCiBghxDAhxDVCiEAIUSm+Uvyl4wUUpPyxJ2F/rgfTr3QH7Eri+edtPP+8jeeft/H88zaef97G88/beP55G8+fsbxs+5xi1/LKu+sKf/7v4Y89K/tD+P3/P0hu+clfbCx/fa9/I4Xnn7fx/PM2nn/exvPP23j+eRvP/z9frX9xjOeft/H8GcvLrvTnz/8frZhfX7Ir3cefuq7wtx9jjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsTzinL9MCyH+a3+l+2KMMcYYY4wxxtifx+e/0h0wxhhjjDHGGGPs/zwQUiihRSDyifwiRhQQseIqESeuFgXFNSIirhXx4jpRSFwvCosioqgoJhJEcVFCGIHCChKhKClKiai4QZQWN4pEUUaUFeWEE+VFkrhJVBA3i4riFlFJ3Coqi9tEFVFVVBPVxe2ihrhD1BS1RG1xp6gj6op6or64SzQQd4uG4h7RSNwrGov7RBNxv2gqHhDNxIOiuXhItBAPi5biEdFKtBZtRFvR7n8r/wXRV7wo+on+IkUMEAPFS2KQGCyGiKFimHhZDBeviBHiVZEqRopR4jUxWrwuxog3xFgxTowXb4oJYqKYJCaLKWKqSBNviWnibTFdvCNmiJlilpgt0sUcMVe8K+aJ+WKBeE8sFO+LRWKxWCKWigzxgcgUy0SW+FAsFx+JbLFCrBSrxGqxRqwV68R6sUFsFJvEZrFFbBXbxHbxsdghdopdYrfYI/aKfeITsV98Kg6Iz0SO+PzfzD/7v+T3AgECJEjQoCEf5IMYiIFYiIU4iIOCUBAiEIF4iIdCUAgKQ2EoCkUhARKgBJQABAQCgpJQEqIQhdJQGhIhEcpCWXDgIAmSoALcDBWhIlSCSlAZKkMVqApVoTpUhxpQA2pCTagNtaEO1IF6UA/ugrvgbmgIDaERNILG0BiaQBNoCk2hGTSD5tAcWkALaAktoRW0gjbQBtpBO2gP7aEDdIBO0Ak6Q2foAl0gGZKhK3SFbtANukN36AE9oCf0hF7QG3rDC/ACvAgvQn+oIwfAQBgIg2AQDIGhMBRehuHwCrwCr0IqjIRR8Bq8Bq/DGDgDY2EcjIfxUENOhEkwGUhOhTRIg2kwDabDdJgBM2EmzIZ0mANzYS7Mg/kwH96DhfD+ufdhMSyGpZABGZAJyyALsmA5nIVsWAErYRWshjWwGtbBelgHG2ETbIQtsAW2wTb4GD6GnbATdsNu2At74RP4BD6FTyEVciAHDsJBOASH4DAchlzIhSNwBI7CUTgGx+A4HIcTcBJOwUk4DafhDJyFc3AOzsN5uADPJXzVfG+ZDalCXqKllvlkPhkjY2SsjJVxMk4WlAVlREZkvIyXhWQhWVgWlkVlUZkgE2QJWUKiREkylCVlSRmVUVlalpaJMlGWlWWlk04mySRZQVaQFWVFWUneKivL22QVWVV2dNVldVlDdnI1ZS1ZW9aWdWRdWU/Wl/VlA9lANpQNZSPZSDaWjWUTeb9sKgfAEHhQXppMCzkSWspR0Eq2lm1kW/k6PCrbyzHQQXaUneTjchyMhS6yvUuWT8muchJ0k8/IyfCs7CGnQk/5vOwle8s+8gXZV3Zw/WR/OQMGyIFyNgySg+UQOVTOg7ry0sTqyVdlqhwpR8nX5FJ4XY6Rb8ixcpwcL9+UE+REOUlOllPkVJkm35LT5NtyunxHzpAz5Sw5W6bLOXKufFfOk/PlAvmeXCjfl4vkYrlELpUZ8gOZKZfJLPmhXC4/ktlyhVwpV8nVco1cK9fJ9XKD3Cg3yc1yi9wqt8nt8mO5Q+6Uu+RuuUfulfvkJ3K//FQekJ/JHPm5PCj/Ig/JL+Rh+aXMlV/JI/JreVR+I4/Jb+Vx+Z08IU/KU/J7eVr+IM/Is/Kc/FGelz/JC/JneVF6KRQoqZTSKlD5VH4VowqoWHWVilNXq4LqGhVR16p4dZ0qpK5XhVURVVQVUwmquCqhjEJlFalQlVSlVFTdoEqrG1WiKqPKqnLKqfIqSd2kKqibVUV1i6qkblWV1W2qiqqqqqnq6nZVQ92haqpaqra6U9VRdVU9VV/dpRqou1VDdY9qpO5VjdV9qom6XzVVD6hm6kHVXD2kWqiHVUv1iGqlWqs2qq1qpx5V7dVjqoPqqDqpx1Vn9YTqop5Uyeop1VU9rbqpZ1R39azqoZ5TPdXzqpfqrfqon9VF5VU/1V+lqAFqoHpJDVKD1RA1VA1TL6vh6hU1Qr2qUtVINUq9pkar19UY9YYaq8ap8epNNUFNVJPUZDVFTVVp6i01Tb2tpqt31Aw1U81Ss1W6mqOG/FppwX8j/+1/kD/il2ffprarj9UOtVPtUrvVHrVX7VP71H61Xx1QB1SOylEH1UF1SB1Sh9Vhlaty1RF1RB1VR9UxdUwdV8fVCXVS/ai+V6fVD+qMOqvOqh/VeXVeXfj1NRAatNRKax3ofDq/jtEFdKy+Ssfpq3VBfY2O6Gt1vL5OF9LX68K6iC6qi+kEXVyX0Eajtpp0qEvqUjqqb9Cl9Y06UZfRZXU57XR5naRv+sP5v9dfO91Ot9ftdQfdQXfSnXRn3Vl30V10sk7WXXVX3U130911d91D99A9dU/dS/fSfXQf3Vf31f10P52iU/RA/ZIepAfrIXqoHqZf1sP1cD1Cj9CpOlWP0qP0aD1aj9Fj9Fg9Vo/X4/UEPUFP0pP0FD1Fp+k0PU1P09P1dD1Dz9Cz9CydrtP1XD1Xz9Pz9AK9QC/UC/UivUgv0Ut0hs7QmTpTZ+ksvVwv19l6hV6hV+lVeo1eo9fpdXqD3qA36U16i96is/V2vV3v0Dv0Lr1L79F79D69T+/X+/UBfUDn6Bx9UB/Uh/QhfVgf1rk6Vx/RR/RRfVQf08f0cX1cn9An9Cl9Sp/Wp/UZfUaf0+f0eX1eX9AX9EV98dJlXyADGehAB/mCfEFMEBPEBrFBXBAXFAwKBpEgEsQH8UGh4PqgcFAkKBoUCxKC4kGJwAQY2ICCMCgZlAqiwQ1B6eDGIDEoE5QNygUuKB8kBTcFFYKbg4rBLUGl4NagcnBbUCWoGlQLqge3BzWCO4KaQa2gdnBnUCeoG9QL6gdVJ/71mvSeoFFwb9A4uC9oEtwfNA0eCJoFDwbNg4eCFsHDQcvgkaBV0DpoE7QN2v1b9e8KGgR3Bw2Df1bf+zNFHnP9TH+TYgaYgeYlM8gMNkPMUDPMvGyGm1fMCPOqSTUjzSjzmhltXjdjzBtmrBlnxps3zQQz0Uwyk80UM9WkmbfMNPO2mW7eMTPMTDPLzDbpZo6Za94188x8s8C8Zxaa980is9gsMUtNhvnAZJplJst8aJabj0y2WWFWmlVmtVlj1pp1Zr3ZYDaaTWaz2WK2mm1mu/nY7DA7zS6z2+wxe80+84nZbz41B8xnJsd8bg6av5hD5gtz2Hxpcs1X5oj52hw135hj5ltz3HxnTpiT5pT53pw2P5gz5qw5Z340581P5oL52Vw0/tLF/aW3d9SoMR/mwxiMwViMxTiMw4JYECMYwXiMx0JYCAtjYSyKRTEBE7AElsBLCAlLYkmMYhRLY2lMxEQsi2XRocMkTMIKWAErYkWshJWwMlbGKlgFq2E1vB1vxzvwDqyFtfBOvBPrYl2sj/WxATbAhtgQG2EjbIyNsQk2wabYFJthM2yOzbEFtsCW2BJbYStsg22wHbbD9tgeO2AH7ISdsDN2xi7YBZMxGbtiV+yG3bA7dsce2AN7Yk/shb2wD/bBvtgX+2E/TMEUHIgDcRAOwiE4BIfhMByOw3EEjsBUTMVROApH42gcg2NwLI7D8fgmTsCJOAkn4xScimmYhtNwGk7H6TgDZ+AsnIXpmI5zcS7Ow3m4ABfgQlyIi3ARLsElmIEZmImZmIVZuByXYzZm40pciatxNa7Ftbge1+NG3IibcTNuxa24HbfjDtyBu3AX7sE9uA/34X7cjwfwAOZgDh7Eg3gID+FhPIy5mItH8AgexaN4DI/hcTyOJ/AEnsJTeBpP4xk8g+fwHJ7Hn/AC/owX0WOMlSLWXmXj7NW2oL3GxtgC9m/joraYTbDFbQlrbGFb5O9itNYm2jK2rC1nnS1vk+xNv4mr2Kq2mq1ub7c17B225m/iBvZu29DeYxvZe219e9ffxY3tfbaJfdg2tY/YZra1bW7b2hb2YdvSPmJb2da2jW1rO9snbBf7pE22T9mu9unfxJl2mV1vN9iNdpPdbz+15+yP9qj9xp63P9l+tr8dZl+2w+0rdoR91abakb+Jx9s37QQ70U6yk+0UO/U38Sw726bbOXaufdfOs/N/E2fYD+xCm2UX2cV2iV36S3yppyz7oV1uP7LZdoVdaVfZ1XaNXWvX/c9eV9ktdqvdZvfZT+wOu9PusrvtHrv3l/jSeRywn9kc+7k9Yr+2h+wX9rA9ZnPtV7/El87vmP3WHrff2RP2pD1lv7en7Q/2jD37y/lfOvfv7c/2ovVWEJAkRZoCykf5KYYKUCxdRXF0NRWkayhC11I8XUeF6HoqTEWoKBWjBCpOJcgQkiWikEpSKYrSDVSabqREKkNlqRw5Kk9JdBNVoJupIt1ClehWqky3URWqStWoOt1ONegOqkm1qDbdSXWoLtWj+nQXNaC7qSHdQ43oXmpM91ETup+a0gPUjB6k5vQQtaCHqSU9Qq2oNbWhttSOHqX29Bh1oI7UiR6nzvQEdaEnKZmeoq70NHWjZ6g7PUs96DnqSc9TL+pNfegF6ksvUj/qTyk0gAbSSzSIBtMQGkrD6GUaTq/QCHqVUmkkjaLXaDS9TmPoDRpL42g8vUkTaCJNosk0haZSGr1F0+htmk7v0AyaSbNoNqXTHJpL79I8mk8L6D1aSO/TIlpMS2gpZdAHlEnLKIs+pOX0EWXTClpJq2g1raG1tI7W0wbaSJtoM22hrbSNttPHtIN20i7aTXtoL+2jT2g/fUoH6DPKoc/pIP2FDtEXdJi+pFz6io7Q13SUvqFj9C0dp+/oBJ2kU/Q9naYf6AydpXP0I52nn+gC/UwXyZMIIZShCnUYhPnC/GFMWCCMDa8K48Krw4LhNWEkvDaMD68LC4XXh4XDImHRsFiYEBYPS4QmxNCGFIZhybBUGA1vCEuHN4aJYZmwbFgudGH5MCm8KawQ3hxWDG8JK4W3hpXD28IqYdXw4Xurh7eHNcI7wpphrbB2eGdYJ6wb1gvrh3eFDcK7w4bhPWGj8N6wYnhf2CS8P2waPhA2Cx8Mm4cPhS3Ch8OW4SNhq7B12CZsG7YLHw3bh4+FHcKOYafw8bBz+ETYJXwyTA6fCruGT//u8ZRwQDgwfCl8KfT+HrUkujSaEf0gmhldFs2KfhhdHv0omh1dEV0ZXRVdHV0TXRtdF10f3RDdGN0U3RzdEt0a3Rb1vn5+4cBJp5x2gcvn8rsYV8DFuqtcnLvaFXTXuIi71sW761whd70r7Iq4oq6YS3DFXQlnHDrryIWupCvlou4GV9rd6BJdGVfWlXPOlXdJrq1r59q59u4x18F1dJ3c4+5x94R7wj3pnnRPua7uadfNPeO6u2ddD/ece84973q53q6Pe8H1dS+6fq6/S3EpbqAb6Aa5QW6IG+KGuWFuuBvuRrgRLtWlulFulBvtRrsxbowb68a68W68m+AmuElukpviprg0l+amuWluupvuZrgZbpab5dJdupvr5rp5bp5b4Ba4hYkL3SK3yC1xS1yGy3CZLtNluSy33C132S7brXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e1wO9wut8vtcXvcPrfP7Xf73QF3wOW4HHfQHXSH3CF32H3pct1X7oj72h1137hj7lt33H3nTriT7pT73p12P7gz7qw75350591P7oL72V103qVF3opMi7wdmR55JzIjMjMyKzI7kh6ZE5kbeTcyLzI/siDyXmRh5P3IosjiyJLI0khG5INIZmRZJCvyYWR55KNIdmRFZGVkVWR1ZE3E++I7Ql/Sl/JRf4Mv7W/0ib6ML+vLeefL+yR/k6/gb/YV/S2+kr/VV/a3+Sq+qq/mH/GtfGvfxrf17fyjvr1/zHfwHX0n/7jv7J/wXfyTPtk/5bv6p303/4zv7p/1Pfxzvqd/3vfyvX0f/4Lv61/0/Xx/n+IH+IH+JT/ID/ZD/FA/zL/sh/tX/Aj/qk/1I/0o/5of7V/3Y/wbfqwf58f7N/0EP9FP8pP9FD/Vp/m3/DT/tp/u3/Ez/Ew/y8/26X6On+vf9fP8fL/Av+cX+vf9Ir/YL/FLfYb/wGf6ZT7Lf+iX+498tl/hV/pVfrVf49f6dX693+A3+k1+s9/it/ptfrv/2O/wO/0uv9vv8Xv9Pv+J3+8/9Qf8Zz7Hf+4P+r/4Q/4Lf9h/6XP9V/6I/9of9d/4Y/5bf9x/50/4k/6U/96f9j/4M/6sP+d/9Of9T/6C/9lf5N9ZY4wxxhj7b9la+F8fH/APviZ/XZcMFEJcvbNY7t8eV0KIzb/WHSwTOkeEEE/17/ngf606dVJSUn59bLYSQanFQojI5fx84nK84pd/k0VHUeEf9jdY9j5Pv1M/eqsQsX+TEyMuxytEJ/HEL/Vv/if1H318fGbl8Fz8v6i/WIjEUpdzCojL8eX6Ff9J/SLtf6f/Al+kCdHhb3LixOX4cv0k8Zh4WiT/3SMZY4wxxhhjjLG/Giyrdf+9++dL9+cJ+nJOfnE5vnz/+Y/vzxljjDHGGGOMMXblPdu7z5OPJid37M6bP7wB+H+iDd7w5k/YXOmfTIwxxhhjjLE/2+WL/ivdCWOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxlnf93/hzYlf6HBljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjLEr7X8EAAD//7MxObU=")
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1008402, &(0x7f0000000300)={[{@delalloc}, {@data_err_abort}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x4068}}, {@debug}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b2}}, {@data_err_ignore}, {@nouid32}, {@quota}, {@user_xattr}, {@noacl}, {@dioread_nolock}]}, 0x1, 0x55e, &(0x7f0000000440)="$eJzs3d9rW+UbAPDnpM1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLqMJh1rHbhduBtvZAgiDsR7vfdKhv+Af8VAB0NG0QtvKic9abs1adIuWzrz+cDZ3jfnJO95cs7z9n1zTkgAA2s0+6cQ8WJEfJVEHI6IJF83HPnK0dXtlh9en8qWJFZWPv4zaWyX1Zuv1XzewbzyQkT8+kXEycLmdmuLS7PlSiWdz+tj9bkrY7XFpVOX5soz6Ux6eWJy8sybkxPvvP1Wz2J97fzf33509/0zXx5f/uan+0duJ3E2DuXrNsbxBG5srIzGaP6eFOPsYxuOr/7XizZ3haTfO8CODOV5XoysDzgcQ3nWA/99n0fECjCgEvkPA6o5DmjO7Xs0D35uPHhvdQK0Of7h1c9GYl9jbnRgOXlkZpTNd0d60H7Wxs9/3LmdLdG7zyEAOrpxMyJODw9v7v+SvP/budNdbPN4G/o/eHbuZuOf11uNfwpr459oMf452CJ3d6Jz/hfu96CZtrLx37stx79rF61GhvLa/xpjvmJy8VIlzfq2/0fEiSjuzerjW7RxZvneSrt1G8d/2ZK13xwL5vtxf3jvo8+ZLtfLTxLzRg9uRrzUcvybrB3/pMXxz96P8122cSy980q7dZ3jf7pWfoh4teXxX7+ilWx9fXKscT6MNc+Kzf66dey3du33O/7s+B/YOv6RZOP12tr22/h+3z9pu3WPxB/dn/97kk8a5T35Y9fK9fr8eMSe5MPNj0+sP7dZb26fxX/i+Nb93/r5/8va6+yPiE+7jP/W0R9f3tdN/H06/tPbOv7bL9z74LPv2rXfXf/3RqN0In+km/6vw34VY8dnMwAAAAAAAOxehYg4FEmhtFYuFEql1fs7jsaBQqVaq5+8WF24PB2N78qORLHQvNJ9eMP9EOP5/bDN+sRj9cmIOBIRXw/tb9RLU9XKdL+DBwAAAAAAAAAAAAAAAAAAgF3iYJvv/2d+H+r33gFPnZ/8hsHVMf978UtPwK7k7z8MLvkPg0v+w+CS/zC45D8MLvkPg0v+w+CS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBT58+dy5aV5YfXp7L69NXFhdnq1VPTaW22NLcwVZqqzl8pzVSrM5W0NFWd6/R6lWr1yvhELFwbq6e1+lhtcenCXHXhcv3CpbnyTHohLT6TqAAAAAAAAAAAAAAAAAAAAOD5Ultcmi1XKum8gsKOCsO7YzcUelzod88EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOv+DQAA//8Kozfs")
r0 = openat(0xffffffffffffff9c, 0x0, 0x143142, 0x40)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r1, 0x0, 0x0, 0x9000)
pwritev2(r0, 0x0, 0x0, 0x5405, 0xfffffffe, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x8042, 0x0)
fcntl$setlease(r2, 0x400, 0x1)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)

1m20.542237294s ago: executing program 3 (id=2189):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$netlink(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000078000000030a01030000000000000000050000000900010073797a300000000008000540000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000140003007465616d5f736c6176655f3000000000080001400000000114"], 0xd4}}, 0x8818)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

1m17.890619025s ago: executing program 3 (id=2203):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
unshare(0x22020400)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

1m17.658778107s ago: executing program 3 (id=2205):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mkdir(&(0x7f0000000280)='./file0/file1\x00', 0xb)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(&(0x7f0000000400)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0)
mount$bind(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000180)='./file0/file1\x00', 0x0, 0x2243005, 0x0)
unshare(0x22020600)
chdir(&(0x7f0000000140)='./file0\x00')
umount2(&(0x7f0000000040)='.\x00', 0x2)

1m17.37913939s ago: executing program 3 (id=2208):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r0, &(0x7f0000000280)="07a55e9ee366", &(0x7f0000000300)=@udp6=r1}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r2, 0x8983, &(0x7f0000000080)={0x1, 'vlan0\x00', {}, 0x8000})

1m16.997088689s ago: executing program 33 (id=2208):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r0, &(0x7f0000000280)="07a55e9ee366", &(0x7f0000000300)=@udp6=r1}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r2, 0x8983, &(0x7f0000000080)={0x1, 'vlan0\x00', {}, 0x8000})

7.519332989s ago: executing program 5 (id=2574):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
munmap(&(0x7f000045e000/0x1000)=nil, 0x1000)
mremap(&(0x7f0000a11000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ba6000/0x2000)=nil)
munmap(&(0x7f0000e29000/0x1000)=nil, 0x1000)
mremap(&(0x7f0000289000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000c67000/0x3000)=nil)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x20})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000c00000/0x400000)=nil, 0x400000}, 0x3})
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000100)={&(0x7f0000d8a000/0x3000)=nil, 0x3000})
mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000fb0000/0x4000)=nil)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)

7.354841287s ago: executing program 5 (id=2577):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
listen(r0, 0x5)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
r2 = accept4$unix(r0, 0x0, 0x0, 0x0)
sendto$packet(r1, &(0x7f0000000600)="5f0efc3e1792a50972d2eb21bdff9ca4ac804c2847fe7bf05ddc63ff512d4074687760a5fbd1fc97772c6f5027dcea15b6658de3b024a6ea22baafb445bf8427c8055d00", 0xffffff3d, 0x0, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x3804, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x0, @remote}, 0x69, &(0x7f0000000400)=[{&(0x7f0000000240)="b9", 0x26892}], 0xbb}}], 0x2, 0x0)
recvmsg(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000003c0)=""/74, 0x4a}], 0x2d}, 0x10000)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x200000000000000)

7.065880881s ago: executing program 5 (id=2580):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x60200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
syz_usb_connect$uac2(0x2, 0x9f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201100300000008d118042d40000102030109028d00030101900e080b0101010b200009040000000101200009240106000a1500500c2403030703390208090080090401000001022000090401010101022000082402010303010210240103c101040000000801000080b70905010908000678010825010133040000090402000001022000090402010101022000090556d7fb6d6778ab999ceb7bb6"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$SIOCGETNODEID(0xffffffffffffffff, 0x89e1, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4.433924302s ago: executing program 0 (id=2585):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x2bc, &(0x7f0000000740)={0x0, 0xb1e9, 0x10100, 0x0, 0x100, 0x0, r1}, &(0x7f0000000080)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f0000000400)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x80800)
vmsplice(r6, &(0x7f0000000040)=[{&(0x7f0000000000)="e3", 0x1}], 0x1, 0x1)
fcntl$setpipe(r5, 0x407, 0x176)
vmsplice(r6, &(0x7f0000000240)=[{&(0x7f0000000a40)='5', 0x1}], 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

3.554170304s ago: executing program 5 (id=2587):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f00000002c0)='\x869\xbc\x1b!_u\xd6\xd4\xc3\xb1\xdf\xb8\xd5SA4\x83\xc6\nc\x8c\x12\\\xe4AH\xc6\x82\b\xc0\x10\xe7h\xd9\xf1\\\xf1cT\xe5\xcc\x9a\x8e|\x95\x19h\xfe\x16U\xbc\xccZW\xc0\xa5\xb4c\x1e\xba>\xd3S\f\x99\xa8b\xda; \xc2+\xb0\xfb]\xbaUnC\x02$\xe7\fzL\xd3\xe1\xd8\xa8\x00\x00\x00\x00\x00')
chdir(&(0x7f0000000080)='./file1\x00')
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000d40)=@newqdisc={0x3a8, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x378, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0x0, 0x1c}}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x65, 0x2, 0x3, 0x17, 0xd, 0x8, 0x2}}, @TCA_CHOKE_MAX_P={0x8, 0x3, 0x2}, @TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_STAB={0x104, 0x2, "dc542b4e237011fb38ddb228806571a8633206e26df63a43bbc516382325dedd79c1cf0a26379dfaf72cb5ab9ab7efe16f312ee9ab598d1ac0d7903ac69c51f1b6842ebecf00dec5deff737b59f0c1f0b57cc6c2b7b8c5b2c527aafa57222f4bd2355ccab39fa20d4033b6b687491532080101805feb9c6fa8a56a77186efcb394ce1a1cd7f2130835e3bf9e3ac25d0a102a808be13beb51f37da6d10046f131834545ee5013f43e41e91eb18a12c28540ab4106286e0f7568f6a9cd0c0da51df08e42848096b25d455ebec9adfd6e493d8c9725bc2d49bbbae0a5375b359f91d9dad20ed109ffbc52469cffd2cf5df7773f7a4c72ae167485315c326281efc4"}, @TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_STAB={0x104, 0x2, "a2a88faa7ec665a571a9ad3d1f9512e3c591df4a4554c6c2e2cc6cb4d9aee4579684743ad4888f1522a47ddaff3d4f9450d288e8559bc4f795aa0d1bc74d926038adb808cba6e90535b2eb8ba3e8ff927207d17a86b10d604e77a459df67e7f0c842d463ca5977b7e2eb55fbb9881d15633717817c735da52a1da7d64bb22e58550d8ee20883e41ec2f119a6a6364d68900c1cce4a3b3225a9ce9e1e00b444e9e7bcd10e1dec202ce7786aa7cf10d4dd6bbcee586d7903a6239ff90b49cd7fddb0c67ddab326cdb2d0fa48a783f691be9ebaa1243b21afd04a372650aa7eb46a2675cc67ae12d3b99c9acb4d9fb7c78081d269b443affd86eededd4867311221"}, @TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_STAB={0x104, 0x2, "554b956aa3fcfbc4a187baf0437163b5d33108db016465f92a93480d2c246d90f03741da6ee916f7c9917dbd81da67d6150151679559af8402b932745d19fbfbd679c133c4714565f91cd05790d990818bac85598b6a844cb2c2d277aaca9a88ee0e6a834ba02b4e549f11fb13e9fe33730c55997f2d3b7e6469210db81587fc522295f49a78f4e08ddfb01172b12a19b303a0c47fa3500cdc3e6725a79dcd3731c37083c3bbe73c43e7e2ea82c72986a1499c677c565ea1cfc874e7e978e4ebe8d338f0b37807d40333ee570133982998623ec809826f1009856a9d9d8e839c65d3ead78c6b3cb8f7beee8e59f19de93d06628a2cdfa4333d96882b96c36cc3"}]}}]}, 0x3a8}}, 0x0)

3.433187711s ago: executing program 0 (id=2589):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xdf}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$jfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x210004, &(0x7f00000000c0)={[{@usrquota}, {@errors_continue}, {@nodiscard}, {@nodiscard}, {@quota}, {@iocharset={'iocharset', 0x3d, 'cp852'}}, {@usrquota}, {@usrquota}, {@gid}]}, 0x3, 0x62b5, &(0x7f00000069c0)="$eJzs3UuPHFfZB/Cn+jYXv3GsLKK8FkKTxFxCiK/BGAIkWcCCDQvkLbI1mUQWDiDbICey8ESzYcGHACGxRIglKz5AFmzZ8QGwZCOBskqhmjlnXNPpdo/Hma4en99Pmql6+lRNn/K/qy+uqj4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMQPf/Djc1VEXPlVuuFExP9FP6IXsdLUaxGxsnYiLz+IiBdiuzmej4jhUkSz/vavZyNej4iPj0fcf3Bnvbn5/D778f0//+MPPzn2o7//aXjmv3+51X9j2nK3b//2P3+9+2TbDAAAAKWp67qu0sf8k+nzfa/rTgEAc5Ff/+sk365euHpzwfqjVqvV6iNYt9WT3W0XEbHZXqd5z+BwPAAcMZvxSdddoEPyL9ogIo513QlgoVVdd4BDcf/BnfUq5Vu1Xw/WdtrzuSB78t+sdq/vmDadZfwck3k9vraiH89N6c/KnPqwSHL+vfH8r+y0j9Jyh53/vEzLf7Rz6VNxcv798fzHpPyXt38f6fx7E/MvVc5/sL/8d2z25Q8AAAAAAAss////iY6P/y4dpPMHOIjwqOO/awfpAwAAAAAAAAAsgCcd/2+X8f8AAABgYTWf1Ru/O/7wtmnfxdbcfrmKeGZseaAw6WKZ1a77AQAAAAAAAAAAAAAlGeycw3u5ihhGxDOrq3VdNz9t4/XjetL1j7rStx9K1vWTPAAA7Pj4+Ni1/FXEckRcTt/1N1xdXa3r5ZXVerVeWcrvZ0dLy/VK63Ntnja3LY328YZ4MKqbP7bcWq9t1uflWe3jf6+5r1Hd30fH5qPDwAEgInZeje57RXrK1PWz0fW7HI4G+//Tx/7PfnT9OAUAAAAOX13XdZW+zvtkOubf67pTAMBc5Nf/8eMCarVarVarn766rZ7sbruIiM32Os17BsPxA8ARsxmfdN0FOiT/og0i4oWuOwEstKrrDnAo7j+4s16lfKv260Ea3z2fC7In/81qe728/qTpLOPnmMzr8bUV/XhuSn+en1MfFknOvzee/5Wd9lFa7qD5T8u1q3OMpuXfbOeJDvrTtZx/fzz/MYe9/8/LVvQm5l+qnP/gsfLvyx8AAAAAABZY/v//Ewt1/Hd00M2Z6VHHf9cO7V4BAAAAAAAA4HDdf3BnPV/3mo//f2HCcq7/fDrl/Cv5Fynn3xvL/6tjy/Vb8/fefpj/vx/cWf/jrX/9f57uN/+lPFOlR1aVHhFVuqdqkKZPsnWftTXsj5p7Gla9fnMPa7t//3psxNk9y/bSv0c9fDeubbef29Pe9HS43V73d9rP72kf7Lbn9S/saR+mM53qldx+Otbj53E93tlub9qWZmz/8oz2ekZ7zr9v/y9Szn/Q+mnyX03t1di0ce+j3mf2+/Z00v28de2Lvzl7+Jsz01b0d7etrdm+lzroz/a/ybFR/PLmxo3Tt6/eunXjXKTJnlvPR5p8znL+w/Sz+/z/8k57ft5v76/3Pho9dv6LYisGU/N/uTXfbO8rc+5bF3L+o/ST838ntU/e/49y/tP3/1c76A8AAAAAAAAAAAAAAAA8Sl3X25eIvhURF9P1P11dmwkAzFd+/a+TfPu86v6c70+tPuJ1tWD9mWv9ab1Y/VGrj2LdVk/2ZruIiL+112neM/x60h8DABbZpxHxz647QWfkX7D8fX/N9NSeb/kFnnY3P/jwp1evX9+4cbPrngAAAAAAAAAAB5XH/1xrjf98qq7ru2PL7Rn/9e1Ye9LxPwd5ZneA0SkDVX/OpyRt9Ub9Xmu48RejPT53e4Ti4e7co8b/Hsy4v+GM9tGM9qUZ7csz2ide6NGS83+xNd75qYg4OTb8egnjv46PeV+CnP9Lrcdzk/9XxpZr51///ijn39uT/5lb7//izM0PPnzt2vtX39t4b+NnF86dO3vh4sVLly6deffa9Y2zO7877PHhyvnnsa9z/pQh558zl39Zcv5fSrX8y5Lz/3Kq5V+WnH9+vyf/suT882cf+Zcl5/9KquVflpz/11It/7Lk/F9NtfzLkvP/eqrlX5ac/2upln9Zcv6nUy3/suT8z6R6n/mvHHa/mI+cfz7CZf8vS84/n9kg/7Lk/M+nWv5lyflfSLX8y5Lzfz3V8i9Lzv8bqZZ/WXL+F1Mt/7Lk/L+ZavmXJed/KdXyL0vO/1upln9Zcv7fTrX8y5LzfyPV8i9Lzv87qZZ/WXL+3021/MuS8/9equVflpz/m6mWf1kefv//os7kS+wXpT9mzJQw0/UzEwAAAAAAAAAAAAAwbh6nE3e9jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwP3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhb27jZHjru8APvfoswOJgZA6qSEXx4SQOLmznfiBNsWEx4anEgiFPmC7vrM5cGzHZ5dAI9lRoETCqAjRNrxoCwi1kaoKq+IFrQDlBWpVqRK0L+gbRIWK1KgKKCBVaivIVTvz//9vd29u9863d96d+Xwk++fbnZ35z+x/5/Z35+8OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS75Q2znxrKsqzxJ/9ra5a9qPHvzZNb89tee7VHCAAAAKzVL/K/n78u3XBoBQ9qWuYfX/mdry0sLCxk7x/547HPLyykOyazbGxTluX3RZd/+IGh5mWCJ7KJoeGmr4e7bH6ky/2jXe4f63L/eJf7N3W5f6LL/UsOwBKbi5/H5Cvbmf9za3FIs+uzsfy+nSWPemJo0/Bw/FlObih/zMLY8WwuO5nNZtMtyxfLDuXLf+OWxrbemsVtDTdta3tjhvz0sWNxDEPhGO9s2dbiOqMfvz6b/NlPHzv2l+eeu7Gsdj0MLesrxnn7jsY4PxFuKcY6lG1KxySOc7hpnNtLnpORlnEO5Y9r/Lt9nM+vcJwji8PcUO3P+UQ2nP/7u/lxGm3+sV46TtvDbf9za5ZlFxeH3b7Mkm1lw9mWlluGF5+fiWJGNtbRmEovzUZXNU9vWcE8bdSZna3ztP01EZ//W8LjRpcZQ/PT9OPHx5ue958vXMk8jRp7vdxrpX0O9vq10i9zMM6L7+Y7/WTpHNwZ9v+x25afg6Vzp2QOpv1umoM7us3B4fGRfMzpSRjKH7M4B3e3LD+Sb2kor8/e1nkOTp17+MzU/Mc+ftfcw0dPzJ6YPbV39+7pvfv2HThwYOr43MnZ6eLvKzza/W9LNpxeAzvCsYuvgVe3Lds8VRe+NL7k/Hulr8OJDq/DrW3L9vp1ONq+c0Mb84JcOqeL18Z7Gwd94tJwtsxrLH9+7lj76zDtd9PrcLTpdVj6PaXkdTi6gtdhY5kzd6zsPcto05+yMSz/vWBtc3Br0xxsfz/SPgd7/X6kX+bgRJgX379j+e8F28N4n9y12vcjI0vmYNrdcO5p3JLe708cyEvZvLypccc149n5+dmzdz969Ny5s7uzUDbEy5rmSvt83dK0T9mS+Tq86vl6aO6VT95UcvvWcKwm7mr8NbHsc9VY5p67Oz9X+Xe38uPZcuueLJQe2+jjWfbdvHE8x7PsC99+/MFvPvaFNyx7PBv95iem1v5ePPWlTeffsWXOv7Hvf6HYXlrVEyNjo8XrdyQdnbGW83HrUzWan7uG8m0/P7Wy8/FY+LPR5+PrO5yPt7Ut2+vz8Vj7zsXz8VC3n3asTfvzORHmycnpzufjxjLb9qx2To52PB/fGupQOP6vCZ1C6oua5s5y8zZta3R0LOzXaNxC6zzd27L8WOjNGtt6es+VzdPbby3WNZL2btFGzdPJtmV7PU/Tz76Wm6dD3X76dmXan8+JMC+u39t5njaWeeaetZ87N8d/Np07x7vNwbGR8caYx9IkzM/32cLmOAfvzo5lp7OT2Ux+73g+n4bybe26d2VzcDz82ehz5bYOc/D2tmV7PQfT97Hl5t7Q6NKd74H253MizIun7u08BxvLvHF/b9+73h5uScs0vXdt//nacj/zuqntMK3XXBkN4/z2/s4/m20sc/LAavvMzsfpznDLNSXHqf31u9xraibbmOO0LYzzuQPLH6fGeBrLfP7gCufToSzLLjxyf/7z3vD7lb89/72vtfzepex3Ohceuf8nLz7+D6sZPwCD74WibCm+1zX9Zmolv/8HAAAABkLs+4dDTfT/AAAAUBmx74//KzzR/wMAAEBlxL5/NNSkJv3/tjc+N/fChSwl8xeCeH86DA8Uy8WM63T4enJhUeP2+78y+99/f2Fl2x7OsuznD/xB6fLbHojjKkyGcV5+U+vtS3ztrhVt+8hDF9J2m/PrXwzrj/uz0mlQFsGdzrLsG9d9Jt/O5Acu5fWZB47k9cGLTz7RWOb5g8XX8fHPvqxY/s9C+PfQ8aMtj382HIcfhTr9tvLjER/31Uuv2b7/fYvbi48b2nFtvttPfbBYb/ycnM8+USwfj/Ny4//mp5/+amP5R19VPv4Lw+Xjfzqs9yuh/u8riuWbn4PG1/Fxnwzjb2yvMUPj4+7+8rdKx3/5U8XyZ95cLHck1Lj928PXO9/83Fzz8Xp06GjLfmVvKZaL25/+3h/l98f1xfW3j3/i8KWW49E+P57512I9U23Lx9vjdqK/a9t+Yz3N8zNu/+k/PNJynLtt//KDz76isd727d/ZttyZR+7It7+4vtZPbPrzT36mdHtxPIf+5kzL/hx6d3gdh+0/9cEwH8P9/3e5WF/7pysceXfr+Scu/8WtF1r2J3rrz4rtX37dibxumti85ZoXvfjaizc3jl2WfXdTsb5u2z/xF6dbxv+lG4rjEe+PGf327S8nbv/sR3edOj1/fm4mHdXHrss/O+ftxXjieK8L59b2rw+fPveh2bOT05PTWTZZ3Y/Qu2JfDvUnRbnYeemFJWfQOx4Kz+dNf/qNLbf9y6fj7f/23uL2S28rvm+9Oiz32XD71vD8rW77Sz11yw3563vomTDChaWfF7wW23f+14EVLRj2v/19QZzvZ17+ofw4NO7Lv2/E1/Uax/+DmWI9Xw/HdSF8MvOOGxa317x8/GyES+8pXu9rPn7hNBef178Kz/c7flSsP44r7u8PwvuYb21rPd/F+fH1C8Pt688/xeNiOJ9kF4v741LxeF96/obS4cXPIcku3ph//bm0nhtXtZvLmf/Y/NTJuVPnH506Nzt/bmr+Yx8//PDp86fOHc4/y/Pwh7s9fvH8tCU/P83M7rsny89Wp4uyzq72+M88dGxm//RtM7PHj54/fu6hM7NnTxybnz82OzN/29Hjx2c/2u3xczP37d5zcO/+PbtOzM3cd+Dgwb0Hd82dOt0YRjGoLvZNf2TXqbOH84fM33fPwd333nvP9K6HT8/M3rd/enrX+W6Pz7837Wo8+vd3nZ09efTc3MOzu+bnPj573+6D+/bt6fppgA+fOT4/OXX2/Kmp8/OzZ6eKfZk8l9/c+N7X7fFU0/y/F+9n2w0VH8SXvevOfenzWRu+8viyqyoWafsA0efCZ9H800vOHFjJ17HvHws1qUn/DwAAAHUQ+/7xUBP9PwAAAFRG7Ps3hZro/wEAAKAyYt8/EWpSk/6/cvn/bRdWtH35/8HL/2fy//L/bftzxfn/9/Rb/r84X8j/98Za8/fy/4H8v/y//L/8v/w/PdBv+f/Y92/Oslr2/wAAAFAHse/fEmqi/wcAAIDKiH3/NaEm+n8AAACojNj3vyjUpCb9v/y//L/8v/y//H/59leR/9+UrYD8/8aQ/++s5vn/4a4DkP+fyuqV/7/Yy/HXN/9f9FDy/5Tpt/x/7PtfHGpSk/4fAAAAKuU/y2+Off+1oSb6fwAAAKiM2PdfF2qi/wcAAIDKiH3/1lCTmvT/8v/y//L/8v/y/+Xbd/3/wST/31nN8//dyf+7/r/8v+v/01P9lv+Pff9LQk1q0v8DAABAHcS+/6WhJvp/AAAA6D+jV/aw2Pe/LNRkSf9/hRsAAAAArrrY91+ftQXBa/L7f/l/+X/5f/l/+f/y7a88/z+Syf/3D/n/zuT/u5D/l/+X/5f/p6f6Lf+f9/3ZRPbyUJOa9P8AAABQB7HvvyHURP8PAAAAlRH7/l8KNdH/AwAAQGXEvn9bqElN+n/5/0rm/xtPk/y//P+y269A/j8/WfdP/n9dr/8/GwKb8v8rJP/fmfx/F/L/8v/y//L/9FS/5f9j339jqElN+n8AAACog9j33xRqov8HAACAyoh9/y+Hmuj/AQAAoDJi37891KQm/b/8f5/n/2Ny1PX/5f8X8/+PyP8XapL/d/3/VZL/70z+vwv5f/l/+X/5f3qq3/L/se9/RahJTfp/AAAAqIPY978y1ET/DwAAAJUR+/6bQ030/wAAAFAZse+fDDWpSf8v/9/n+f8ru/6//H+18/+ruv7/zfL/8v81I//fmfx/F/L/8v/y//L/9FS/5f9j339LqElN+n8AAACog9j37wg10f8DAABAZcS+/9ZQE/0/AAAAVEbs+3eGmtSk/5f/l/+X/692/r9s+/L/8v9VJv/fmfx/F/L/8v/y//L/9FS/5f9j3/+qUJOa9P8AAABQB7Hvvy3URP8PAAAAlRH7/leHmuj/AQAAoDJi3397qElN+n/5f/l/+X/5/5rn/y/I/1eL/H9n8v9dyP/3Ij//Dvl/+X/5f6J+y//Hvv81oSY16f8BAACgDmLff0eoif4fAAAAKiP2/XeGmuj/AQAAoDJi378r1KQm/b/8v/y//L/8f83z/67/XzF9kP+fWMv25f/l/yuQ/3f9f/l/+X+Sq5X/z7Ly/H/s++8KNalJ/w8AAAB1EPv+u0NN9P8AAAAwgDaX3hr7/qlQE/0/AAAAVEbs+6dDTWrS/8v/y//L/9c6/39x1fn/mxfXK/9fkP/vL+uW/x/OXP9f/l/+v4tBy/+3/3awP/L/Y/L/VMoV5f+/Wrqqnlz/P/b9u0NNatL/AwAAQB3Evn9PqIn+HwAAACoj9v17Q030/wAAAFAZse+/J9SkJv2//P/G5f9HM/l/+f++y/+7/r/8f+X0wfX/17T9wcv/x12U/5f/H7z8f6/H7/r/8v8sdUX5/3I9yf/Hvv/eUJOa9P8AAABQB7Hv3xdqov8HAACAyoh9//5QE/0/AAAAVEbs+w+EmtSk/5f/d/1/+X/5f/n/8u3L/w8m+f/OXP+/C/l/+X/5f/l/eqrf8v+x7z8YalKT/h8AAADqIPb9rw010f8DAABAZcS+/1dCTfT/AAAAUBmx7//VUJOa9P/y//L/8v/y//L/5duX/x9M8v+dyf93If8v/y//L/9PT/Vb/j/2/feFmtSk/wcAAIA6iH3/r4Wa6P8BAACgMmLf/7pQE/0/AAAAVEbs+w+FmtSk/5f/X2H+f3Pn9cn/t45f/r98fsj/y//L/68/+f/O5P+7kP+X/69g/v9x+X+uon7L/8e+//WhJjXp/wEAAKAOYt9/f6iJ/h8AAAAqI/b9bwg10f8DAABAZcS+/42hJjXp/+X/Xf9f/l/+X/6/fPvy/4NJ/r8z+f8u5P/l/yuY/9+A6/+Phyr/zxIrzf/H91Xrnf+Pff+bQk1q0v8DAABAHcS+/82hJvp/AAAAqIzY978l1ET/DwAAAJUR+/63hprUpP+X/5f/l/+X/5f/L9++/P9gkv/vTP6/C/l/+f8Byf9/r+TxVzH/n3P9f8r02/X/Y9//66EmNen/AQAAoA5i3/9AqIn+HwAAACoj9v1vCzXR/wMAAEBlxL7/7aEmNen/e5f/H5f/byP/L//fPj/k/+X/5f/Xn/x/ZwOW///FteF2+f+C/P86jX/yc8WBH6D8f5nS/P8Pl8v/L2xqf7z8P+uh3/L/se9/R6hJTfp/AAAAqIPY978z1ET/DwAAAJUR+/53hZro/wEAAGDwLRTxgdj3/0aoSU36f9f/b4xjMb28zvn/v5b/l/+X/5f/l/9fX/L/nQ1Y/t/1/9vI//f3+Psy/+/6/1xl/Zb/j33/u0NNatL/AwAAQB3Evv/BUBP9PwAAAFRG7PvfE2qi/wcAAIDKiH3/e0NNatL/y/+7/r/8/4Dn/yezLJP/l/8nkf/vTP6/C/l/+f9+y///h/w/g63f8v+x738o1KQm/T8AAADUQez73xdqov8HAACAyoh9/2+Gmuj/AQAAoDJi3//+UJOa9P/y/4OS/5+U/5f/d/3/tv2R/5f/LyP/39nG5/9X94ZK/l/+f5DH7/r/8v8s1W/5/9j3fyDUZOXfriZWvCQAAABwVcS+/7dCTWry+38AAACog9j3/3aoif4fAAAAKiP2/b8TalKT/l/+f1Dy/67/n8n/y/+37Y/8v/x/mY3L/8czj/y/6//L/0fy//L/8v+067f8f+z7fzfUpCb9PwAAANRB7Ps/GGqi/wcAAICBUPZ/stvFvv9wqEn3/n/V/6cPAAAAuDpi338k1KQmv/+X/5f/l//v0/z/n+z45+9/551Hdsv/y//L/6/Khl7/v/Hid/1/+X/5/0T+X/6/NP+/Sf6/ztYh/z/WfONq8/+x7z8aalKT/h8AAADqIPb9vxdqov8HAACAyoh9/7FQE/0/AAAAVEbs+2dCTWrS/8v/y//L//dp/n+V1/8fCtvph/x/PB7y/616lv+PJ135/1Ibmv9/32JOXP5/tfn/8dJb5f9XnP/P37jJ//fX+OX/Xf+fpXqV/x9ZzP+3WG3+P/b9s6EmNen/AQAAoA5C3z98vKiLd+j/AQAAoDJi338i1ET/DwAAAJUR+/4PhZrUpP+X/5f/l/+vRv7f9f8Xl698/t/1/zuS/++sf/L/5eT/Xf9/kMcv/y//z1LrcP3/FqvN/8e+fy7UpCb9PwAAANRB7Ps/HGqi/wcAAIDKiH3/R0JN9P8AAABQGbHvPxlq8v/s3dmT5fVZx/HT2FPMFBeWVVZ54YXcW/4FXMC1/gFeeOONVZRV4gLuC4P7ivuGC7ivuIAibriCCmpCQvaQlSRkTwhJCElqUsw8zzOnu0//Tvf06enf+T6v10UeGTM5nXGcySfDu75N9r/+X/+v/9f/6/9Xf/7l/n/36r+u/n876P+n6f/X0P/r//X/+n82am79f+7+b4pbmux/AAAA6CB3/x1xi/0PAAAAw8jd/81xi/0PAAAAw8jd/y1xS5P9r//X/w/b/9+q/z/s8/X/3v8fmf5/mv5/jS3q/7/0vP5/bl+//l//z0Fz6/9z939r3NJk/wMAAEAHufu/LW6x/wEAAGAYufvvjFvsfwAAABhG7v674pYm+39f/7+z6Nn/Z8ar/x+p//f+/6Gfr//X/4/s+vb/97zyK5/+X//v/f+g/9f/6//Zb279f+7+b49bmux/AAAA6CB3/3fELfY/AAAADCN3/3fGLfY/AAAADCN3/3fFLU32/8ne/98dpf8vG+j/d7JF1//r//f//ND/6//1/6fP+//TOvX/dz5z0x0vPPLljx7n8/X/+n/9v/6fzZpb/5+7/7vjlib7HwAAADrI3f89cYv9DwAAAMPI3f+9cYv9DwAAAEN4/qsWtfu/L25psv9P1v8P8/5/8f6//v/yN+j/9f/6/62l/5/Wqf+/ls/X/+v/r+Hrr98G9f/6fw6aW/+fu//745Ym+x8AAAA6yN3/A3GL/Q8AAADDyN1/d9xi/wMAAMAwcvdfjFua7H/9/+n3/5/X/299/39uof+/Qv+v/58//f80/f8a+n/9v/f/9f9s1Nz6/9z998QtTfY/AAAAdJC7/wfjFvsfAAAAhpG7/4fiFvsfAAAAhpG7/4fjlib7X//v/X/9v/f/9f+rP1//v530/9P0/2vo/0/az5/T/+v/9f8sO2b///LEL9sb6f9z9/9I3NJk/wMAAEAHuft/NG6x/wEAAGAYuft/LG6x/wEAAGAYuft/PG5psv/1//p//b/+X/+/+vP1/9tJ/z9tNv3/zu7Kb9b/b33/7/1//b/+nz3m9v5/7v6fiFua7H8AAADoIHf/T8Yt9j8AAAAMI3f/T8Ut9j8AAAAMI3f/T8ctTfa//l//r//X/+v/V3/+VP//6NLXp/+fl432/zv6f+//6//1//p//T8nMbf+P3f/z8QtTfY/AAAAdJC7/964xf4HAACAYeTu/9m4ZWn/7/97UQEAAIDtkrv/5+KWJn/+v7r/v/q/1/8fzXXq/3f1//r/K//3vvKvqP+f7P9v8/5/T97/n7a+/89fUfX/+n/9/0b6/8XOKP3/hXXfX//PKnPr/3P3/3zc0mT/AwAAQAe5+38hbrH/AQAAYBi5+38xbrH/AQAAYBi5+38pbmmy/73/v1X9v/f/e/X/D5zz/v9lc3z/f3Hd+/9d/f8R6f+nef9/Df2//t/7/97/Z6Pm1v/n7v/luKXJ/gcAAIAOcvf/Stxi/wMAAMB2WP57Bw55xD93/6/GLfY/AAAADCN3/6/FLU32/+D9/62H/dP0//r/5R+vmfb/h77/r/+/olf/7/3/o9L/T9P/r6H/P41+fnew/v/+w77/HPr/u/X/zMye/v+xq99+Vv1/7v5fj1ua7H8AAADoIHf/fXGL/Q8AAADDyN3/G3GL/Q8AAADDyN3/m3FLk/1/6v3/hcM/2/v/+n/9v/5f/6//3zT9/zT9/xr7+/9X/qOh/t/7/97/1/9zzfb0/0vOqv/P3f9bcUuT/Q8AAAAd5O7/7bjF/gcAAIBh5O6/P26x/wEAAGAYufsfiFua7P/B3/8/lP5f/7/846X/1/+v+nz9/3bS/0/T/6/h/X/9/1n0//ETQP/PiObW/+fu/524pcn+BwAAgA5y9/9u3GL/AwAAwDBy9/9e3GL/AwAAwDBy9/9+3NJk/+v/T7f/z2/X/+v/F/p//b/+/7po2//vrPqd6KBD+v+nbr/4NXu/Rf+v/x+y/3/uVL9+7//r/zloFv3/pav/6TJ3/x/ELU32PwAAAHSQu/8P4xb7HwAAAIaRu/+P4hb7HwAAAIaRu/+P45Ym+3+p/8/kQv/v/X/9v/5f/6//31pt+/8j8v7/tJfi36/+f9T+/3S/fv2//p+DZtH/L/117v4/iVua7H8AAADoIHf/n8Yt9j8AAAAMI3f/n8Ut9j8AAAAMI3f/n8ctTfa/9/979P83LvT/+n/9v/6/B/3/NP3/Gt7/1//r//X/bNTc+v/c/Q/GLU32PwAAAHSQu/8v4hb7HwAAAIaRu/8v4xb7HwAAAIaRu/+v4pYm+1//f0j/vxir//f+v/5/of/X/zeh/5921v3/qt8vl12X/v+hiS9gVf9/6Ub9/5b3/+eP+P31//p/Nm9u/X/u/r+OW5rsfwAAAOggd/9DcYv9DwAAAMPI3f9w3GL/AwAAwDBy9/9N3NJk/+v/e7z/r//X/y/0//r/JvT/01b3/zcc/Cbv/3v/f6D+3/v/+n/Oztz6/9z9fxu3NNn/AAAA0EHu/kfiFvsfAAAAhpG7/+/iFvsfAAAAhpG7/9G4pcn+1//r//X/+n/9/+rP1/9vp9Pr/xcD9/8r6P/1//p//b/+nw2YW/+fu//v45Ym+x8AAAA6yN3/D3GL/Q8AAADDyN3/j3GL/Q8AAADDyN3/T3FLk/1/Vv3/bfp//b/+X/+v/68fVf3/5nj/f5r+fw39v/5f/6//Z6Pm1v/n7v/nuKXJ/gcAAIAOcvc/FrfY/wAAADCM3P3/ErfY/wAAADCM3P3/Grc02f/e/9f/7+3/F4uZ9//5/6T6f/3/CP3/+YX+f+P0/9P0/2vo/8fs/29YDNT/Xzj0++v/maO59f+5+/8tbmmy/wEAAKCD3P3/HrfY/wAAADCM3P3/EbfY/wAAADCM3P3/Gbc02f/6f/2/9//H6f8ff3H1z0f9/2z7//pR1f9vjv5/mv5/Df3/mP2/9//1/5yZufX/ufsfj1ua7H8AAADoIHf/E/v/DNX+BwAAgGE8cfkfzy/+K26x/wEAAGAYufv/O25psv/1//p//f84/b/3/6/Q//d2Rv3/zqY+X/+v/9f/b+/Xr//X/3PQ3Pr/3P3/E7c02f8AAADQQe7+J+MW+x8AAACGkbv/qbjF/gcAAIBh5O7/37ilyf7X/+v/9f/b2f+f1/8P3//nV6b/P565vP9/yy1f/bT+X/+v/9f/6//1/93Nrf/P3f9/cUuT/Q8AAAAd5O7//7jF/gcAAIBh5O5/Vdxi/wMAAMAwcve/Om5psv8P9v/nFlcK1StW9f/RqOn/l+j/9379+v/VPz+8/6//9/7/6ZtL/+/9/2v7+ufW/9+l/9f/n1b/f/PB76//Z0Rz6/9z9z8dtzTZ/wAAANBB7v7XxC32PwAAAMzYqr8T+3C5+18bt9j/AAAAMIzc/c/ELU32v/f/9f/6f/2//n/156/r/5P+f170/9P0/2t4/1//3+j9//j9r36dqv7/i/T/bM7c+v/c/a+LW5rsfwAAAOggd//r4xb7HwAAAIaRu/8NcYv9DwAAAMPI3f/GuKXJ/tf/b7T/313+Nv2//n/fzw/9/2D9v/f/50n/P03/v4b+X//fqP/fz/v/nIa59f+5+98UtzTZ/wAAANBB7v43xy1H2v8XTumrAgAAADYpd/9b4hZ//g8AAADDyN3/1rilyf6fa/9/93b2/3vo/+fS/3+9/n/f5+v/9f8j0//n7+ir6f/X0P8ft59/afkv9P/6f/0/+82t/8/d/2zc0mT/AwAAQAe5+98Wt9j/AAAAMIzc/W+PW+x/AAAAGEbu/nfELU32/1z7/y19/3+POfb/O4uO/b/3/y//9c6O/l//34L+f5r+f43N9v/3NOj/99D/6//1/+w3t/4/d/8745Ym+x8AAAC21dd+5Tc+e9R/bu7+d8Ut9j8AAAAMI3f/u+MW+x8AAACGkbv/ubilyf7X//fq/3u+/6//9/6//r8T/f80/f8a3v/X/+v/9f9s1Nz6/9z974lblobf7rH/XQIAAABzkrv/vXFLkz//BwAAgA5y978vbjmw/y8d8e9qBwAAAOYmd//zcUuTP/8/cf+/2NH/n2b/v9D/6//1//p//f9x6P+nnbD/v7Sj/9f/T9D/6//1/yy7MMP+P3f/++OWJvsfAAAABrXnv1HI3f+BuMX+BwAAgGHk7v9g3GL/AwAAwDBy938obmmy/73/P/P+/5re/79Q/5P+v3n/f+/5lZ+v/9f/j0z/f6gvidvp/f9LX6z/P5az7ue3/evX/+v/OWhu/X/u/g/HLU32PwAAAHSQu/8jcYv9DwAAAMPI3f/RuMX+BwAAgGHk7v9Y3NJk/+v/R+z/vf+v/5/+/HH6/y+76eKTX/cNDz+o/+eq69n/58+FLen/Lzvh+//b1v8f5/Pvu/yP+n/9v/7/2P3/zXH1/6wyt/4/d//H45Ym+x8AAAA6yN3/Qtxi/wMAAMAwcvd/Im6x/wEAAGAYuftfjFua7P+t6v+/Qv8/cv+fP9Zn0P9f3L7+P5vi7v2/9//1/wd5/3+a/n8N/b/+X//v/X82am79f+7+T8YtTfY/AAAAdJC7/1Nxi/0PAAAAw8jd/+m4xf4HAACAYeTufyluabL/t6r/9/7/0P1/upb+Pz/f+//6/4X+vz39/5Ldg9+k/19D/6//1//r/9moufX/ufs/E7c02f8AAADQQe7+l+MW+x8AAACGkbv/s3GL/Q8AAADDyN3/ubilyf7X/+v/R+j/T/j+/9n0/6/8cqP/1//r/zdO/z9N/7+G/l//377/v13/z0bNrf/P3f+FAAAA//9/pV3V")
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x1d031, 0xffffffffffffffff, 0x0)
r1 = syz_io_uring_setup(0x7ea6, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xe0042, 0x1ff)

2.415271141s ago: executing program 4 (id=2590):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x9, 0x0, 0x2, 0x180, 0x5, 0x4, 0xf1, 0x50, 0x12, 0x2, 0x0, 0x7, 0x0, 0x6, 0x0, 0x8000000bdb], 0xd000, 0x43102})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
futex(0x0, 0x5, 0x300, 0x0, &(0x7f00000000c0)=0x8000000, 0x1000004)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x4, 0x1000000000, 0x0, 0x10043, 0x2000001, 0x3, 0x2004cb, 0x0, 0x1000007, 0xd2, 0x2, 0x9, 0x3, 0x0, 0x7, 0x400000], 0xeeee8000, 0x202})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xdddd1000, 0xeeee0000, 0xa, 0x8, 0xb, 0xe4, 0x40, 0x0, 0x0, 0x2e, 0x80}, {0x5000, 0x4000, 0x3, 0x0, 0x42, 0x5, 0x5, 0x6, 0x5, 0x5, 0x2, 0x81}, {0xfec00000, 0xeeee0000, 0xe, 0x5, 0x3, 0x7, 0x1, 0x7, 0x3, 0x5, 0x5, 0x5}, {0x1, 0xa000, 0xb, 0x6, 0x4, 0x42, 0xb, 0xff, 0x2, 0x7, 0xe}, {0xeeee0000, 0xd000, 0xf, 0x3, 0x15, 0x7, 0xa8, 0x8, 0xfd, 0x3, 0xf7, 0x83}, {0x8080000, 0xc000, 0xc, 0xa0, 0xb1, 0x8, 0x2, 0xa0, 0x82, 0xf, 0x5, 0x7}, {0xeeef0000, 0xeeef0000, 0x4, 0x5, 0x7, 0xd1, 0x7, 0x3, 0x9, 0x81, 0x40, 0x70}, {0x41000, 0x60000, 0x14, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0x3, 0xba, 0x9}, {0xffff2000, 0x30}, {0xe000, 0x7}, 0x80010000, 0x0, 0x0, 0x2024, 0x0, 0xf401, 0x3000, [0x9, 0x100000000000204, 0x5b, 0x8]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.134170135s ago: executing program 5 (id=2593):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x4, 0xf, 0x80000006}, 0x0, 0x0)

1.898685056s ago: executing program 4 (id=2594):
r0 = fanotify_init(0x1a, 0x800)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000ff1000/0xc000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x1, 0x800000c1})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0xa8)
fanotify_mark(r0, 0x249, 0x40000038, r2, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x37, 0x7fffffff}]})
close_range(r3, 0xffffffffffffffff, 0x0)

1.893222807s ago: executing program 2 (id=2595):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x6, 0x504}, 0x50)
syz_io_uring_setup(0x512b, &(0x7f0000000180)={0x0, 0x6f04, 0x130c8, 0x1, 0x2a0}, 0x0, 0x0)
epoll_create1(0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcdd, r0}, 0x38)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'bond0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010001d0025bd7000fadbdf2500000000", @ANYRES32=r3, @ANYBLOB="138000002b9201002400128009000100626f6e6400000000140002800800", @ANYRES16=r1], 0x44}, 0x1, 0x0, 0x0, 0x240448e0}, 0x0)

1.598214191s ago: executing program 2 (id=2596):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000300), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000640)=0xce0, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r2, &(0x7f0000000000)={&(0x7f0000000140)={0x2, 0x4001, @empty}, 0x10, 0x0}, 0x30006041)
close(r2)

1.397656211s ago: executing program 4 (id=2597):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x82)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
connect$pppl2tp(r2, &(0x7f00000003c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x1, 0x1, 0x0, {0xa, 0x4e21, 0x101, @private1, 0x8}}}, 0x32)
getsockopt(r2, 0x111, 0x4, 0x0, &(0x7f0000000080))

1.392508001s ago: executing program 2 (id=2598):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x2bc, &(0x7f0000000740)={0x0, 0xb1e9, 0x10100, 0x0, 0x100, 0x0, r1}, &(0x7f0000000080)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f0000000400)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x80800)
vmsplice(r6, &(0x7f0000000040)=[{&(0x7f0000000000)="e3", 0x1}], 0x1, 0x1)
fcntl$setpipe(r5, 0x407, 0x176)
vmsplice(r6, &(0x7f0000000240)=[{&(0x7f0000000a40)='5', 0x1}], 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

1.298107926s ago: executing program 4 (id=2599):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f0000000080)='X', 0x1, 0x804, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000000)={0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x7}, 0xe)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x4b, &(0x7f0000000040)=0x5, 0x4)
shutdown(r0, 0x1)
recvmmsg(r0, &(0x7f0000001e40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001b00)=""/19, 0x14}, 0x9}], 0x59, 0x42, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000080)=[@in={0x2, 0x4e21, @private=0xa010102}], 0x10)
setsockopt(r1, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8)
recvmmsg(r1, &(0x7f0000001640)=[{{0x0, 0x0, 0x0}, 0xbd}], 0x37, 0x3, 0x0)
poll(&(0x7f00000001c0)=[{r1, 0x1c0}], 0x1, 0x8)

1.245522289s ago: executing program 0 (id=2600):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$key(0xf, 0x3, 0x2)
socket$unix(0x1, 0x1, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket(0x400000000010, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000240), &(0x7f0000000380)=r1}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

1.152840073s ago: executing program 0 (id=2601):
openat(0xffffffffffffff9c, 0x0, 0x40042, 0x1)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000dc0)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1)
syz_emit_vhci(&(0x7f0000000200)=@HCI_EVENT_PKT={0x4, @extended_inquiry_info={{0x2f, 0x1}}}, 0x4)

1.102272366s ago: executing program 5 (id=2602):
syz_mount_image$hfs(&(0x7f0000000180), &(0x7f00000000c0)='./file1\x00', 0x1000812, &(0x7f0000001cc0)=ANY=[@ANYBLOB="71756965742c636f6465706167653d63703836302c696f636861727365743d63703836312c00808fead042bd35dc78f7f06333a5e7165b8271e41aee85e59cbb6c2df3d4e4c16b06c73f2e3b348a7fba46e286378a15ee516bac8d4813c9c3d9cee1ddb95d1bbcf504e065b3749a1cbd841e685a558598cf0db10b55885946e678d0a71877037a090000000700848879ef1604cadc1faca3aa22a576750d559c4e124d4cb7293e7393b77286fa8c6dc449eda0a03d342382e84d6d3c29ab95cc923fbe25e134d1c421320a3bffaa17fcd6b5178e322cc47133b3811e3d3bc34998dc7ed029834ad591d9d56c41063d8de2d50a2398e73ff2913a9fe8e954a4e4ca99ceb5737e57193c5f47fd63b16c8b34f256dbac0e5ebd009078df2cb1ca1051ad091adbfee5126d8a59fa5438734bc3e8cc7b7edc10716a0a9b711952cdf96586e06fbace21dc04bdb4a1a2072ce5f72cf0", @ANYRESOCT, @ANYRES32, @ANYRES32=0x0, @ANYRESHEX=0x0, @ANYRES32], 0x1, 0x305, &(0x7f0000000340)="$eJzs3U1rE1scx/HfmaRNepvbmz5cLtxltaAb0boRNxHJWxDEhWjbCMVQUSuoG1NxJaJ7974FX4QbxTegKxfiC2g3jpwzD8kkk5k0JB2D3w+Ik8n85/zPPP5PoBwB+GNdbX55d/Gb/WekkkrSy8uSJ6kqlSX9q/+qj/b2d/fbrZ2sHZVchI58GQWRZmCb7b2W+/8gudrGuYhQ3X4qq9a7DtPh+/6Vr33rvnsFJYPCuLs/hSdVwrvTfV898cyyHYwZ15lwHrPGHOpQj7VUdB4AgGLZ9/9BUPjb93wtrN89T9oIX/u/5ft/XIdFJzB1fua3Pe9/N8ryjT2//7ivuuM9N4Sz33vRKHGUluf6Ps8rKCQTBaZJH1V2h3wuF2/hzm67dW77XnvH03M1Qj0Ba3ELIXuF5mS7njI2zTBC301qRRmk5c3ZPmwOyX91zBYzDAzfEifEfDCfzE1T11vtxPVf2Tc2W5dwve9MBfmfH97eoouyWyl8bDQaDc/tKLLsGvk/eaZyellNH5EoOrDLSv5AUM/L00Wt9EUFvbuQGlCJo1ZTozajT0PaWktE2d7EV/PwLKfNvDbXzbp+6L2aPfW/Z/Pb0PA7M/GLjtkIbjR3xIP+zKc3V3b7rA+8OTq6UUuuiY9iZVjqR9nPNIwgOoevtKVLWnr45OndUrvdemAXbqcs3K/Fa+ZeSKnbFLygTndNRb4zsHH0DEyEL4Qrp5TY2Ynu0D4/cje2d9mJHPneKyG6YSfWhLziL62sa6P5se9CmtiCX5nwDn/6Y0T9fcIPJRSle9KLzgQFsXWXCcZ/rpIP631Xr9lq4VpleJ0eFWRpJZur3sM9+rbGjkdA1UT8ilv6K1lG54wNFsM6JmUc19FoY65TZ6TTo7dYD/OcDf6znA1MU591i9//AQAAAAAAAAAAAAAAAAAAZs3x/65g4dhRRfcRAAAAAAAAAAAAAAAAAAAAAIBZF8//q2j+X402/2//VCzh/L9V5cz/uzWYw8D8v2/2ZDoS8/8C0/UrAAD///8sd7M=")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x40)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x1607c0, 0x78e22799f4a46ffe)
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2c600, 0x0, 0xbf, 0x0, &(0x7f00000007c0))
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000dc0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1885cfe, 0x0, 0xf1, 0x0, &(0x7f00000000c0))
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
mkdir(&(0x7f0000000040)='./bus\x00', 0x10b)
open(&(0x7f0000000240)='./bus\x00', 0x4440, 0x129)

391.624831ms ago: executing program 2 (id=2603):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x9, 0x0, 0x2, 0x180, 0x5, 0x4, 0xf1, 0x50, 0x12, 0x2, 0x0, 0x7, 0x0, 0x6, 0x0, 0x8000000bdb], 0xd000, 0x43102})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
futex(0x0, 0x5, 0x300, 0x0, &(0x7f00000000c0)=0x8000000, 0x1000004)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x4, 0x1000000000, 0x0, 0x10043, 0x2000001, 0x3, 0x2004cb, 0x0, 0x1000007, 0xd2, 0x2, 0x9, 0x3, 0x0, 0x7, 0x400000], 0xeeee8000, 0x202})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xdddd1000, 0xeeee0000, 0xa, 0x8, 0xb, 0xe4, 0x40, 0x0, 0x0, 0x2e, 0x80}, {0x5000, 0x4000, 0x3, 0x0, 0x42, 0x5, 0x5, 0x6, 0x5, 0x5, 0x2, 0x81}, {0xfec00000, 0xeeee0000, 0xe, 0x5, 0x3, 0x7, 0x1, 0x7, 0x3, 0x5, 0x5, 0x5}, {0x1, 0xa000, 0xb, 0x6, 0x4, 0x42, 0xb, 0xff, 0x2, 0x7, 0xe}, {0xeeee0000, 0xd000, 0xf, 0x3, 0x15, 0x7, 0xa8, 0x8, 0xfd, 0x3, 0xf7, 0x83}, {0x8080000, 0xc000, 0xc, 0xa0, 0xb1, 0x8, 0x2, 0xa0, 0x82, 0xf, 0x5, 0x7}, {0xeeef0000, 0xeeef0000, 0x4, 0x5, 0x7, 0xd1, 0x7, 0x3, 0x9, 0x81, 0x40, 0x70}, {0x41000, 0x60000, 0x14, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0x3, 0xba, 0x9}, {0xffff2000, 0x30}, {0xe000, 0x7}, 0x80010000, 0x0, 0x0, 0x2024, 0x0, 0xf401, 0x3000, [0x9, 0x100000000000204, 0x5b, 0x8]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

388.384081ms ago: executing program 0 (id=2611):
r0 = socket(0x2, 0x80805, 0x0)
close(0x3)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={<r3=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000240)={0x6, 0x101, 0xe, 0x2, 0x2, 0x6, 0xd, 0xf}, 0x20)

320.797394ms ago: executing program 4 (id=2604):
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
inotify_init1(0x80000)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff4000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r1 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0xa, 0x28a})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x10, 0xfff1}, {0xe, 0xffff}}}, 0x24}}, 0xc044)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)

235.602769ms ago: executing program 0 (id=2605):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
mknodat$loop(0xffffffffffffff9c, 0x0, 0x1000, 0x1)
gettid()
r3 = msgget$private(0x0, 0x1)
msgrcv(r3, 0x0, 0x0, 0x2, 0x1000)
msgsnd(r3, &(0x7f0000002840)={0x2}, 0x8, 0x800)

225.951639ms ago: executing program 2 (id=2606):
r0 = fanotify_init(0x40, 0x80000)
r1 = fsopen(&(0x7f00000014c0)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
fchdir(r2)
readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0xa880, 0x97)
fanotify_mark(r0, 0x1, 0x40001019, r3, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
getdents64(r3, &(0x7f0000000100)=""/156, 0x27a5b8eb2d80a9a7)
getdents64(r3, 0x0, 0x0)

110.290485ms ago: executing program 4 (id=2607):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='smaps_rollup\x00')
fchdir(r1)
r2 = inotify_init()
inotify_add_watch(r2, &(0x7f0000000000)='./file0\x00', 0x80000006)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x28f43000)
read(r0, &(0x7f00000002c0)=""/153, 0x99)

0s ago: executing program 2 (id=2608):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000600)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030332c726573765f6c6576656c3d30303030303030303030303030303030303030362c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c636f686572656e63793d66756c6c2c6e6f61636c2c004c98065b85e5b137d63b2211c62c402045083da9bddc3b0d88d44ecd24ba5288d428197284f332858b83349af2c7646f1e07e91120d7f23ce20389bbc031d81d654f1ca08f61c92d90e6ea478843c1ad942c7c257f9ff5348dd038e947775991ad90f8861dada21d5fa2de7042b5e2cbbcd1ada2b568e375812eb0bc448e68eda4c70cf1d5adf566142ed45924fe72a1eb1a914faf754b9d94bf0fdc1f98c708bd89940b5ef96e328240c39559b35bc83c15c15104f3b3fe1945f0278c34e2399dadcd9776ac659afcbb239569140ab408ad87f15b353941"], 0x1, 0x442a, &(0x7f0000004480)="$eJzs3c9vVNUeAPBzb/seLQ94LY8FLzFxEkk0apqWlVoSSymUFioGhRg3w7QdoDrtkHZqXLCoOxJXJi6MC6KJu65IF27xT3DjEtckunBjQkKsmZk7be/tTDrWTivk80nonXt+z3znnjl3cTlxonJ7bik3t5QrLOTKMzeXTuc+KZeW54sh3icH3T/t6UScxP7gXDl34b3rp0P4Yfanx+vr6+uhqjs0NbTl9e+/3Z3ZemyIM3Wq7TZvba98GEI4sW1cVV0hhA++DyEKIZxN0kaTY28I4Vio512/+/mN3B6N5sGj4pn806l7a8OnJlfvr7V+71EIX5f+//qt+V9e6hr++dU96h4AAAAAAAAAAAAAAAAAgGfc+NUr194dHAoPo9C9Gm1/Xnc8ObZ6PnZ9z7zY1nifJKX/7vsGAAAAAAAAAAAAAAAAAACAf5LN5/9z0fEmz/+PJceRFvXX3+78GOmciXeujJ0fHEr2f4+25b+RJP16tiv0N9n3Pbv/+9lM/eb7v2/vZ7ca42v02xeieCB1HscDAyF8m2z8fjI6HJfKS5XXbpaXF2b3bBjPrHT867v3p6KTbOjfbvxHM+13fv///237NlXPb+zdV+y5lo5/V8ty330WtRX/c5l6+xF/di8d/+5aWu/WAiP1CaAa/y+6d47/WKb9TsX/WAghF1XHmkvNANU1TDW91XqFtHT8/1VLS02dyQfZ6vp/kon/+Uz7BzX/r2R/iGgqHf9/19J6UiU2r//+eOfr/0Km/YOIf3X8K37/25KO/6F6YneqSO2TbHf+H8+036n4X4uTcR6LUt+A1aie3ur/qyMtHf+ebfmb939xW+u/i5n6+3X/1+i3cf/XmP5fier3fzSXjn9vy3LtXv8TmXqdnv9Haus/disd/8O1tPTaua/2t934T2ba71T8a6uSnkb8N+eTPw7V07+x/mtLOv7/qSfGW0us1P7W1n/Rzuv/S5n2D2L9Vx3/StzZXp8X6fgfaVmuGv8f2/j9v5yp1/n4hzBorb9r6fgfbVmudv337Bz/qUy9Tsf/5U42DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAMGE2OfSGKB1LncTwwEMK55PxkOBxNF2bz06XyzMdLIYwl6blwPLpVKk8XSvm5hfJsMV8olcozIZxP8k+EnmipVK7k5wt3Lmy01RvdLhYWK9PFQiWEMJ6kvxCONtqanqvMF+6EEC5u5P03Li/euV1YyM/OLb41ODg4GCY2xtAfFT+tFBcq9d7ruSFMbtTti7YMrpZ9aWMsR6KPysuLC4VSLf3yljql8kyhtKXOVJL3ZeiPKovLCzOFSjFfKt9q9HeQRpLj2MTV969eHtqWfyOqH0f3d1gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/EUPh9/8KoTQXT+LQwi5KHkRJf9SHjwqnsk/nbq3NnxqcvX+2uNmZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiTHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzSP0oDQRQH4DdjoaXHsFp2O9sVRbRwRfAEegwPo0fxEt7BIkXaFCGQzELYP7BNUn1f82B+zLwH8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACWe3zr3l/rJiLF1fYy4vfz7/84fy71+276/sUZZuR0nl66+4e6Kf+eRvltOVq1eZ9u1l8fMVF7P4M9Ge7TwbjP0Ny+zc3X972OlKuIaEt+k3KuqmVvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCwAAAAAI87eOom8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//0OnJ0Q=")
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140))
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x108)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x189)
symlink(&(0x7f00000005c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000002c0)='.\x02\x00')
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0))
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, 0x0, 0x0)
lseek(r0, 0xfffffffffffffffc, 0x2)
getdents(r0, 0x0, 0x54)

kernel console output (not intermixed with test programs):

sed all slaves
[  230.172556][ T8119] netlink: 4 bytes leftover after parsing attributes in process `syz.3.742'.
[  230.364613][ T8124] netlink: 12 bytes leftover after parsing attributes in process `syz.0.745'.
[  230.485111][ T8039] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.492675][ T8039] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.500180][ T8039] bridge_slave_0: entered allmulticast mode
[  230.518971][ T8039] bridge_slave_0: entered promiscuous mode
[  230.617485][ T8039] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.637404][ T8039] bridge0: port 2(bridge_slave_1) entered disabled state
[  230.660978][ T8039] bridge_slave_1: entered allmulticast mode
[  230.676866][ T8039] bridge_slave_1: entered promiscuous mode
[  230.840550][ T8039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  230.886120][ T8039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  231.093721][ T8039] team0: Port device team_slave_0 added
[  231.131656][ T8039] team0: Port device team_slave_1 added
[  231.235607][ T8039] batman_adv: batadv0: Adding interface: batadv_slave_0
[  231.266530][ T8039] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  231.327483][ T8039] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  231.362295][ T8039] batman_adv: batadv0: Adding interface: batadv_slave_1
[  231.369394][ T8039] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  231.468344][ T8148] mmap: syz.0.751 (8148) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  231.480574][ T8039] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  231.657110][ T8039] hsr_slave_0: entered promiscuous mode
[  231.686567][ T8039] hsr_slave_1: entered promiscuous mode
[  231.991200][   T51] Bluetooth: hci2: command tx timeout
[  232.925996][ T8173] netlink: 12 bytes leftover after parsing attributes in process `syz.2.755'.
[  232.991478][ T8039] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  233.042633][ T8039] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  233.085280][ T8039] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  233.098487][ T8039] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  233.357247][ T8039] 8021q: adding VLAN 0 to HW filter on device bond0
[  234.006574][ T8039] 8021q: adding VLAN 0 to HW filter on device team0
[  234.074739][   T38] bridge0: port 1(bridge_slave_0) entered blocking state
[  234.082051][   T38] bridge0: port 1(bridge_slave_0) entered forwarding state
[  234.135725][   T38] bridge0: port 2(bridge_slave_1) entered blocking state
[  234.142985][   T38] bridge0: port 2(bridge_slave_1) entered forwarding state
[  234.194351][ T8191] overlayfs: failed to clone lowerpath
[  234.247936][ T8191] overlayfs: failed to clone upperpath
[  234.562186][ T8203] loop3: detected capacity change from 0 to 1024
[  234.601789][ T8202] overlayfs: failed to clone lowerpath
[  234.624553][ T8205] overlayfs: failed to clone lowerpath
[  234.915866][ T8039] 8021q: adding VLAN 0 to HW filter on device batadv0
[  234.973862][   T11] hfsplus: b-tree write err: -5, ino 25
[  234.995434][   T11] hfsplus: b-tree write err: -5, ino 4
[  235.009940][   T11] hfsplus: b-tree write err: -5, ino 2
[  235.037861][   T11] hfsplus: b-tree write err: -5, ino 26
[  235.054773][   T11] hfsplus: b-tree write err: -5, ino 27
[  235.070058][   T11] hfsplus: b-tree write err: -5, ino 28
[  235.080343][ T8039] veth0_vlan: entered promiscuous mode
[  235.116832][ T8039] veth1_vlan: entered promiscuous mode
[  235.206720][ T8039] veth0_macvtap: entered promiscuous mode
[  235.229430][ T8039] veth1_macvtap: entered promiscuous mode
[  235.275491][ T8039] batman_adv: batadv0: Interface activated: batadv_slave_0
[  235.327684][ T8039] batman_adv: batadv0: Interface activated: batadv_slave_1
[  235.357032][ T8039] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  235.381123][ T8039] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  235.390004][ T8039] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  235.399817][ T8039] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  235.534238][ T3516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  235.554621][ T3516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  235.645028][  T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  235.675100][  T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.969712][ T8276] loop3: detected capacity change from 0 to 64
[  239.366689][ T8323] loop3: detected capacity change from 0 to 256
[  239.464359][ T8326] netlink: 12 bytes leftover after parsing attributes in process `syz.2.791'.
[  239.468128][ T8323] FAT-fs (loop3): Directory bread(block 64) failed
[  239.482948][ T8323] FAT-fs (loop3): Directory bread(block 65) failed
[  239.490097][ T8323] FAT-fs (loop3): Directory bread(block 66) failed
[  239.515784][ T8323] FAT-fs (loop3): Directory bread(block 67) failed
[  239.530904][ T8323] FAT-fs (loop3): Directory bread(block 68) failed
[  239.547947][ T8323] FAT-fs (loop3): Directory bread(block 69) failed
[  239.555111][ T8323] FAT-fs (loop3): Directory bread(block 70) failed
[  239.563547][ T8323] FAT-fs (loop3): Directory bread(block 71) failed
[  239.570509][ T8323] FAT-fs (loop3): Directory bread(block 72) failed
[  239.577713][ T8323] FAT-fs (loop3): Directory bread(block 73) failed
[  239.613074][ T8326] bond2: entered promiscuous mode
[  239.652692][ T8326] 8021q: adding VLAN 0 to HW filter on device bond2
[  239.755429][ T8326] IPv6: sit2: Disabled Multicast RS
[  239.815830][ T8326] 8021q: adding VLAN 0 to HW filter on device bond2
[  239.841859][ T8326] bond2: (slave sit2): The slave device specified does not support setting the MAC address
[  239.872592][ T8326] bond2: (slave sit2): Error -95 calling set_mac_address
[  239.994452][ T8339] loop0: detected capacity change from 0 to 128
[  240.075855][   T28] kauditd_printk_skb: 1554 callbacks suppressed
[  240.075871][   T28] audit: type=1326 audit(1774327621.396:1574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8340 comm="syz.1.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7c239c799 code=0x7ffc0000
[  240.163267][   T28] audit: type=1326 audit(1774327621.426:1575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8340 comm="syz.1.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7c239c799 code=0x7ffc0000
[  240.189050][   T28] audit: type=1326 audit(1774327621.426:1576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8340 comm="syz.1.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7c239c799 code=0x7ffc0000
[  240.292828][   T28] audit: type=1326 audit(1774327621.436:1577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8340 comm="syz.1.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7c239c799 code=0x7ffc0000
[  240.361088][   T28] audit: type=1326 audit(1774327621.436:1578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8340 comm="syz.1.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7c239c799 code=0x7ffc0000
[  240.421514][ T8350] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  240.445922][   T28] audit: type=1326 audit(1774327621.446:1579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8340 comm="syz.1.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fa7c239c799 code=0x7ffc0000
[  240.520739][   T28] audit: type=1326 audit(1774327621.446:1580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8340 comm="syz.1.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7c239c799 code=0x7ffc0000
[  240.610789][   T28] audit: type=1326 audit(1774327621.446:1581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8340 comm="syz.1.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7c239c799 code=0x7ffc0000
[  240.685739][   T28] audit: type=1326 audit(1774327621.446:1582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8340 comm="syz.1.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7c239c799 code=0x7ffc0000
[  240.789366][   T28] audit: type=1326 audit(1774327621.456:1583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8340 comm="syz.1.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fa7c239c799 code=0x7ffc0000
[  241.235136][ T8377] netlink: 4 bytes leftover after parsing attributes in process `syz.2.805'.
[  241.250970][ T8377] netlink: 12 bytes leftover after parsing attributes in process `syz.2.805'.
[  241.258127][ T8338] loop3: detected capacity change from 0 to 40427
[  241.282397][ T8338] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  241.301138][ T8338] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  241.332441][ T8338] F2FS-fs (loop3): invalid crc value
[  241.373465][ T8338] F2FS-fs (loop3): Found nat_bits in checkpoint
[  241.485118][ T8338] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  241.494617][ T8338] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  241.716793][ T8338] syz.3.795: attempt to access beyond end of device
[  241.716793][ T8338] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  241.733367][ T8338] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  242.541029][ T6363] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  242.743647][ T6363] usb 4-1: Using ep0 maxpacket: 16
[  242.751350][ T6363] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  242.765776][ T6363] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  242.775045][ T6363] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.783160][ T6363] usb 4-1: Product: syz
[  242.787344][ T6363] usb 4-1: Manufacturer: syz
[  242.792258][ T6363] usb 4-1: SerialNumber: syz
[  242.800167][ T6363] usb 4-1: config 0 descriptor??
[  242.808245][ T6363] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  242.817736][ T6363] em28xx 4-1:0.0: DVB interface 0 found: bulk
[  243.424603][ T6363] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  243.459450][ T8424] netlink: 'syz.2.816': attribute type 1 has an invalid length.
[  243.504983][ T8424] 8021q: adding VLAN 0 to HW filter on device bond3
[  243.551912][ T8424] bond3: (slave macvlan0): Enslaving as an active interface with a down link
[  243.564159][ T8424] bond3: entered promiscuous mode
[  243.570763][ T8423] bond3: left promiscuous mode
[  243.838593][ T8441] ref_ctr_offset mismatch. inode: 0x4d5 offset: 0x0 ref_ctr_offset(old): 0x2000000000c0 ref_ctr_offset(new): 0x1000000008
[  244.276863][ T6363] em28xx 4-1:0.0: writing to i2c device at 0xa0 failed (error=-5)
[  244.287277][ T6363] em28xx 4-1:0.0: failed to read eeprom (err=-5)
[  244.301961][ T6363] em28xx 4-1:0.0: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5]
[  244.598082][ T6363] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  244.659678][ T6363] em28xx 4-1:0.0: dvb set to bulk mode.
[  244.734462][   T27] em28xx 4-1:0.0: Binding DVB extension
[  244.878772][ T6363] usb 4-1: USB disconnect, device number 4
[  244.996938][ T6363] em28xx 4-1:0.0: Disconnecting em28xx
[  245.375536][   T27] em28xx 4-1:0.0: Registering input extension
[  245.387979][ T6363] em28xx 4-1:0.0: Closing input extension
[  245.424881][ T6363] em28xx 4-1:0.0: Freeing device
[  245.935648][   T27] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  246.121514][   T27] usb 2-1: Using ep0 maxpacket: 16
[  246.145338][   T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  246.161136][   T27] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  246.175387][   T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.184519][   T27] usb 2-1: Product: syz
[  246.189446][   T27] usb 2-1: Manufacturer: syz
[  246.196666][   T27] usb 2-1: SerialNumber: syz
[  246.204426][   T27] usb 2-1: config 0 descriptor??
[  246.213829][   T27] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  246.224938][   T27] em28xx 2-1:0.0: DVB interface 0 found: bulk
[  246.366542][ T8489] netlink: 8 bytes leftover after parsing attributes in process `syz.2.836'.
[  247.099085][   T27] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  247.704969][   T51] Bluetooth: hci1: unexpected event for opcode 0x080b
[  248.026978][   T27] em28xx 2-1:0.0: writing to i2c device at 0xa0 failed (error=-5)
[  248.044620][   T27] em28xx 2-1:0.0: failed to read eeprom (err=-5)
[  248.060798][   T27] em28xx 2-1:0.0: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5]
[  248.161501][   T27] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  248.170774][   T27] em28xx 2-1:0.0: dvb set to bulk mode.
[  248.184390][ T5774] em28xx 2-1:0.0: Binding DVB extension
[  248.208990][   T27] usb 2-1: USB disconnect, device number 6
[  248.229280][   T27] em28xx 2-1:0.0: Disconnecting em28xx
[  248.358282][ T5774] em28xx 2-1:0.0: Registering input extension
[  248.389292][   T27] em28xx 2-1:0.0: Closing input extension
[  248.457151][   T27] em28xx 2-1:0.0: Freeing device
[  248.565601][ T8521] netlink: 20 bytes leftover after parsing attributes in process `syz.2.847'.
[  249.256635][ T8542] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  249.842855][ T8556] loop1: detected capacity change from 0 to 256
[  250.017901][   T28] kauditd_printk_skb: 2 callbacks suppressed
[  250.017917][   T28] audit: type=1800 audit(1774327631.336:1586): pid=8556 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.856" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop1" ino=1048641 res=0 errno=0
[  250.136244][ T8559] loop3: detected capacity change from 0 to 2048
[  250.206686][ T8559] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  250.674117][ T8566] netlink: 8 bytes leftover after parsing attributes in process `syz.3.858'.
[  251.486541][ T8596] netlink: 8 bytes leftover after parsing attributes in process `syz.2.871'.
[  251.761189][   T51] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  251.772772][   T51] Bluetooth: hci1: Injecting HCI hardware error event
[  251.784226][ T5781] Bluetooth: hci1: hardware error 0x00
[  252.276203][ T8623] overlayfs: failed to clone upperpath
[  252.780352][ T8641] ipip0: entered promiscuous mode
[  252.792649][ T8641] ipip0: entered allmulticast mode
[  253.910954][ T5781] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  254.650754][    T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  254.846194][ T8686] netlink: 12 bytes leftover after parsing attributes in process `syz.2.906'.
[  254.861181][    T9] usb 2-1: Using ep0 maxpacket: 16
[  254.902138][    T9] usb 2-1: config 0 has no interfaces?
[  254.907883][    T9] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  254.934427][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  254.962704][    T9] usb 2-1: config 0 descriptor??
[  255.060022][ T8689] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  256.075868][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  256.082985][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  257.300821][ T5757] usb 2-1: USB disconnect, device number 7
[  257.374713][ T8728] loop1: detected capacity change from 0 to 512
[  257.391032][ T8728] EXT4-fs: Ignoring removed mblk_io_submit option
[  257.469886][ T8728] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  257.484016][ T8728] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  257.783132][ T5781] Bluetooth: hci0: command 0x0406 tx timeout
[  258.209424][ T8039] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.558501][ T8756] input: syz0 as /devices/virtual/input/input8
[  259.169669][   T12] tipc: Subscription rejected, illegal request
[  259.573323][ T8787] netlink: 24 bytes leftover after parsing attributes in process `syz.2.944'.
[  259.753147][ T8793] netlink: 12 bytes leftover after parsing attributes in process `syz.0.945'.
[  260.062263][ T8803] netlink: 8 bytes leftover after parsing attributes in process `syz.2.950'.
[  260.092850][ T8801] mtd partition "" doesn't have enough space: 0x20003 < 0x2001f, disabled
[  260.167329][ T8801] ftl_cs: FTL header not found.
[  261.630631][    C1] sched: RT throttling activated
[  262.420159][ T8845] loop3: detected capacity change from 0 to 256
[  262.517042][ T8845] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  263.268094][ T8857] netlink: 24 bytes leftover after parsing attributes in process `syz.3.970'.
[  263.592713][ T8864] bond3: left promiscuous mode
[  263.687825][ T8863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  263.720071][ T8863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  263.742821][ T8863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  263.761424][ T8863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  265.552754][ T8913] overlayfs: failed to clone upperpath
[  265.999349][ T8932] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  266.363839][ T8943] mtd partition "" doesn't have enough space: 0x20003 < 0x2001f, disabled
[  266.383738][ T8943] ftl_cs: FTL header not found.
[  266.779666][ T8960] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1010'.
[  266.818116][ T8960] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  266.829604][ T8960] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  266.838575][ T8960] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  266.847546][ T8960] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  266.916035][ T8960] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  266.926235][ T8960] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  266.935366][ T8960] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  266.944265][ T8960] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  267.081172][ T8960] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1010'.
[  267.144098][ T8960] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  267.153040][ T8960] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  267.162339][ T8960] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  267.171371][ T8960] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  267.264524][ T8960] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  267.273738][ T8960] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  267.282861][ T8960] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  267.292438][ T8960] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  268.088940][ T8983] netlink: 'syz.3.1018': attribute type 27 has an invalid length.
[  268.127551][ T8983] bond2: left allmulticast mode
[  268.564780][   T27] IPVS: starting estimator thread 0...
[  268.700995][ T8992] IPVS: using max 32 ests per chain, 76800 per kthread
[  269.190315][ T9005] syz.1.1027: attempt to access beyond end of device
[  269.190315][ T9005] loop3: rw=0, sector=0, nr_sectors = 1 limit=0
[  269.270226][ T9005] FAT-fs (loop3): unable to read boot sector
[  269.716736][ T9019] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1033'.
[  269.863248][ T9022] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1033'.
[  270.416616][ T9040] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  270.510810][    T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  270.715793][    T9] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  270.749652][    T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  270.765837][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  270.774503][    T9] usb 2-1: Product: syz
[  270.778848][    T9] usb 2-1: Manufacturer: syz
[  270.786443][    T9] usb 2-1: SerialNumber: syz
[  271.014583][    T9] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  271.311401][    T9] usb 2-1: USB disconnect, device number 8
[  271.391414][    T9] usblp0: removed
[  271.428729][   T28] audit: type=1326 audit(1774327652.746:1587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9049 comm="syz.0.1044" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x0
[  271.484900][ T9053] overlayfs: failed to clone upperpath
[  273.169017][ T9086] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1058'.
[  273.249915][ T9086] 8021q: adding VLAN 0 to HW filter on device bond4
[  273.301223][ T9093] loop2: detected capacity change from 0 to 7
[  273.331557][ T9093]  loop2: p1
[  273.345911][ T9093] loop2: partition table partially beyond EOD, truncated
[  273.371689][ T9093] loop2: p1 size 1952408940 extends beyond EOD, truncated
[  273.380230][ T9086] bond4: entered promiscuous mode
[  273.388351][ T9084] bond4: left promiscuous mode
[  273.490083][ T5761] udevd[5761]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  273.719000][ T9109] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1063'.
[  274.390997][ T9126] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  275.928518][ T9160] bond2: entered allmulticast mode
[  275.938227][ T9159] bond2: left allmulticast mode
[  275.962011][ T9162] syz.0.1083: attempt to access beyond end of device
[  275.962011][ T9162] loop1: rw=0, sector=0, nr_sectors = 1 limit=0
[  275.980781][ T9162] FAT-fs (loop1): unable to read boot sector
[  276.191734][   T51] Bluetooth: hci3: unexpected event for opcode 0x0403
[  276.198517][ T9169] ip6gre1: entered promiscuous mode
[  276.242821][ T9169] ip6gre1: entered allmulticast mode
[  276.387850][ T9171] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  276.574533][ T9173] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1087'.
[  277.380399][   T27] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  277.476594][   T27] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  277.488207][ T9170] loop3: detected capacity change from 0 to 32768
[  277.769433][ T9173] 8021q: adding VLAN 0 to HW filter on device bond1
[  277.925051][ T9175] bond1: entered promiscuous mode
[  278.205715][ T9176] dummy0: entered promiscuous mode
[  278.271917][ T9176] bond1: (slave dummy0): Enslaving as an active interface with an up link
[  278.327954][ T9172] bond1: left promiscuous mode
[  278.338921][ T9172] dummy0: left promiscuous mode
[  279.726993][ T9215] loop1: detected capacity change from 0 to 32768
[  279.743191][ T9215] XFS (loop1): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  279.801552][ T9215] XFS (loop1): Ending clean mount
[  280.211437][ T9215] syz.1.1105 (9215) used greatest stack depth: 19120 bytes left
[  280.231162][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  280.246524][ T8039] XFS (loop1): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  280.880963][    T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  281.060768][    T9] usb 2-1: Using ep0 maxpacket: 8
[  281.067687][    T9] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  281.076739][    T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  281.086774][    T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  281.096724][    T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  281.106986][    T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  281.120691][    T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  281.129768][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.348952][    T9] usb 2-1: GET_CAPABILITIES returned 0
[  281.359323][    T9] usbtmc 2-1:16.0: can't read capabilities
[  282.154555][ T5757] usb 2-1: USB disconnect, device number 9
[  283.372315][ T9297] netlink: 'syz.1.1132': attribute type 27 has an invalid length.
[  283.631252][ T9308] overlayfs: failed to clone upperpath
[  284.083025][ T9297] bridge0: port 2(bridge_slave_1) entered disabled state
[  284.091719][ T9297] bridge0: port 1(bridge_slave_0) entered disabled state
[  284.611807][ T9297] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  284.634954][ T9324] overlayfs: failed to clone upperpath
[  284.684324][ T9297] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  285.027432][ T9297] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  285.037225][ T9297] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  285.046257][ T9297] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  285.055628][ T9297] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  285.265670][ T9328] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1154'.
[  286.618228][ T9359] ip6gre1: entered promiscuous mode
[  286.637970][ T9359] ip6gre1: entered allmulticast mode
[  286.731653][ T9359] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  286.774181][ T9361] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  287.241434][   T11] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  287.276188][ T5808] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  287.277180][   T11] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  287.382582][   T27] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  287.430886][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  287.611087][ T9383] netlink: 'syz.0.1170': attribute type 4 has an invalid length.
[  287.681878][ T9383] netlink: 'syz.0.1170': attribute type 4 has an invalid length.
[  287.820482][   T51] Bluetooth: hci0: unexpected event for opcode 0x0403
[  287.837475][ T9390] ip6gre1: entered promiscuous mode
[  287.853263][ T9390] ip6gre1: entered allmulticast mode
[  287.882167][ T2959] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  287.890104][ T2959] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  287.911003][    T9] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  287.941055][ T9390] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  288.114248][ T9406] loop2: detected capacity change from 0 to 7
[  288.123262][ T9406] Dev loop2: unable to read RDB block 7
[  288.128974][ T9406]  loop2: AHDI p1 p2 p3
[  288.134407][ T9406] loop2: partition table partially beyond EOD, truncated
[  288.142204][ T9406] loop2: p1 start 1818582900 is beyond EOD, truncated
[  288.149678][ T9406] loop2: p3 start 335544320 is beyond EOD, truncated
[  288.496267][ T9413] sctp: [Deprecated]: syz.3.1182 (pid 9413) Use of struct sctp_assoc_value in delayed_ack socket option.
[  288.496267][ T9413] Use struct sctp_sack_info instead
[  288.698335][ T9418] loop3: detected capacity change from 0 to 1024
[  288.918828][ T9425] loop1: detected capacity change from 0 to 64
[  290.564279][ T9451] xt_hashlimit: max too large, truncated to 1048576
[  290.899284][ T9459] vivid-001: =================  START STATUS  =================
[  290.921726][ T9459] vivid-001: Radio HW Seek Mode: Bounded
[  290.940200][ T9459] vivid-001: Radio Programmable HW Seek: false
[  290.952115][ T9459] vivid-001: RDS Rx I/O Mode: Block I/O
[  290.966257][ T9459] vivid-001: Generate RBDS Instead of RDS: false
[  290.987139][ T9459] vivid-001: RDS Reception: true
[  291.002672][ T9459] vivid-001: RDS Program Type: 0 inactive
[  291.016106][ T9459] vivid-001: RDS PS Name:  inactive
[  291.024961][ T9459] vivid-001: RDS Radio Text:  inactive
[  291.033819][ T9459] vivid-001: RDS Traffic Announcement: false inactive
[  291.044762][ T9459] vivid-001: RDS Traffic Program: false inactive
[  291.054831][ T9459] vivid-001: RDS Music: false inactive
[  291.070760][ T9459] vivid-001: ==================  END STATUS  ==================
[  291.417198][ T9468] netlink: 'syz.0.1202': attribute type 27 has an invalid length.
[  291.450093][ T9465] 
[  291.459836][ T9468] ip6gre1: left promiscuous mode
[  291.473352][ T9468] ip6gre1: left allmulticast mode
[  291.910879][    C0] ip6_tnl_xmit_ctl: 4 callbacks suppressed
[  291.910896][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  292.311862][ T9488] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1211'.
[  292.322149][ T9488] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1211'.
[  292.331710][ T9488] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1211'.
[  292.341659][ T9488] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1211'.
[  292.351529][ T9488] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1211'.
[  292.542560][ T9493] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1214'.
[  292.554289][   T28] audit: type=1326 audit(1774327673.876:1588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9490 comm="syz.2.1213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7fc00000
[  292.626840][   T28] audit: type=1326 audit(1774327673.896:1589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9490 comm="syz.2.1213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f24a319c799 code=0x7fc00000
[  292.652719][ T9493] batman_adv: batadv0: Removing interface: batadv_slave_1
[  292.803067][ T9498] IPv6: NLM_F_CREATE should be specified when creating new route
[  294.040793][ T9515] netlink: 'syz.2.1220': attribute type 27 has an invalid length.
[  294.673518][ T9523] loop3: detected capacity change from 0 to 128
[  294.712238][ T9523] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  294.729803][ T9523] ext4 filesystem being mounted at /298/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  294.937622][ T5769] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  295.160985][ T9544] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  295.483789][ T9561] netlink: 'syz.1.1235': attribute type 27 has an invalid length.
[  295.526087][ T9561] ip6gre1: left promiscuous mode
[  295.582457][ T9561] ip6gre1: left allmulticast mode
[  295.649157][   T28] audit: type=1326 audit(1774327676.966:1590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9563 comm="syz.2.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  295.701201][   T28] audit: type=1326 audit(1774327676.996:1591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9563 comm="syz.2.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  295.747675][   T28] audit: type=1326 audit(1774327676.996:1592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9563 comm="syz.2.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  295.770801][   T28] audit: type=1326 audit(1774327676.996:1593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9563 comm="syz.2.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  295.794428][   T28] audit: type=1326 audit(1774327676.996:1594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9563 comm="syz.2.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  295.818137][   T28] audit: type=1326 audit(1774327676.996:1595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9563 comm="syz.2.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  295.897498][   T28] audit: type=1326 audit(1774327676.996:1596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9563 comm="syz.2.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  295.907303][ T9568] lo: Caught tx_queue_len zero misconfig
[  295.933636][ T9568] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  295.983166][   T28] audit: type=1326 audit(1774327676.996:1597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9563 comm="syz.2.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  297.470919][ T6363] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  297.673371][ T6363] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  297.684685][ T6363] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  297.694945][ T6363] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  297.708544][ T6363] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  297.718419][ T6363] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.729551][ T6363] usb 4-1: config 0 descriptor??
[  298.156642][ T6363] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x4
[  298.165416][ T6363] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[  298.183905][ T6363] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  299.456099][ T9598] usb 4-1: string descriptor 0 read error: -71
[  299.516436][ T9611] bond2: entered allmulticast mode
[  299.530360][ T9611] bond2: left allmulticast mode
[  300.124833][ T9618] block device autoloading is deprecated and will be removed.
[  300.230853][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  300.316196][ T5774] usb 4-1: USB disconnect, device number 5
[  301.055133][   T28] kauditd_printk_skb: 18 callbacks suppressed
[  301.055148][   T28] audit: type=1800 audit(1774327682.366:1616): pid=9638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1264" name="file1" dev="overlay" ino=526 res=0 errno=0
[  301.247764][ T9643] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  301.999972][ T9665] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1273'.
[  302.598054][ T9681] bond0: entered allmulticast mode
[  302.788665][ T9681] bridge5: entered promiscuous mode
[  302.826311][ T9681] bridge5: entered allmulticast mode
[  302.849153][ T9681] bond0: (slave bridge5): Enslaving as an active interface with an up link
[  303.141046][    T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  303.338292][    T9] usb 2-1: config 0 has too many interfaces: 253, using maximum allowed: 32
[  303.347856][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 253
[  303.372087][    T9] usb 2-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac
[  303.387939][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.396837][    T9] usb 2-1: Product: syz
[  303.406728][    T9] usb 2-1: Manufacturer: syz
[  303.411914][    T9] usb 2-1: SerialNumber: syz
[  303.463245][    T9] usb 2-1: config 0 descriptor??
[  303.472101][    T9] gspca_main: sunplus-2.14.0 probing 055f:c630
[  304.645420][ T9706] xt_CT: You must specify a L4 protocol and not use inversions on it
[  305.973344][ T5774] usb 2-1: USB disconnect, device number 10
[  308.257953][ T9777] syz_tun: entered allmulticast mode
[  308.266305][ T9777] syz_tun: left allmulticast mode
[  308.302714][ T9778] 9pnet_fd: Insufficient options for proto=fd
[  308.431004][ T9785] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1316'.
[  308.483088][ T9785] batman_adv: batadv0: Removing interface: batadv_slave_1
[  309.559697][ T9821] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  309.746073][ T9810] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  309.915960][ T9829] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1331'.
[  309.976241][ T9829] batman_adv: batadv0: Removing interface: batadv_slave_1
[  310.010204][ T9834] 9pnet: p9_errstr2errno: server reported unknown error �0x0000000000000009
[  310.069513][ T9835] block device autoloading is deprecated and will be removed.
[  310.318462][ T9844] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  310.747952][ T9859] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1342'.
[  310.762540][ T9859] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1342'.
[  312.617518][ T9869] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1346'.
[  312.740141][ T9869] batman_adv: batadv0: Removing interface: batadv_slave_1
[  313.377344][ T9882] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1350'.
[  313.422314][ T9882] syz_tun (unregistering): left allmulticast mode
[  313.429797][ T9882] syz_tun (unregistering): left promiscuous mode
[  313.436701][ T9882] bridge0: port 3(syz_tun) entered disabled state
[  313.465425][ T9882] team0: Port device vlan2 removed
[  314.645879][ T9919] syzkaller0: entered promiscuous mode
[  314.651845][ T9919] syzkaller0: entered allmulticast mode
[  315.168275][ T9922] 9pnet: p9_errstr2errno: server reported unknown error �0x0000000000000009
[  315.610790][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  317.522437][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  317.528816][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  317.979318][ T9932] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  318.096281][ T9941] overlayfs: failed to clone upperpath
[  319.542981][ T9961] capability: warning: `syz.3.1379' uses 32-bit capabilities (legacy support in use)
[  320.914567][ T9994] bridge0: port 3(macvlan2) entered blocking state
[  320.927436][ T9994] bridge0: port 3(macvlan2) entered disabled state
[  320.937887][ T9994] macvlan2: entered allmulticast mode
[  320.944923][ T9994] bridge0: entered allmulticast mode
[  320.952689][ T9994] macvlan2: left allmulticast mode
[  320.957900][ T9994] bridge0: left allmulticast mode
[  321.684100][T10004] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1397'.
[  322.452583][ T5781] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  322.472646][ T5781] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  322.490930][ T5781] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  322.513007][ T5781] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  322.523775][ T5781] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  322.532700][ T5781] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  322.982971][T10042] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1408'.
[  323.017404][T10042] syz_tun: left allmulticast mode
[  323.034848][T10042] syz_tun: left promiscuous mode
[  323.040207][T10042] bridge0: port 3(syz_tun) entered disabled state
[  323.077531][T10042] bridge_slave_1: left allmulticast mode
[  323.098126][T10042] bridge_slave_1: left promiscuous mode
[  323.115942][T10042] bridge0: port 2(bridge_slave_1) entered disabled state
[  323.150335][T10042] bridge_slave_0: left allmulticast mode
[  323.181755][T10042] bridge_slave_0: left promiscuous mode
[  323.187627][T10042] bridge0: port 1(bridge_slave_0) entered disabled state
[  324.209644][T10030] chnl_net:caif_netlink_parms(): no params data found
[  324.372613][   T38] hsr_slave_0: left promiscuous mode
[  324.392895][   T38] hsr_slave_1: left promiscuous mode
[  324.481362][   T38] batman_adv: batadv0: Removing interface: batadv_slave_0
[  324.501762][   T38] bridge_slave_1: left allmulticast mode
[  324.507492][   T38] bridge_slave_1: left promiscuous mode
[  324.548648][   T38] bridge0: port 2(bridge_slave_1) entered disabled state
[  324.603772][T10092] overlayfs: statfs failed on './file0'
[  324.613548][   T38] bridge_slave_0: left allmulticast mode
[  324.619451][   T38] bridge_slave_0: left promiscuous mode
[  324.631203][   T51] Bluetooth: hci2: command tx timeout
[  324.662613][   T38] bridge0: port 1(bridge_slave_0) entered disabled state
[  325.206626][   T38] bond1 (unregistering): (slave dummy0): Releasing backup interface
[  325.226002][   T38] bond1 (unregistering): Released all slaves
[  325.920514][   T38] team0 (unregistering): Port device team_slave_1 removed
[  325.988309][   T38] team0 (unregistering): Port device team_slave_0 removed
[  326.048334][   T38] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  326.110441][   T38] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  326.600315][   T38] bond0 (unregistering): Released all slaves
[  326.700192][T10104] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1421'.
[  326.710772][   T51] Bluetooth: hci2: command tx timeout
[  326.777064][T10115] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1421'.
[  327.064410][T10030] bridge0: port 1(bridge_slave_0) entered blocking state
[  327.098302][T10030] bridge0: port 1(bridge_slave_0) entered disabled state
[  327.106413][T10030] bridge_slave_0: entered allmulticast mode
[  327.142256][T10030] bridge_slave_0: entered promiscuous mode
[  327.171820][T10030] bridge0: port 2(bridge_slave_1) entered blocking state
[  327.179014][T10030] bridge0: port 2(bridge_slave_1) entered disabled state
[  327.224679][T10030] bridge_slave_1: entered allmulticast mode
[  327.234113][T10030] bridge_slave_1: entered promiscuous mode
[  327.358754][T10030] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  327.401534][T10030] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  327.462346][   T38] IPVS: stop unused estimator thread 0...
[  327.504672][T10030] team0: Port device team_slave_0 added
[  327.527025][T10030] team0: Port device team_slave_1 added
[  327.571451][T10030] batman_adv: batadv0: Adding interface: batadv_slave_0
[  327.578694][T10030] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  327.640742][T10030] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  327.677256][T10030] batman_adv: batadv0: Adding interface: batadv_slave_1
[  327.688719][T10143] loop3: detected capacity change from 0 to 8
[  327.706341][T10030] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  327.776525][T10030] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  328.576798][T10030] hsr_slave_0: entered promiscuous mode
[  328.631716][T10030] hsr_slave_1: entered promiscuous mode
[  328.792026][   T51] Bluetooth: hci2: command tx timeout
[  329.176280][T10179] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1436'.
[  329.188532][T10179] bridge_slave_1: left allmulticast mode
[  329.194732][T10179] bridge_slave_1: left promiscuous mode
[  329.204129][T10179] bridge0: port 2(bridge_slave_1) entered disabled state
[  329.214172][T10179] bridge_slave_0: left allmulticast mode
[  329.220009][T10179] bridge_slave_0: left promiscuous mode
[  329.228612][T10179] bridge0: port 1(bridge_slave_0) entered disabled state
[  329.373121][T10030] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  329.397807][T10030] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  329.427744][T10030] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  329.489035][T10030] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  329.877027][T10030] 8021q: adding VLAN 0 to HW filter on device bond0
[  329.957647][T10030] 8021q: adding VLAN 0 to HW filter on device team0
[  329.974809][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  329.982071][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  330.029351][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  330.036778][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  330.651897][T10030] 8021q: adding VLAN 0 to HW filter on device batadv0
[  330.871812][   T51] Bluetooth: hci2: command tx timeout
[  330.996375][T10230] bond0: (slave bond_slave_0): Releasing backup interface
[  331.023798][T10230] bond0: (slave bond_slave_1): Releasing backup interface
[  331.092118][T10230] team0: Port device team_slave_0 removed
[  331.117105][T10230] team0: Port device team_slave_1 removed
[  331.134697][T10230] batman_adv: batadv0: Removing interface: batadv_slave_0
[  331.191478][T10230] bond3: (slave macvlan0): Releasing active interface
[  331.375597][T10030] veth0_vlan: entered promiscuous mode
[  331.391903][T10030] veth1_vlan: entered promiscuous mode
[  331.511545][T10030] veth0_macvtap: entered promiscuous mode
[  331.540084][T10030] veth1_macvtap: entered promiscuous mode
[  331.609014][T10030] batman_adv: batadv0: Interface activated: batadv_slave_0
[  331.637525][T10030] batman_adv: batadv0: Interface activated: batadv_slave_1
[  331.692430][T10030] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  331.733528][T10030] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  331.770272][T10030] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  331.780311][T10030] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  331.973706][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  332.012168][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  332.085583][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  332.120622][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  332.400519][   T28] audit: type=1326 audit(1774328481.711:1617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10266 comm="syz.4.1396" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feb99b9c799 code=0x0
[  332.785995][T10278] Cannot find add_set index 0 as target
[  334.217126][T10285] loop5: detected capacity change from 0 to 7
[  334.261642][T10285] Dev loop5: unable to read RDB block 7
[  334.267330][T10285]  loop5: AHDI p1 p2 p3
[  334.310940][T10285] loop5: partition table partially beyond EOD, truncated
[  334.365460][T10285] loop5: p1 start 1818582900 is beyond EOD, truncated
[  334.391473][T10285] loop5: p3 start 335544320 is beyond EOD, truncated
[  335.604824][T10324] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  336.185245][T10347] loop4: detected capacity change from 0 to 512
[  336.257543][T10347] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  336.337081][T10347] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1470: invalid indirect mapped block 4294967295 (level 1)
[  336.475144][T10347] EXT4-fs (loop4): Remounting filesystem read-only
[  336.575171][T10347] EXT4-fs (loop4): 2 truncates cleaned up
[  336.655609][T10347] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  337.392906][T10030] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  337.747533][T10377] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1477'.
[  338.562696][T10408] binder: 10407:10408 ioctl c0306201 2000000003c0 returned -14
[  338.592234][T10408] binder_alloc: 10407: pid 10407 spamming oneway? 1 buffers allocated for a total size of 5264
[  338.694563][T10411] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1485'.
[  338.828815][T10411] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1485'.
[  339.704669][T10449] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1497'.
[  339.782419][T10440] loop4: detected capacity change from 0 to 8192
[  339.833181][T10440] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  340.593214][T10473] binder: 10471:10473 ioctl c0306201 2000000003c0 returned -14
[  341.108871][T10492] sch_tbf: burst 32855 is lower than device lo mtu (11337746) !
[  341.497641][T10511] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1500) !
[  341.728934][   T28] audit: type=1326 audit(1774328491.041:1618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10520 comm="syz.2.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7fc00000
[  341.752540][   T28] audit: type=1326 audit(1774328491.061:1619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10520 comm="syz.2.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f24a319c799 code=0x7fc00000
[  342.020169][T10525] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  342.034290][T10530] loop4: detected capacity change from 0 to 128
[  342.115146][T10530] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  342.166640][T10530] ext4 filesystem being mounted at /18/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  342.455205][T10030] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  343.159849][T10541] netlink: 'syz.4.1534': attribute type 1 has an invalid length.
[  343.528541][T10549] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  343.560899][T10549] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  344.822301][T10563] kernel profiling enabled (shift: 63)
[  344.828405][T10563] profiling shift: 63 too large
[  345.641051][T10567] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1532'.
[  345.659793][T10567] lo: entered promiscuous mode
[  345.671402][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  345.679590][T10567] lo: entered allmulticast mode
[  345.764715][T10581] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  346.473990][   T28] audit: type=1326 audit(1774328495.791:1620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.0.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  346.515250][   T28] audit: type=1326 audit(1774328495.791:1621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.0.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  346.569354][   T28] audit: type=1326 audit(1774328495.811:1622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.0.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=148 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  346.594535][   T28] audit: type=1326 audit(1774328495.811:1623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.0.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  346.621845][   T28] audit: type=1326 audit(1774328495.811:1624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.0.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=65 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  346.645933][   T28] audit: type=1326 audit(1774328495.811:1625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.0.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  346.683785][   T28] audit: type=1326 audit(1774328495.811:1626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.0.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  346.714075][   T28] audit: type=1326 audit(1774328495.821:1627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.0.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=65 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  346.745351][   T28] audit: type=1326 audit(1774328495.821:1628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.0.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  346.775351][   T28] audit: type=1326 audit(1774328495.821:1629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.0.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  346.828271][   T28] audit: type=1326 audit(1774328495.821:1630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.0.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  346.857498][   T28] audit: type=1326 audit(1774328495.821:1631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.0.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  346.889234][   T28] audit: type=1326 audit(1774328495.831:1632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10598 comm="syz.0.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  348.570032][T10649] netlink: 'syz.0.1560': attribute type 10 has an invalid length.
[  348.590931][T10649] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1560'.
[  348.600453][T10649] bridge_slave_1: left allmulticast mode
[  348.606602][T10649] bridge_slave_1: left promiscuous mode
[  348.613141][T10649] bridge0: port 2(bridge_slave_1) entered disabled state
[  348.627164][T10649] bridge_slave_0: left allmulticast mode
[  348.636044][T10649] bridge_slave_0: left promiscuous mode
[  348.644758][T10649] bridge0: port 1(bridge_slave_0) entered disabled state
[  348.884957][T10658] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode
[  349.018566][T10660] ref_ctr increment failed for inode: 0x9a3 offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff88801af28000
[  349.758207][T10665] cgroup: fork rejected by pids controller in /syz2
[  349.830886][ T5880] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  350.026009][ T5880] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  350.041415][ T5880] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  350.053922][ T5880] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  350.063522][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  350.072208][ T5880] usb 4-1: SerialNumber: syz
[  350.309638][ T5880] usb 4-1: 0:2 : does not exist
[  350.349943][ T5880] usb 4-1: USB disconnect, device number 6
[  350.524654][T10725] fuse: Bad value for 'fd'
[  351.454104][T10742] overlayfs: failed to clone upperpath
[  351.652033][T10749] netlink: 'syz.3.1576': attribute type 10 has an invalid length.
[  351.683371][T10749] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1576'.
[  352.454752][T10774] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  352.748191][T10782] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1583'.
[  353.117026][T10797] overlayfs: failed to clone upperpath
[  354.857286][T10823] fuse: Bad value for 'fd'
[  355.150542][T10833] netlink: 'syz.3.1597': attribute type 1 has an invalid length.
[  355.214996][T10836] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1594'.
[  355.237687][T10836] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1594'.
[  355.253566][T10836] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  355.271421][T10836] gretap0: entered promiscuous mode
[  355.327975][T10833] 8021q: adding VLAN 0 to HW filter on device bond4
[  355.339125][T10833] bond3: (slave bond4): making interface the new active one
[  355.347374][T10833] bond3: (slave bond4): Enslaving as an active interface with an up link
[  355.755091][T10840] syz.2.1598: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1
[  355.771212][T10840] CPU: 1 PID: 10840 Comm: syz.2.1598 Not tainted syzkaller #0
[  355.779411][T10840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  355.789720][T10840] Call Trace:
[  355.793030][T10840]  <TASK>
[  355.796000][T10840]  dump_stack_lvl+0x18c/0x250
[  355.800745][T10840]  ? show_regs_print_info+0x20/0x20
[  355.805985][T10840]  ? load_image+0x400/0x400
[  355.810531][T10840]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  355.817067][T10840]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[  355.823652][T10840]  warn_alloc+0x246/0x340
[  355.828582][T10840]  ? stack_trace_save+0xaa/0x100
[  355.833577][T10840]  ? zone_watermark_ok_safe+0x230/0x230
[  355.839366][T10840]  ? kasan_set_track+0x5f/0x70
[  355.844279][T10840]  ? kasan_set_track+0x4e/0x70
[  355.849106][T10840]  ? __kasan_kmalloc+0x8f/0xa0
[  355.854088][T10840]  ? xsk_init_queue+0xad/0x100
[  355.859080][T10840]  ? xsk_setsockopt+0x42e/0x760
[  355.864157][T10840]  ? do_sock_setsockopt+0x175/0x1a0
[  355.869562][T10840]  ? __x64_sys_setsockopt+0x182/0x200
[  355.875156][T10840]  __vmalloc_node_range+0x126/0x1330
[  355.880638][T10840]  ? free_vm_area+0x50/0x50
[  355.885210][T10840]  vmalloc_user+0x74/0x80
[  355.889603][T10840]  ? xskq_create+0xbf/0x170
[  355.894461][T10840]  xskq_create+0xbf/0x170
[  355.898851][T10840]  xsk_init_queue+0xad/0x100
[  355.903751][T10840]  xsk_setsockopt+0x42e/0x760
[  355.908475][T10840]  ? xsk_poll+0x680/0x680
[  355.912850][T10840]  ? __fget_files+0x28/0x4b0
[  355.917535][T10840]  ? __fget_files+0x28/0x4b0
[  355.922169][T10840]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  355.927749][T10840]  ? security_socket_setsockopt+0x7e/0xa0
[  355.933505][T10840]  ? xsk_poll+0x680/0x680
[  355.938403][T10840]  do_sock_setsockopt+0x175/0x1a0
[  355.943474][T10840]  ? __fdget+0x180/0x210
[  355.947847][T10840]  __x64_sys_setsockopt+0x182/0x200
[  355.953083][T10840]  do_syscall_64+0x55/0xa0
[  355.957563][T10840]  ? clear_bhb_loop+0x40/0x90
[  355.962365][T10840]  ? clear_bhb_loop+0x40/0x90
[  355.967082][T10840]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  355.973096][T10840] RIP: 0033:0x7f24a319c799
[  355.977576][T10840] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  355.997490][T10840] RSP: 002b:00007f24a40bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  356.001068][   T51] Bluetooth: Unexpected continuation frame (len 10)
[  356.006021][T10840] RAX: ffffffffffffffda RBX: 00007f24a3415fa0 RCX: 00007f24a319c799
[  356.021400][T10840] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  356.029433][T10840] RBP: 00007f24a3232c99 R08: 0000000000000004 R09: 0000000000000000
[  356.037434][T10840] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  356.045469][T10840] R13: 00007f24a3416038 R14: 00007f24a3415fa0 R15: 00007ffc4190d408
[  356.053477][T10840]  </TASK>
[  356.058022][T10840] Mem-Info:
[  356.061233][T10840] active_anon:27509 inactive_anon:0 isolated_anon:0
[  356.061233][T10840]  active_file:13502 inactive_file:40500 isolated_file:0
[  356.061233][T10840]  unevictable:768 dirty:174 writeback:17
[  356.061233][T10840]  slab_reclaimable:11013 slab_unreclaimable:93678
[  356.061233][T10840]  mapped:27836 shmem:21237 pagetables:772
[  356.061233][T10840]  sec_pagetables:0 bounce:0
[  356.061233][T10840]  kernel_misc_reclaimable:0
[  356.061233][T10840]  free:1321286 free_pcp:10731 free_cma:0
[  356.107589][T10840] Node 0 active_anon:110036kB inactive_anon:0kB active_file:54004kB inactive_file:161764kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:111304kB dirty:696kB writeback:68kB shmem:83412kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11872kB pagetables:3088kB sec_pagetables:0kB all_unreclaimable? no
[  356.117433][T10838] bond3: (slave gretap1): Enslaving as a backup interface with an up link
[  356.140890][T10840] Node 1 active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:236kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:40kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  356.183250][T10840] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  356.210769][T10840] lowmem_reserve[]: 0 2521 2522 2522 2522
[  356.216603][T10840] Node 0 DMA32 free:1368112kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:2048KB active_anon:109996kB inactive_anon:0kB active_file:54004kB inactive_file:160932kB unevictable:1536kB writepending:764kB present:3129332kB managed:2586964kB mlocked:0kB bounce:0kB free_pcp:26800kB local_pcp:16748kB free_cma:0kB
[  356.248558][T10840] lowmem_reserve[]: 0 0 0 0 0
[  356.253423][T10840] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:832kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  356.280311][T10840] lowmem_reserve[]: 0 0 0 0 0
[  356.285139][T10840] Node 1 Normal free:3901672kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:236kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:16224kB local_pcp:8128kB free_cma:0kB
[  356.328713][T10840] lowmem_reserve[]: 0 0 0 0 0
[  356.336296][T10840] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  356.349289][T10840] Node 0 DMA32: 28*4kB (EH) 48*8kB (UEH) 166*16kB (UEH) 139*32kB (UEH) 36*64kB (UMEH) 111*128kB (UMEH) 60*256kB (UME) 27*512kB (UME) 12*1024kB (M) 4*2048kB (UME) 316*4096kB (UM) = 1368112kB
[  356.368425][T10840] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  356.378888][T10833] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1597'.
[  356.380175][T10840] Node 1 Normal: 262*4kB (UE) 56*8kB (UME) 45*16kB (UME) 138*32kB (UE) 28*64kB (UME) 10*128kB (UME) 3*256kB (UME) 2*512kB (UE) 1*1024kB (U) 1*2048kB (U) 949*4096kB (M) = 3901672kB
[  356.408407][T10840] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  356.418340][T10840] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  356.423398][T10833] 8021q: adding VLAN 0 to HW filter on device bond3
[  356.428224][T10840] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  356.444426][T10840] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  356.453907][T10840] 75127 total pagecache pages
[  356.458720][T10840] 0 pages in swap cache
[  356.462958][T10840] Free swap  = 124416kB
[  356.467156][T10840] Total swap = 124996kB
[  356.471444][T10840] 2097051 pages RAM
[  356.475293][T10840] 0 pages HighMem/MovableOnly
[  356.480086][T10840] 416924 pages reserved
[  356.484382][T10840] 0 pages cma reserved
[  356.610387][T10849] input: syz0 as /devices/virtual/input/input9
[  357.539014][T10880] team0: No ports can be present during mode change
[  358.769035][T10912] loop3: detected capacity change from 0 to 512
[  359.323031][T10902] loop4: detected capacity change from 0 to 40427
[  359.343153][T10902] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  359.364602][T10902] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  359.413100][T10902] F2FS-fs (loop4): invalid crc value
[  359.459010][T10902] F2FS-fs (loop4): Found nat_bits in checkpoint
[  359.732563][T10902] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  359.739772][T10902] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  359.857945][   T28] audit: type=1800 audit(1774328509.161:1633): pid=10902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1613" name="bus" dev="loop4" ino=10 res=0 errno=0
[  359.958540][   T28] audit: type=1804 audit(1774328509.251:1634): pid=10902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1613" name="/newroot/37/file7/bus" dev="loop4" ino=10 res=1 errno=0
[  361.184024][T10980] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1624'.
[  361.498132][   T27] libceph: connect (1)[c::]:6789 error -101
[  361.519910][   T27] libceph: mon0 (1)[c::]:6789 connect error
[  361.565092][   T27] libceph: connect (1)[c::]:6789 error -101
[  361.595723][   T27] libceph: mon0 (1)[c::]:6789 connect error
[  361.607456][T10987] ceph: No mds server is up or the cluster is laggy
[  362.862617][T11018] bond0: (slave bond_slave_0): Releasing backup interface
[  362.942000][T11018] team0: Port device team_slave_0 removed
[  362.984729][T11018] team0: Port device team_slave_1 removed
[  363.013992][T11018] batman_adv: batadv0: Removing interface: batadv_slave_0
[  363.061323][T11018] bond3: (slave bond4): Releasing backup interface
[  363.081499][    T9] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  363.089413][T11018] bond3: (slave bond4): the permanent HWaddr of slave - 2a:5d:5c:8b:1c:8c - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  363.111707][T11018] bond3: (slave gretap1): making interface the new active one
[  363.158661][T11018] bond3: (slave gretap1): Releasing backup interface
[  363.200018][T11019] team0: Failed to send options change via netlink (err -105)
[  363.228478][T11019] team0: Mode changed to "activebackup"
[  363.335185][T11018] syz.3.1632 (11018) used greatest stack depth: 17456 bytes left
[  363.592034][    T9] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  363.917621][T11024] loop4: detected capacity change from 0 to 32768
[  363.994454][T11024] JBD2: Ignoring recovery information on journal
[  364.070982][T11024] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  364.532451][T10030] ocfs2: Unmounting device (7,4) on (node local)
[  368.110183][T11089] syz.3.1644 (11089): drop_caches: 2
[  368.708410][T11138] bond1: entered allmulticast mode
[  368.777724][T11138] ip6gretap1: entered promiscuous mode
[  368.792504][T11138] bond1: (slave ip6gretap1): no link monitoring support
[  368.849555][T11138] bond1: (slave ip6gretap1): MII and ETHTOOL support not available for slave, and arp_interval/arp_ip_target module parameters not specified, thus bonding will not detect link failures! see bonding.txt for details
[  368.884766][T11138] ip6gretap1: entered allmulticast mode
[  368.895685][T11138] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  371.177631][T11177] xt_socket: unknown flags 0x4c
[  371.502105][ T5827] libceph: connect (1)[c::]:6789 error -22
[  371.508163][ T5827] libceph: mon0 (1)[c::]:6789 connect error
[  371.587144][T11185] ceph: No mds server is up or the cluster is laggy
[  373.401444][T11216] cgroup: fork rejected by pids controller in /syz3
[  373.646781][T11260] overlayfs: failed to clone upperpath
[  373.988258][T11274] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1698'.
[  374.052331][T11279] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1699'.
[  374.671384][ T5774] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  374.854415][ T5774] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  374.864325][ T5774] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.872597][ T5774] usb 4-1: Product: syz
[  374.876828][ T5774] usb 4-1: Manufacturer: syz
[  374.881524][ T5774] usb 4-1: SerialNumber: syz
[  375.301762][ T5774] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32
[  376.730307][ T5774] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000400. ret = -71
[  376.770755][ T5774] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  376.810962][ T5774] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  376.862733][ T5774] lan78xx: probe of 4-1:1.0 failed with error -71
[  376.910966][ T5774] usb 4-1: USB disconnect, device number 7
[  377.343316][   T28] audit: type=1804 audit(1774328526.661:1635): pid=11334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1716" name="file1" dev="ramfs" ino=36043 res=1 errno=0
[  377.668201][   T51] Bluetooth: hci3: unexpected event for opcode 0x0c12
[  377.753361][T11344] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  378.367846][T11339] loop3: detected capacity change from 0 to 40427
[  378.379299][T11339] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  378.395405][T11339] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  378.426821][T11339] F2FS-fs (loop3): Found nat_bits in checkpoint
[  378.511889][T11339] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  378.529354][T11339] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  378.880968][T11339] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  378.889411][T11339] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  378.903656][T11339] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  378.913185][T11339] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  378.926097][T11339] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  378.935995][T11339] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  378.949031][T11339] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  378.959517][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  378.966498][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  379.424252][T11367] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  379.602710][T11370] xt_socket: unknown flags 0x4c
[  380.070787][ T5774] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  380.303010][ T5774] usb 4-1: config 0 has an invalid interface number: 127 but max is 1
[  380.320665][ T5774] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  380.358743][ T5774] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  380.378218][ T5774] usb 4-1: config 0 has no interface number 0
[  380.385835][ T5774] usb 4-1: config 0 interface 127 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  380.411628][ T5774] usb 4-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  380.430663][ T5774] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.439928][ T5774] usb 4-1: Product: syz
[  380.444286][ T5774] usb 4-1: Manufacturer: syz
[  380.448933][ T5774] usb 4-1: SerialNumber: syz
[  380.459702][ T5774] usb 4-1: config 0 descriptor??
[  380.476063][ T5774] usb-storage 4-1:0.127: USB Mass Storage device detected
[  380.498271][ T5774] usb-storage 4-1:0.127: Quirks match for vid 1908 pid 1315: 20000
[  380.677256][ T5827] usb 4-1: USB disconnect, device number 8
[  381.032322][T11413] overlayfs: failed to clone upperpath
[  381.072992][T11411] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1742'.
[  381.681118][   T51] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  381.693486][   T51] Bluetooth: hci3: Injecting HCI hardware error event
[  381.703700][   T51] Bluetooth: hci3: hardware error 0x00
[  381.959706][T11428] ceph: No mds server is up or the cluster is laggy
[  382.373172][T11452] overlayfs: failed to clone upperpath
[  383.383523][T11473] sctp: [Deprecated]: syz.0.1763 (pid 11473) Use of struct sctp_assoc_value in delayed_ack socket option.
[  383.383523][T11473] Use struct sctp_sack_info instead
[  383.760749][   T51] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  385.165282][T11513] overlayfs: failed to clone upperpath
[  386.394755][T11545] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  386.598775][T11555] netlink: 'syz.3.1787': attribute type 4 has an invalid length.
[  386.650992][T11555] netlink: 'syz.3.1787': attribute type 4 has an invalid length.
[  387.208470][T11561] loop3: detected capacity change from 0 to 40427
[  387.464977][T11539] I/O error, dev loop3, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  387.768058][T11561] netlink: 'syz.3.1791': attribute type 10 has an invalid length.
[  389.311912][   T28] audit: type=1326 audit(1774328538.621:1636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11597 comm="syz.0.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  389.374123][   T28] audit: type=1326 audit(1774328538.621:1637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11597 comm="syz.0.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  389.472194][   T28] audit: type=1326 audit(1774328538.661:1638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11597 comm="syz.0.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  389.526188][   T28] audit: type=1326 audit(1774328538.661:1639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11597 comm="syz.0.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  389.550302][   T28] audit: type=1326 audit(1774328538.661:1640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11597 comm="syz.0.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  389.590976][   T28] audit: type=1326 audit(1774328538.661:1641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11597 comm="syz.0.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  389.637287][T11610] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  389.644876][   T28] audit: type=1326 audit(1774328538.661:1642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11597 comm="syz.0.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  389.682881][   T28] audit: type=1326 audit(1774328538.661:1643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11597 comm="syz.0.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  389.726592][   T28] audit: type=1326 audit(1774328538.661:1644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11597 comm="syz.0.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  389.769038][   T28] audit: type=1326 audit(1774328538.661:1645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11597 comm="syz.0.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5f539c799 code=0x7ffc0000
[  389.862266][T11616] ң
[  391.022776][T11641] bond5: entered promiscuous mode
[  391.982730][T11650] loop4: detected capacity change from 0 to 32768
[  392.030060][T11650] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  392.249931][T11650] XFS (loop4): Ending clean mount
[  392.334982][T11650] XFS (loop4): Quotacheck needed: Please wait.
[  392.424930][T11650] XFS (loop4): Quotacheck: Done.
[  392.563823][T11686] Core dump to core aborted: cannot preserve file permissions
[  392.577261][T11687] overlayfs: failed to clone upperpath
[  394.174861][T11706] overlayfs: invalid origin (0000)
[  394.586026][T10030] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  394.845971][T11714] team0: Port device team_slave_0 removed
[  395.595432][T11734] Invalid argument reading file caps for ./file0
[  397.631265][T11790] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1872'.
[  397.713937][T11793] IPv6: NLM_F_REPLACE set, but no existing node found!
[  397.976409][T11803] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1874'.
[  398.527524][T11823] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1883'.
[  398.557601][T11825] netlink: 'syz.0.1884': attribute type 11 has an invalid length.
[  398.575124][T11823] bond5: (slave geneve2): Opening slave failed
[  399.441512][T11848] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1892'.
[  399.565320][T11851] binder_alloc: 11850: binder_alloc_buf size 16777216 failed, no address space
[  399.577730][T11851] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288)
[  399.913290][T11862] overlayfs: failed to clone upperpath
[  400.110932][ T5774] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  400.320985][ T5774] usb 4-1: Using ep0 maxpacket: 8
[  400.342325][ T5774] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  400.361890][ T5774] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.369956][ T5774] usb 4-1: Product: syz
[  400.383986][ T5774] usb 4-1: Manufacturer: syz
[  400.392426][ T5774] usb 4-1: SerialNumber: syz
[  400.403800][ T5774] usb 4-1: config 0 descriptor??
[  400.619384][ T5774] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  400.670975][   T28] kauditd_printk_skb: 16 callbacks suppressed
[  400.670993][   T28] audit: type=1326 audit(1774328549.981:1662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11883 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  400.701753][   T28] audit: type=1326 audit(1774328550.021:1663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11883 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  400.724536][    C1] vkms_vblank_simulate: vblank timer overrun
[  400.734733][   T28] audit: type=1326 audit(1774328550.051:1664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11883 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  400.757365][    C1] vkms_vblank_simulate: vblank timer overrun
[  400.765617][   T28] audit: type=1326 audit(1774328550.051:1665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11883 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  400.789344][   T28] audit: type=1326 audit(1774328550.051:1666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11883 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  400.812096][    C1] vkms_vblank_simulate: vblank timer overrun
[  400.818850][   T28] audit: type=1326 audit(1774328550.061:1667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11883 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  400.841392][    C1] vkms_vblank_simulate: vblank timer overrun
[  400.880702][   T28] audit: type=1326 audit(1774328550.061:1668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11883 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  400.923507][   T28] audit: type=1326 audit(1774328550.061:1669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11883 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  400.946175][    C1] vkms_vblank_simulate: vblank timer overrun
[  400.962927][   T28] audit: type=1326 audit(1774328550.061:1670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11883 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  400.998869][   T28] audit: type=1326 audit(1774328550.061:1671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11883 comm="syz.2.1906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  401.553620][T11906] syz.4.1916[11906] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  401.553967][T11906] syz.4.1916[11906] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  401.657515][ T5774] dvb_usb_rtl28xxu: probe of 4-1:0.0 failed with error -71
[  401.699630][ T5774] usb 4-1: USB disconnect, device number 9
[  401.878929][T11920] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1922'.
[  402.372888][T11927] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  404.255309][T11970] syz_tun: entered allmulticast mode
[  404.294689][T11969] syz_tun: left allmulticast mode
[  404.979368][T11988] loop3: detected capacity change from 0 to 1024
[  405.008568][T11988] EXT4-fs: inline encryption not supported
[  405.029545][T11988] EXT4-fs: Ignoring removed i_version option
[  405.066114][T11988] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  405.157333][T11988] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  405.209109][T11988] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4045: comm syz.3.1947: Allocating blocks 497-513 which overlap fs metadata
[  405.297054][T11988] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4045: comm syz.3.1947: Allocating blocks 497-513 which overlap fs metadata
[  405.352207][T11988] EXT4-fs (loop3): pa ffff88805b917740: logic 256, phys. 369, len 9
[  405.360334][T11988] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5386: group 0, free 0, pa_free 1
[  405.571713][T12005] binder_alloc: 12004: binder_alloc_buf size 16777216 failed, no address space
[  405.586281][T12005] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 4088 (num: 1 largest: 4088)
[  405.668959][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  405.792060][   T28] kauditd_printk_skb: 45 callbacks suppressed
[  405.792078][   T28] audit: type=1326 audit(1774328555.111:1717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12015 comm="syz.3.1956" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9d5c99c799 code=0x0
[  409.670792][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  409.894244][T12104] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1986'.
[  409.911279][T12104] bridge0: port 2(bridge_slave_1) entered disabled state
[  409.920277][T12104] bridge0: port 1(bridge_slave_0) entered disabled state
[  410.600183][T12126] fuse: Bad value for 'fd'
[  413.534234][T12166] loop3: detected capacity change from 0 to 32768
[  413.580299][T12166] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  413.637280][T12202] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2012'.
[  413.657803][T12166] XFS (loop3): Ending clean mount
[  413.723918][T12166] XFS (loop3): Quotacheck needed: Please wait.
[  413.844879][T12166] XFS (loop3): Quotacheck: Done.
[  413.967794][   T28] audit: type=1800 audit(1774328563.281:1718): pid=12166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2005" name="file1" dev="loop3" ino=6150 res=0 errno=0
[  413.997744][   T28] audit: type=1800 audit(1774328563.311:1719): pid=12166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2005" name="file1" dev="loop3" ino=6150 res=0 errno=0
[  414.012166][T12210] overlayfs: failed to clone upperpath
[  414.383394][   T28] audit: type=1326 audit(1774328563.701:1720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12221 comm="syz.4.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb99b9c799 code=0x7ffc0000
[  414.470035][   T28] audit: type=1326 audit(1774328563.701:1721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12221 comm="syz.4.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb99b9c799 code=0x7ffc0000
[  414.565955][   T28] audit: type=1326 audit(1774328563.701:1722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12221 comm="syz.4.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb99b9c799 code=0x7ffc0000
[  414.690656][   T28] audit: type=1326 audit(1774328563.701:1723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12221 comm="syz.4.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb99b9c799 code=0x7ffc0000
[  414.769912][   T28] audit: type=1326 audit(1774328563.701:1724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12221 comm="syz.4.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7feb99b9c799 code=0x7ffc0000
[  414.848536][   T28] audit: type=1326 audit(1774328563.701:1725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12221 comm="syz.4.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb99b9c799 code=0x7ffc0000
[  414.928175][   T28] audit: type=1326 audit(1774328563.701:1726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12221 comm="syz.4.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb99b9c799 code=0x7ffc0000
[  414.988314][   T28] audit: type=1326 audit(1774328563.701:1727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12221 comm="syz.4.2016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb99b9c799 code=0x7ffc0000
[  415.138083][T12241] batadv_slave_0: entered promiscuous mode
[  415.161492][T12239] batadv_slave_0: left promiscuous mode
[  415.173890][T12240] 9pnet: Found fid 0 not clunked
[  415.240314][ T5769] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  415.713414][T12257] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2032'.
[  416.280785][   T27] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  416.490756][   T27] usb 4-1: Using ep0 maxpacket: 16
[  416.507633][   T27] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  416.538466][   T27] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  416.561021][   T27] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  416.575165][   T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.594413][   T27] usb 4-1: Product: syz
[  416.603737][   T27] usb 4-1: Manufacturer: syz
[  416.613855][   T27] usb 4-1: SerialNumber: syz
[  416.857001][   T27] usb 4-1: 0:2 : does not exist
[  416.865680][T12284] binder: BINDER_SET_CONTEXT_MGR already set
[  416.881752][T12284] binder: 12283:12284 ioctl 4018620d 200000000040 returned -16
[  416.890476][   T27] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  416.999635][   T27] usb 4-1: USB disconnect, device number 10
[  417.035061][T11539] udevd[11539]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  417.745629][T12304] overlayfs: failed to get index nlink (file0/file1, err=-61)
[  417.878721][T12308] loop3: detected capacity change from 0 to 16
[  417.913845][T12308] erofs: (device loop3): mounted with root inode @ nid 36.
[  417.972717][T12308] erofs: (device loop3): erofs_init_inode_xattrs: xattr_isize 12 of nid 49 is not supported yet
[  417.988758][T12308] erofs: (device loop3): erofs_init_inode_xattrs: xattr_isize 12 of nid 49 is not supported yet
[  418.001668][T12308] syz.3.2054: attempt to access beyond end of device
[  418.001668][T12308] loop3: rw=524288, sector=34359738360, nr_sectors = 8 limit=16
[  418.019921][T12308] syz.3.2054: attempt to access beyond end of device
[  418.019921][T12308] loop3: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  420.335844][T12351] overlayfs: failed to clone upperpath
[  421.431724][T12362] bond6: entered promiscuous mode
[  422.487072][T12377] loop3: detected capacity change from 0 to 8
[  422.739831][T12377] SQUASHFS error: xz decompression failed, data probably corrupt
[  422.749149][T12377] SQUASHFS error: Failed to read block 0x108: -5
[  422.757213][T12377] SQUASHFS error: Unable to read metadata cache entry [106]
[  422.765140][T12377] SQUASHFS error: Unable to read inode 0x11f
[  423.792661][T12413] loop3: detected capacity change from 0 to 16
[  423.826057][T12413] erofs: (device loop3): mounted with root inode @ nid 36.
[  424.252777][T12426] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2103'.
[  425.392414][T12437] loop3: detected capacity change from 0 to 256
[  425.636979][T12442] syz.3.2108: attempt to access beyond end of device
[  425.636979][T12442] loop7: rw=0, sector=64, nr_sectors = 2 limit=0
[  425.670729][T12442] isofs_fill_super: bread failed, dev=loop7, iso_blknum=16, block=32
[  425.956892][T12448] bond2: entered allmulticast mode
[  426.013496][T12448] bridge3: entered promiscuous mode
[  426.019022][T12448] bridge3: entered allmulticast mode
[  426.028840][T12448] bond2: (slave bridge3): making interface the new active one
[  426.037861][T12448] bond2: (slave bridge3): Enslaving as an active interface with an up link
[  428.174677][T12458] loop4: detected capacity change from 0 to 1024
[  428.182003][T12458] EXT4-fs: Ignoring removed orlov option
[  428.187812][T12458] EXT4-fs: inline encryption not supported
[  428.193986][T12458] ext3: Unknown parameter 'hash'
[  428.830429][T12464] overlayfs: failed to resolve './file0': -2
[  428.850229][T11539] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  428.998392][T12469] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2119'.
[  429.445496][T12482] overlayfs: failed to clone upperpath
[  429.713786][   T28] kauditd_printk_skb: 27 callbacks suppressed
[  429.713804][   T28] audit: type=1800 audit(1774328579.031:1755): pid=12488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2128" name="bus" dev="overlay" ino=2688 res=0 errno=0
[  430.191029][ T5880] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  430.401598][ T5880] usb 4-1: not running at top speed; connect to a high speed hub
[  430.429503][ T5880] usb 4-1: config 3 has an invalid interface number: 52 but max is 0
[  430.448183][ T5880] usb 4-1: config 3 has no interface number 0
[  430.461315][ T5880] usb 4-1: config 3 interface 52 has no altsetting 0
[  430.481552][ T5880] usb 4-1: New USB device found, idVendor=1164, idProduct=0622, bcdDevice=ef.ca
[  430.502175][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.512400][ T5880] usb 4-1: Product: syz
[  430.516718][ T5880] usb 4-1: Manufacturer: syz
[  430.540649][ T5880] usb 4-1: SerialNumber: syz
[  431.214068][ T5880] pvrusb2: Hardware description: Gotview USB 2.0 DVD 2
[  431.252788][ T5880] usb 4-1: selecting invalid altsetting 0
[  431.270021][ T2318] pvrusb2: control-write URB failure, status=-71
[  431.291900][ T5880] usb 4-1: USB disconnect, device number 11
[  431.318694][ T2318] pvrusb2: Device being rendered inoperable
[  431.330404][ T2318] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  431.351620][ T2318] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  431.997751][T12530] overlayfs: failed to clone upperpath
[  432.718749][T12557] tmpfs: Bad value for 'mpol'
[  432.729510][T12557] mmap: syz.3.2155 (12557): VmData 175874048 exceed data ulimit 1129. Update limits or use boot option ignore_rlimit_data.
[  432.868649][T12561] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2156'.
[  432.906206][T12561] ip6gre1: entered promiscuous mode
[  432.932154][T12565] loop3: detected capacity change from 0 to 512
[  432.935181][T12561] ip6gre1: entered allmulticast mode
[  432.987928][T12565] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  433.000835][T12565] ext4 filesystem being mounted at /492/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  433.056663][T12561] netlink: 'syz.2.2156': attribute type 6 has an invalid length.
[  433.085261][T12575] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2160'.
[  433.101227][T12561] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2156'.
[  433.144673][   T28] audit: type=1800 audit(1774328582.461:1756): pid=12565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2157" name="file1" dev="loop3" ino=15 res=0 errno=0
[  433.295225][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  433.435277][T12584] loop3: detected capacity change from 0 to 736
[  433.883162][T12593] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2165'.
[  434.136262][T12604] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2171'.
[  434.398592][T12614] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2173'.
[  434.545838][   T28] audit: type=1326 audit(1774328583.861:1757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12617 comm="syz.2.2175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  434.559527][T12620] loop3: detected capacity change from 0 to 128
[  434.620696][   T28] audit: type=1326 audit(1774328583.871:1758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12617 comm="syz.2.2175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  434.667712][   T28] audit: type=1326 audit(1774328583.871:1759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12617 comm="syz.2.2175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  434.695471][   T28] audit: type=1326 audit(1774328583.871:1760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12617 comm="syz.2.2175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  434.718754][   T28] audit: type=1326 audit(1774328583.891:1761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12617 comm="syz.2.2175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  434.733926][T12620] syz.3.2176: attempt to access beyond end of device
[  434.733926][T12620] loop3: rw=2049, sector=138, nr_sectors = 112 limit=128
[  434.741644][   T28] audit: type=1326 audit(1774328583.891:1762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12617 comm="syz.2.2175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  434.805126][   T28] audit: type=1326 audit(1774328583.891:1763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12617 comm="syz.2.2175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  434.834551][   T28] audit: type=1326 audit(1774328583.891:1764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12617 comm="syz.2.2175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  434.858344][   T28] audit: type=1326 audit(1774328583.891:1765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12617 comm="syz.2.2175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  434.915814][   T28] audit: type=1326 audit(1774328583.901:1766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12617 comm="syz.2.2175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  434.946560][   T28] audit: type=1326 audit(1774328583.901:1767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12617 comm="syz.2.2175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  434.971307][   T51] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  434.974480][   T28] audit: type=1326 audit(1774328583.901:1768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12617 comm="syz.2.2175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  434.982656][   T51] Bluetooth: hci2: Injecting HCI hardware error event
[  435.010059][   T28] audit: type=1326 audit(1774328583.901:1769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12617 comm="syz.2.2175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  435.019267][   T51] Bluetooth: hci2: hardware error 0x00
[  435.064186][   T28] audit: type=1326 audit(1774328583.901:1770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12617 comm="syz.2.2175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  435.105607][   T28] audit: type=1326 audit(1774328583.901:1771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12617 comm="syz.2.2175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7ffc0000
[  435.355004][T12640] overlayfs: failed to clone upperpath
[  435.356165][T12637] loop3: detected capacity change from 0 to 256
[  435.525790][T12637] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d)
[  437.110796][   T51] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  437.614342][T12683] tipc: Started in network mode
[  437.619359][T12683] tipc: Node identity ac1414aa, cluster identity 4711
[  437.828496][T12683] tipc: Enabled bearer <udp:syz2>, priority 10
[  437.847948][T12683] tipc: Enabled bearer <eth:veth0_macvtap>, priority 0
[  438.781581][T12701] overlayfs: failed to clone upperpath
[  438.867142][ T5880] tipc: Node number set to 2886997162
[  439.784174][ T5781] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  439.798102][ T5781] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  439.811790][ T5781] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  439.822288][ T5781] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  439.831603][ T5781] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  439.839622][ T5781] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  439.840068][T12711] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  440.017644][T12711] syzkaller0: entered promiscuous mode
[  440.023358][T12711] syzkaller0: entered allmulticast mode
[  440.030922][T12711] tipc: Resetting bearer <eth:syzkaller0>
[  440.103883][T12710] tipc: Resetting bearer <eth:syzkaller0>
[  440.408129][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  440.417776][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  441.910961][   T51] Bluetooth: hci0: command tx timeout
[  443.991054][   T51] Bluetooth: hci0: command tx timeout
[  444.452690][T12710] tipc: Disabling bearer <eth:syzkaller0>
[  444.473427][T12732] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2217'.
[  444.732929][T12762] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2225'.
[  444.755543][T12762] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2225'.
[  444.784687][T12762] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2225'.
[  444.885398][T12709] chnl_net:caif_netlink_parms(): no params data found
[  445.067965][T12709] bridge0: port 1(bridge_slave_0) entered blocking state
[  445.090817][T12709] bridge0: port 1(bridge_slave_0) entered disabled state
[  445.098371][T12709] bridge_slave_0: entered allmulticast mode
[  445.134371][T12709] bridge_slave_0: entered promiscuous mode
[  445.163251][T12709] bridge0: port 2(bridge_slave_1) entered blocking state
[  445.190901][T12709] bridge0: port 2(bridge_slave_1) entered disabled state
[  445.198216][T12709] bridge_slave_1: entered allmulticast mode
[  445.223190][T12709] bridge_slave_1: entered promiscuous mode
[  445.306800][T12709] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  445.326254][T12709] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  445.377236][T12709] team0: Port device team_slave_0 added
[  445.402730][T12709] team0: Port device team_slave_1 added
[  445.466985][T12789] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2234'.
[  445.495401][T12709] batman_adv: batadv0: Adding interface: batadv_slave_0
[  445.520817][T12709] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  445.567088][T12709] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  445.585182][T12789] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2234'.
[  445.611292][T12789] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2234'.
[  445.641730][T12709] batman_adv: batadv0: Adding interface: batadv_slave_1
[  445.651616][T12709] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  445.683237][T12709] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  445.703123][T12789] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2234'.
[  445.714917][T12789] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2234'.
[  445.907217][T12709] hsr_slave_0: entered promiscuous mode
[  445.957637][T12709] hsr_slave_1: entered promiscuous mode
[  445.986393][T12709] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  446.014468][T12709] Cannot create hsr debugfs directory
[  446.070927][   T51] Bluetooth: hci0: command tx timeout
[  446.224651][T12803] overlayfs: failed to clone upperpath
[  446.557597][T12808] veth0_vlan: left promiscuous mode
[  446.575911][T12808] veth0_vlan: entered promiscuous mode
[  446.604351][T12709] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  446.681828][T12709] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  446.735575][T12709] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  446.747337][T12709] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  447.062396][T12709] 8021q: adding VLAN 0 to HW filter on device bond0
[  447.150463][T12709] 8021q: adding VLAN 0 to HW filter on device team0
[  447.180461][T10157] bridge0: port 1(bridge_slave_0) entered blocking state
[  447.187674][T10157] bridge0: port 1(bridge_slave_0) entered forwarding state
[  447.239457][T10157] bridge0: port 2(bridge_slave_1) entered blocking state
[  447.246649][T10157] bridge0: port 2(bridge_slave_1) entered forwarding state
[  447.769270][T12709] 8021q: adding VLAN 0 to HW filter on device batadv0
[  448.151331][   T51] Bluetooth: hci0: command tx timeout
[  448.220225][T12838] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2249'.
[  448.445838][T12709] veth0_vlan: entered promiscuous mode
[  448.468767][T12709] veth1_vlan: entered promiscuous mode
[  448.552108][T12709] veth0_macvtap: entered promiscuous mode
[  448.572105][T12709] veth1_macvtap: entered promiscuous mode
[  448.599310][T12709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  448.611572][T12709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  448.624597][T12709] batman_adv: batadv0: Interface activated: batadv_slave_0
[  448.646816][T12709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  448.668692][T12709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  448.682306][T12709] batman_adv: batadv0: Interface activated: batadv_slave_1
[  448.721904][T12709] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  448.751351][T12709] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  448.760223][T12709] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  448.784198][T12709] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  449.011424][ T3497] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  449.040041][ T3497] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  449.090926][ T3497] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  449.103169][ T3497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  449.516076][T12871] netlink: 'syz.5.2260': attribute type 1 has an invalid length.
[  449.526839][T12871] ip6_vti0: entered promiscuous mode
[  449.533598][T12871] ip6_vti0: entered allmulticast mode
[  450.581748][T12893] __nla_validate_parse: 1 callbacks suppressed
[  450.581767][T12893] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2269'.
[  450.640452][T12893] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2269'.
[  450.736257][T12893] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2269'.
[  451.405382][T12917] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  451.552120][T12922] netlink: 156 bytes leftover after parsing attributes in process `syz.5.2281'.
[  451.571378][T12922] netlink: 156 bytes leftover after parsing attributes in process `syz.5.2281'.
[  451.585008][T12922] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2281'.
[  451.711482][T12929] binder: 12928:12929 ioctl c0306201 2000000001c0 returned -14
[  451.906847][T12935] 8021q: adding VLAN 0 to HW filter on device bond0
[  452.112995][T12941] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2289'.
[  452.167244][T12933] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2285'.
[  452.478276][T12949] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2289'.
[  453.744242][T12966] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2299'.
[  455.226408][T12977] loop5: detected capacity change from 0 to 2048
[  455.302856][T12977] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  455.838871][T13004] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2312'.
[  457.020670][   T27] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  457.172377][T13048] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2326'.
[  457.208344][T13048] 8021q: adding VLAN 0 to HW filter on device bond3
[  457.215549][   T27] usb 6-1: Using ep0 maxpacket: 16
[  457.224298][   T27] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  457.237189][   T27] usb 6-1: config 1 has no interface number 1
[  457.243691][   T27] usb 6-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  457.254958][   T27] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  457.268276][   T27] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  457.282985][   T27] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  457.292997][   T27] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  457.301435][   T27] usb 6-1: Product: syz
[  457.305838][   T27] usb 6-1: Manufacturer: syz
[  457.310869][   T27] usb 6-1: SerialNumber: syz
[  457.340496][T13048] macvlan2: entered promiscuous mode
[  457.352174][T13048] veth0_to_bond: entered promiscuous mode
[  457.363366][T13048] bond3: (slave macvlan2): Enslaving as an active interface with an up link
[  457.689983][T13057] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  457.738842][   T27] usb 6-1: 2:1 : format type 0 is detected, processed as PCM
[  457.778997][T13057] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  457.846559][T13057] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  458.143514][T13032] netlink: 340 bytes leftover after parsing attributes in process `syz.5.2322'.
[  458.366639][   T27] usb 6-1: 2:1: cannot set freq 9338507 to ep 0x82
[  458.534620][   T27] usb 6-1: USB disconnect, device number 2
[  458.666386][T13082] udevd[13082]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  459.772067][T13111] syz.2.2348 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  460.211745][T13119] xt_hashlimit: max too large, truncated to 1048576
[  461.412958][   T28] kauditd_printk_skb: 3 callbacks suppressed
[  461.412976][   T28] audit: type=1326 audit(1774328610.731:1775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13132 comm="syz.2.2356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7fc00000
[  461.493820][   T28] audit: type=1326 audit(1774328610.731:1776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13132 comm="syz.2.2356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f24a319c799 code=0x7fc00000
[  461.522464][T13140] 8021q: adding VLAN 0 to HW filter on device bond4
[  461.585618][T13140] bond4: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  461.805160][T13147] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2360'.
[  462.055595][T13151] loop5: detected capacity change from 0 to 8192
[  462.690808][    T9] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  462.881181][    T9] usb 6-1: Using ep0 maxpacket: 32
[  462.892518][    T9] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  462.907059][    T9] usb 6-1: config 0 has no interface number 0
[  462.924485][    T9] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  462.944055][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  462.956724][    T9] usb 6-1: Product: syz
[  462.961250][    T9] usb 6-1: Manufacturer: syz
[  462.968619][    T9] usb 6-1: SerialNumber: syz
[  462.978956][    T9] usb 6-1: config 0 descriptor??
[  462.993293][    T9] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  463.208549][T13161] team0: No ports can be present during mode change
[  463.218718][T13161] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2365'.
[  463.317374][T13161] team0 (unregistering): Port device team_slave_0 removed
[  463.346884][T13161] team0 (unregistering): Port device team_slave_1 removed
[  463.444447][    T9] usb 6-1: qt2_attach - failed to power on unit: -71
[  463.453544][    T9] quatech2: probe of 6-1:0.51 failed with error -71
[  463.468271][    T9] usb 6-1: USB disconnect, device number 3
[  464.097665][T13201] veth0_to_hsr: Caught tx_queue_len zero misconfig
[  466.273141][T13281] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2389'.
[  466.367505][T13281] team1: entered promiscuous mode
[  466.414212][T13281] team1: entered allmulticast mode
[  466.439921][T13281] 8021q: adding VLAN 0 to HW filter on device team1
[  466.476732][T13282] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2389'.
[  466.492955][T13282] team2 (uninitialized): Failed to send options change via netlink (err -105)
[  466.593611][T13282] team2: entered promiscuous mode
[  466.618261][T13282] team2: entered allmulticast mode
[  466.633232][T13282] 8021q: adding VLAN 0 to HW filter on device team2
[  466.708370][T13288] bridge1: entered promiscuous mode
[  466.765439][T13288] bridge1: entered allmulticast mode
[  466.796210][T13293] geneve2: entered promiscuous mode
[  466.808351][T13293] geneve2: entered allmulticast mode
[  466.853362][T13295] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2393'.
[  467.343477][T13306] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2397'.
[  467.527451][T13311] loop5: detected capacity change from 0 to 512
[  468.008153][T13311] EXT4-fs (loop5): 1 truncate cleaned up
[  468.016078][T13311] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  468.429108][T12709] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  469.927880][T13339] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  469.954611][T13339] CIFS mount error: No usable UNC path provided in device string!
[  469.954611][T13339] 
[  469.965040][T13339] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  470.884157][T13353] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2412'.
[  474.186039][T13415] bridge0: port 2(bridge_slave_1) entered disabled state
[  474.193590][T13415] bridge0: port 1(bridge_slave_0) entered disabled state
[  475.216229][T13443] loop4: detected capacity change from 0 to 128
[  475.357535][T13449] syz.4.2441: attempt to access beyond end of device
[  475.357535][T13449] loop4: rw=2049, sector=145, nr_sectors = 144 limit=128
[  475.358043][T13450] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  475.492264][T13443] syz.4.2441: attempt to access beyond end of device
[  475.492264][T13443] loop4: rw=524288, sector=145, nr_sectors = 144 limit=128
[  475.519858][T13443] syz.4.2441: attempt to access beyond end of device
[  475.519858][T13443] loop4: rw=0, sector=145, nr_sectors = 8 limit=128
[  475.523489][T13415] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  475.539911][T13443] syz.4.2441: attempt to access beyond end of device
[  475.539911][T13443] loop4: rw=0, sector=145, nr_sectors = 8 limit=128
[  475.558482][T13449] syz.4.2441: attempt to access beyond end of device
[  475.558482][T13449] loop4: rw=0, sector=150, nr_sectors = 1 limit=128
[  475.606871][T13443] syz.4.2441: attempt to access beyond end of device
[  475.606871][T13443] loop4: rw=0, sector=145, nr_sectors = 1 limit=128
[  475.643745][T13443] Buffer I/O error on dev loop4, logical block 145, async page read
[  475.651390][T13415] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  475.657262][T13443] syz.4.2441: attempt to access beyond end of device
[  475.657262][T13443] loop4: rw=0, sector=146, nr_sectors = 1 limit=128
[  475.682786][T13443] Buffer I/O error on dev loop4, logical block 146, async page read
[  475.696326][T13443] syz.4.2441: attempt to access beyond end of device
[  475.696326][T13443] loop4: rw=0, sector=147, nr_sectors = 1 limit=128
[  475.716824][T13443] Buffer I/O error on dev loop4, logical block 147, async page read
[  475.726288][T13443] syz.4.2441: attempt to access beyond end of device
[  475.726288][T13443] loop4: rw=0, sector=148, nr_sectors = 1 limit=128
[  475.747434][T13443] Buffer I/O error on dev loop4, logical block 148, async page read
[  475.779193][T13443] syz.4.2441: attempt to access beyond end of device
[  475.779193][T13443] loop4: rw=0, sector=149, nr_sectors = 1 limit=128
[  475.800055][T13443] Buffer I/O error on dev loop4, logical block 149, async page read
[  475.810784][T13443] Buffer I/O error on dev loop4, logical block 150, async page read
[  475.819038][T13443] Buffer I/O error on dev loop4, logical block 151, async page read
[  475.835420][T13443] Buffer I/O error on dev loop4, logical block 152, async page read
[  475.865503][T13443] Buffer I/O error on dev loop4, logical block 145, async page read
[  475.879679][T13443] Buffer I/O error on dev loop4, logical block 146, async page read
[  476.558960][T13415] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  476.579020][T13415] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  476.598369][T13415] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  476.617941][T13415] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  477.024752][T13464] syzkaller0: entered promiscuous mode
[  477.030479][T13464] syzkaller0: entered allmulticast mode
[  477.238073][T13457] loop4: detected capacity change from 0 to 40427
[  477.261187][T13457] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x7ffff
[  477.271395][T13457] F2FS-fs (loop4): invalid crc value
[  477.285883][T13457] F2FS-fs (loop4): Found nat_bits in checkpoint
[  477.441025][T13457] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  477.587171][T13477] loop5: detected capacity change from 0 to 512
[  478.711647][T13486] netlink: 'syz.5.2455': attribute type 1 has an invalid length.
[  478.785834][T13486] bond1: entered promiscuous mode
[  478.791589][T13486] 8021q: adding VLAN 0 to HW filter on device bond1
[  478.967426][T13490] 8021q: adding VLAN 0 to HW filter on device bond1
[  479.004900][T13490] bond1: (slave wireguard0): The slave device specified does not support setting the MAC address
[  479.036988][T13490] bond1: (slave wireguard0): Setting fail_over_mac to active for active-backup mode
[  479.066633][T13490] bond1: (slave wireguard0): making interface the new active one
[  479.120718][T13490] wireguard0: entered promiscuous mode
[  479.148478][T13490] bond1: (slave wireguard0): Enslaving as an active interface with an up link
[  479.314425][T13486] bond1: (slave wireguard1): The slave device specified does not support setting the MAC address
[  479.387025][T13486] bond1: (slave wireguard1): Enslaving as a backup interface with an up link
[  483.023883][T13540] netlink: 'syz.0.2473': attribute type 7 has an invalid length.
[  483.289506][   T28] audit: type=1326 audit(1774328632.601:1777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13545 comm="syz.4.2476" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feb99b9c799 code=0x0
[  485.913259][T13559] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2480'.
[  485.922308][T13559] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2480'.
[  485.931292][T13559] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2480'.
[  485.941539][T13559] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2480'.
[  485.950599][T13559] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2480'.
[  486.010693][T13418] Process accounting resumed
[  486.214159][T13574] 8021q: adding VLAN 0 to HW filter on device bond0
[  486.266222][T13574] bond0: (slave rose0): Enslaving as an active interface with an up link
[  486.437472][T13578] loop5: detected capacity change from 0 to 4096
[  486.531115][T13578] ntfs3: loop5: Different NTFS sector size (4096) and media sector size (512).
[  487.603891][T13578] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  491.802725][T13628] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  491.877828][T13628] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  492.423996][T13679] binder: 13678:13679 ioctl c0306201 0 returned -14
[  492.527074][T13628] tipc: Resetting bearer <eth:veth0_macvtap>
[  492.627761][T13628] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  492.640281][T13628] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  492.649920][T13628] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  492.660283][T13628] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  492.838021][T13632] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2500'.
[  492.851886][T13632] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2500'.
[  493.171257][T13693] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2517'.
[  493.219761][T13693] (unnamed net_device) (uninitialized): peer notification delay (2365) is not a multiple of miimon (4), value rounded to 2364 ms
[  493.326375][T13696] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2517'.
[  493.335826][T13696] bond5: peer notification delay (2365) is not a multiple of miimon (4), value rounded to 2364 ms
[  493.468048][T13698] zonefs (nullb0) ERROR: Not a zoned block device
[  495.513589][T13716] Bluetooth: MGMT ver 1.22
[  495.676454][T13721] input: syz1 as /devices/virtual/input/input10
[  500.825549][    T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  502.554873][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  502.561592][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  502.650677][    T9] usb 6-1: Using ep0 maxpacket: 32
[  502.662373][    T9] usb 6-1: config 0 has an invalid interface number: 188 but max is 0
[  502.680606][    T9] usb 6-1: config 0 has no interface number 0
[  502.687069][    T9] usb 6-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  502.711931][    T9] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  502.726373][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  502.757785][    T9] usb 6-1: Product: syz
[  502.767942][    T9] usb 6-1: Manufacturer: syz
[  502.777260][    T9] usb 6-1: SerialNumber: syz
[  502.797769][    T9] usb 6-1: config 0 descriptor??
[  502.807884][T13768] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  503.038442][T13768] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  503.441328][   T28] audit: type=1326 audit(1774328652.751:1778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13792 comm="syz.2.2544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a319c799 code=0x7fc00000
[  504.146724][   T28] audit: type=1326 audit(1774328653.441:1779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13792 comm="syz.2.2544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f24a313db19 code=0x7fc00000
[  504.332281][T13804] overlayfs: failed to clone upperpath
[  505.162120][    T9] asix 6-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  505.186448][    T9] asix 6-1:0.188 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  505.221812][    T9] asix: probe of 6-1:0.188 failed with error -71
[  505.260765][    T9] usb 6-1: USB disconnect, device number 4
[  508.961903][T13904] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2575'.
[  508.971217][T13904] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2575'.
[  508.980266][T13904] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2575'.
[  508.989429][T13904] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2575'.
[  508.998430][T13904] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2575'.
[  509.730917][T13426] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  510.123589][T13426] usb 6-1: unable to get BOS descriptor or descriptor too short
[  510.761442][T13426] usb 6-1: not running at top speed; connect to a high speed hub
[  510.798295][T13426] usb 6-1: config 1 has an invalid descriptor of length 153, skipping remainder of the config
[  510.809367][T13426] usb 6-1: config 1 interface 2 altsetting 1 has an invalid endpoint with address 0x56, skipping
[  510.830274][T13426] usb 6-1: New USB device found, idVendor=18d1, idProduct=2d04, bcdDevice= 0.40
[  510.839580][T13426] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.847815][T13426] usb 6-1: Product: syz
[  510.855237][T13426] usb 6-1: Manufacturer: syz
[  510.859914][T13426] usb 6-1: SerialNumber: syz
[  511.205340][T13426] usb 6-1: parse_audio_format_rates_v2v3(): unable to find clock source (clock -22)
[  511.241113][T13426] usb 6-1: failed to enable PITCH for EP 0x1
[  511.251234][T13426] usb 6-1: unit 2 not found!
[  511.255923][T13426] usb 6-1: unit 8 not found!
[  511.341055][T13426] usb 6-1: USB disconnect, device number 5
[  513.284208][T13939] autofs4:pid:13939:autofs_fill_super: called with bogus options
[  513.935076][T13939] ip6tnl0: Caught tx_queue_len zero misconfig
[  514.572146][T13961] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2595'.
[  514.626301][T13961] bond0: option arp_validate: invalid value (158)
[  515.275591][T13980] loop5: detected capacity change from 0 to 64
[  516.956143][T13980] 
[  516.958552][T13980] ======================================================
[  516.965680][T13980] WARNING: possible circular locking dependency detected
[  516.972815][T13980] syzkaller #0 Not tainted
[  516.977342][T13980] ------------------------------------------------------
[  516.984657][T13980] syz.5.2602/13980 is trying to acquire lock:
[  516.990757][T13980] ffff88805ce22178 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xff/0x1380
[  517.001670][T13980] 
[  517.001670][T13980] but task is already holding lock:
[  517.009035][T13980] ffff8880453d60b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x17e/0x1f0
[  517.018997][T13980] 
[  517.018997][T13980] which lock already depends on the new lock.
[  517.018997][T13980] 
[  517.029501][T13980] 
[  517.029501][T13980] the existing dependency chain (in reverse order) is:
[  517.039497][T13980] 
[  517.039497][T13980] -> #1 (&tree->tree_lock/1){+.+.}-{3:3}:
[  517.047886][T13980]        __mutex_lock+0x136/0xcc0
[  517.053057][T13980]        hfs_find_init+0x17e/0x1f0
[  517.058206][T13980]        hfs_extend_file+0x361/0x1380
[  517.063677][T13980]        hfs_bmap_reserve+0x107/0x430
[  517.069096][T13980]        hfs_cat_create+0x1fe/0x6b0
[  517.074593][T13980]        hfs_create+0x66/0xd0
[  517.079301][T13980]        path_openat+0x12a0/0x3230
[  517.084528][T13980]        do_filp_open+0x1f5/0x430
[  517.089746][T13980]        do_sys_openat2+0x134/0x1d0
[  517.094959][T13980]        __x64_sys_open+0x11f/0x140
[  517.100165][T13980]        do_syscall_64+0x55/0xa0
[  517.105204][T13980]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  517.111714][T13980] 
[  517.111714][T13980] -> #0 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}:
[  517.121110][T13980]        __lock_acquire+0x2df1/0x7d40
[  517.126490][T13980]        lock_acquire+0x19e/0x420
[  517.131521][T13980]        __mutex_lock+0x136/0xcc0
[  517.136558][T13980]        hfs_extend_file+0xff/0x1380
[  517.141942][T13980]        hfs_bmap_reserve+0x107/0x430
[  517.147403][T13980]        __hfs_ext_write_extent+0x1fa/0x470
[  517.153507][T13980]        __hfs_ext_cache_extent+0x6b/0x9b0
[  517.159417][T13980]        hfs_extend_file+0x3a0/0x1380
[  517.164831][T13980]        hfs_get_block+0x413/0xc50
[  517.169967][T13980]        __block_write_begin_int+0x57f/0x1af0
[  517.176082][T13980]        block_write_begin+0x9a/0x1e0
[  517.181491][T13980]        cont_write_begin+0x5ee/0x810
[  517.186888][T13980]        hfs_write_begin+0x8b/0xd0
[  517.192027][T13980]        cont_write_begin+0x2b1/0x810
[  517.197523][T13980]        hfs_write_begin+0x8b/0xd0
[  517.202647][T13980]        hfs_file_truncate+0x1c4/0xa10
[  517.208126][T13980]        hfs_inode_setattr+0x4af/0x6e0
[  517.213587][T13980]        notify_change+0xb0d/0xe10
[  517.218709][T13980]        do_truncate+0x1b0/0x240
[  517.223656][T13980]        vfs_truncate+0x266/0x300
[  517.228771][T13980]        do_sys_truncate+0xf6/0x1c0
[  517.234100][T13980]        do_syscall_64+0x55/0xa0
[  517.239058][T13980]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  517.245747][T13980] 
[  517.245747][T13980] other info that might help us debug this:
[  517.245747][T13980] 
[  517.256339][T13980]  Possible unsafe locking scenario:
[  517.256339][T13980] 
[  517.263790][T13980]        CPU0                    CPU1
[  517.269163][T13980]        ----                    ----
[  517.274529][T13980]   lock(&tree->tree_lock/1);
[  517.279341][T13980]                                lock(&HFS_I(tree->inode)->extents_lock);
[  517.288368][T13980]                                lock(&tree->tree_lock/1);
[  517.295746][T13980]   lock(&HFS_I(tree->inode)->extents_lock);
[  517.301998][T13980] 
[  517.301998][T13980]  *** DEADLOCK ***
[  517.301998][T13980] 
[  517.310404][T13980] 4 locks held by syz.5.2602/13980:
[  517.315601][T13980]  #0: ffff888025948418 (sb_writers#31){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  517.324944][T13980]  #1: ffff88805ce23038 (&sb->s_type->i_mutex_key#37){+.+.}-{3:3}, at: do_truncate+0x19c/0x240
[  517.335404][T13980]  #2: ffff88805ce22e78 (&HFS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xff/0x1380
[  517.346111][T13980]  #3: ffff8880453d60b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x17e/0x1f0
[  517.356137][T13980] 
[  517.356137][T13980] stack backtrace:
[  517.362114][T13980] CPU: 1 PID: 13980 Comm: syz.5.2602 Not tainted syzkaller #0
[  517.369677][T13980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  517.379733][T13980] Call Trace:
[  517.383022][T13980]  <TASK>
[  517.385957][T13980]  dump_stack_lvl+0x18c/0x250
[  517.390655][T13980]  ? load_image+0x400/0x400
[  517.395253][T13980]  ? show_regs_print_info+0x20/0x20
[  517.400463][T13980]  ? print_circular_bug+0x12b/0x1a0
[  517.405675][T13980]  check_noncircular+0x2fc/0x400
[  517.410628][T13980]  ? look_up_lock_class+0x75/0x140
[  517.415914][T13980]  ? print_deadlock_bug+0x5d0/0x5d0
[  517.421143][T13980]  ? lockdep_lock+0xf5/0x230
[  517.425752][T13980]  ? _find_first_zero_bit+0xd3/0x100
[  517.431050][T13980]  __lock_acquire+0x2df1/0x7d40
[  517.435926][T13980]  ? mark_lock+0x94/0x320
[  517.440349][T13980]  ? verify_lock_unused+0x140/0x140
[  517.445642][T13980]  ? __lock_acquire+0x1347/0x7d40
[  517.450674][T13980]  ? verify_lock_unused+0x140/0x140
[  517.455884][T13980]  lock_acquire+0x19e/0x420
[  517.460479][T13980]  ? hfs_extend_file+0xff/0x1380
[  517.465434][T13980]  ? __might_sleep+0xe0/0xe0
[  517.470046][T13980]  ? read_lock_is_recursive+0x20/0x20
[  517.475528][T13980]  __mutex_lock+0x136/0xcc0
[  517.480049][T13980]  ? hfs_extend_file+0xff/0x1380
[  517.484991][T13980]  ? hfs_bnode_read+0x225/0x7a0
[  517.489864][T13980]  ? hfs_extend_file+0xff/0x1380
[  517.494808][T13980]  ? mutex_lock_nested+0x20/0x20
[  517.499756][T13980]  ? hfs_bnode_read+0x358/0x7a0
[  517.504621][T13980]  ? hfs_bnode_read_u8+0x8c/0xd0
[  517.509572][T13980]  ? hfs_bnode_read_u16+0xe0/0xe0
[  517.514606][T13980]  ? hfs_brec_lenoff+0xdc/0x180
[  517.519557][T13980]  hfs_extend_file+0xff/0x1380
[  517.524329][T13980]  ? hfs_bnode_read+0x358/0x7a0
[  517.529194][T13980]  ? hfs_ext_keycmp+0x1c7/0x320
[  517.534058][T13980]  ? hfs_get_block+0xc50/0xc50
[  517.538832][T13980]  ? hfs_rename+0x2c0/0x2c0
[  517.543354][T13980]  ? hfs_find_exit+0xa0/0xa0
[  517.548095][T13980]  ? do_raw_spin_unlock+0x121/0x230
[  517.553417][T13980]  ? hfs_brec_find+0x3cd/0x500
[  517.558205][T13980]  hfs_bmap_reserve+0x107/0x430
[  517.563327][T13980]  __hfs_ext_write_extent+0x1fa/0x470
[  517.568718][T13980]  __hfs_ext_cache_extent+0x6b/0x9b0
[  517.574117][T13980]  ? hfs_find_init+0x17e/0x1f0
[  517.578897][T13980]  hfs_extend_file+0x3a0/0x1380
[  517.583893][T13980]  ? filemap_get_folios+0x102/0x7e0
[  517.589184][T13980]  ? hfs_get_block+0xc50/0xc50
[  517.594131][T13980]  ? find_lock_entries+0xfe0/0xfe0
[  517.599252][T13980]  ? clean_bdev_aliases+0x587/0x680
[  517.604575][T13980]  hfs_get_block+0x413/0xc50
[  517.609181][T13980]  ? hfs_free_extents+0x430/0x430
[  517.614233][T13980]  ? _raw_spin_unlock+0x28/0x40
[  517.619127][T13980]  ? folio_add_lru+0x320/0xd30
[  517.623914][T13980]  __block_write_begin_int+0x57f/0x1af0
[  517.629481][T13980]  ? folio_add_lru+0xd30/0xd30
[  517.634259][T13980]  ? hfs_free_extents+0x430/0x430
[  517.639290][T13980]  ? folio_zero_new_buffers+0x550/0x550
[  517.644940][T13980]  ? hfs_free_extents+0x430/0x430
[  517.650015][T13980]  block_write_begin+0x9a/0x1e0
[  517.654883][T13980]  cont_write_begin+0x5ee/0x810
[  517.660035][T13980]  ? generic_cont_expand_simple+0x200/0x200
[  517.666294][T13980]  ? __block_commit_write+0x23f/0x350
[  517.671769][T13980]  ? put_page+0xea/0x260
[  517.676028][T13980]  hfs_write_begin+0x8b/0xd0
[  517.680629][T13980]  ? hfs_free_extents+0x430/0x430
[  517.685743][T13980]  cont_write_begin+0x2b1/0x810
[  517.690634][T13980]  ? do_sys_truncate+0xf6/0x1c0
[  517.695708][T13980]  ? generic_cont_expand_simple+0x200/0x200
[  517.701800][T13980]  hfs_write_begin+0x8b/0xd0
[  517.706505][T13980]  ? hfs_free_extents+0x430/0x430
[  517.711533][T13980]  hfs_file_truncate+0x1c4/0xa10
[  517.716476][T13980]  ? __up_read+0x2b6/0x6b0
[  517.720904][T13980]  ? up_read+0x20/0x20
[  517.725113][T13980]  ? up_read+0x20/0x20
[  517.729286][T13980]  ? hfs_extend_file+0x1380/0x1380
[  517.734407][T13980]  ? unmap_mapping_range+0xe7/0x180
[  517.739626][T13980]  ? unmap_mapping_pages+0x160/0x160
[  517.745013][T13980]  ? pagecache_isize_extended+0x116/0x570
[  517.750840][T13980]  hfs_inode_setattr+0x4af/0x6e0
[  517.756027][T13980]  ? bpf_lsm_inode_setattr+0x9/0x10
[  517.761248][T13980]  ? try_break_deleg+0x79/0x120
[  517.766106][T13980]  ? hfs_evict_inode+0x110/0x110
[  517.771051][T13980]  notify_change+0xb0d/0xe10
[  517.775658][T13980]  do_truncate+0x1b0/0x240
[  517.780084][T13980]  ? put_page_bootmem+0x2c0/0x2c0
[  517.785379][T13980]  ? bpf_lsm_path_truncate+0x9/0x10
[  517.790587][T13980]  vfs_truncate+0x266/0x300
[  517.795098][T13980]  do_sys_truncate+0xf6/0x1c0
[  517.799808][T13980]  ? lock_chain_count+0x20/0x20
[  517.804773][T13980]  ? break_lease+0xd0/0xd0
[  517.809282][T13980]  ? lockdep_hardirqs_on+0x98/0x150
[  517.814595][T13980]  do_syscall_64+0x55/0xa0
[  517.819116][T13980]  ? clear_bhb_loop+0x40/0x90
[  517.823805][T13980]  ? clear_bhb_loop+0x40/0x90
[  517.828672][T13980]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  517.834575][T13980] RIP: 0033:0x7f9bfff9c799
[  517.838996][T13980] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  517.858792][T13980] RSP: 002b:00007f9c00eab028 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[  517.867219][T13980] RAX: ffffffffffffffda RBX: 00007f9c00215fa0 RCX: 00007f9bfff9c799
[  517.875526][T13980] RDX: 0000000000000000 RSI: 0000000003000000 RDI: 0000200000000900
[  517.883875][T13980] RBP: 00007f9c00032c99 R08: 0000000000000000 R09: 0000000000000000
[  517.891945][T13980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  517.899963][T13980] R13: 00007f9c00216038 R14: 00007f9c00215fa0 R15: 00007ffc84447498
[  517.907952][T13980]  </TASK>
[  520.311149][ T3516] bio_check_eod: 2667 callbacks suppressed
[  520.311167][ T3516] kworker/u4:8: attempt to access beyond end of device
[  520.311167][ T3516] loop5: rw=1048577, sector=159, nr_sectors = 1 limit=64
[  520.331185][ T3516] buffer_io_error: 2662 callbacks suppressed
[  520.331201][ T3516] Buffer I/O error on dev loop5, logical block 159, lost async page write
[  520.345945][ T3516] kworker/u4:8: attempt to access beyond end of device
[  520.345945][ T3516] loop5: rw=1048577, sector=160, nr_sectors = 1 limit=64
[  520.360017][ T3516] Buffer I/O error on dev loop5, logical block 160, lost async page write
[  520.368721][ T3516] kworker/u4:8: attempt to access beyond end of device
[  520.368721][ T3516] loop5: rw=1048577, sector=161, nr_sectors = 1 limit=64
[  520.382763][ T3516] Buffer I/O error on dev loop5, logical block 161, lost async page write
[  520.391329][ T3516] kworker/u4:8: attempt to access beyond end of device
[  520.391329][ T3516] loop5: rw=1048577, sector=162, nr_sectors = 1 limit=64
[  520.405574][ T3516] Buffer I/O error on dev loop5, logical block 162, lost async page write
[  520.414929][ T3516] kworker/u4:8: attempt to access beyond end of device
[  520.414929][ T3516] loop5: rw=1048577, sector=163, nr_sectors = 1 limit=64
[  520.428844][ T3516] Buffer I/O error on dev loop5, logical block 163, lost async page write
[  520.437438][ T3516] kworker/u4:8: attempt to access beyond end of device
[  520.437438][ T3516] loop5: rw=1048577, sector=167, nr_sectors = 1 limit=64
[  520.451311][ T3516] Buffer I/O error on dev loop5, logical block 167, lost async page write
[  520.460035][ T3516] kworker/u4:8: attempt to access beyond end of device
[  520.460035][ T3516] loop5: rw=1048577, sector=169, nr_sectors = 1 limit=64
[  520.474094][ T3516] Buffer I/O error on dev loop5, logical block 169, lost async page write
[  520.482844][ T3516] kworker/u4:8: attempt to access beyond end of device
[  520.482844][ T3516] loop5: rw=1048577, sector=171, nr_sectors = 1 limit=64
[  520.496875][ T3516] Buffer I/O error on dev loop5, logical block 171, lost async page write
[  520.505552][ T3516] kworker/u4:8: attempt to access beyond end of device
[  520.505552][ T3516] loop5: rw=1048577, sector=172, nr_sectors = 1 limit=64
[  520.519528][ T3516] Buffer I/O error on dev loop5, logical block 172, lost async page write
[  520.528159][ T3516] kworker/u4:8: attempt to access beyond end of device
[  520.528159][ T3516] loop5: rw=1048577, sector=173, nr_sectors = 1 limit=64
[  520.542128][ T3516] Buffer I/O error on dev loop5, logical block 173, lost async page write