last executing test programs: 4m23.996200285s ago: executing program 3 (id=115): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="14"], 0x14}}, 0x84) r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000440)={r2, @in={{0x2, 0x4e23, @empty}}, 0xfffc, 0x86}, &(0x7f0000000500)=0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x10, 0x2, &(0x7f0000000000)=@raw=[@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x40}, @exit], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 4m23.490693769s ago: executing program 3 (id=116): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r2 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x8, 0x3, 0x2b0, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x1e0, 0xffffffff, 0xffffffff, 0x1e0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x2f, 0x0, 0x3}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@local, 'nicvf0\x00', {0x3f66}}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3d}}, [0xffffffff], [0x0, 0xffffffff], 'wg1\x00', 'gre0\x00', {}, {0xff}}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@loopback, 'geneve0\x00', {0x5}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x310) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$sock_rose_SIOCRSCLRRT(r1, 0x89e4) 4m22.230927093s ago: executing program 3 (id=120): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) rt_tgsigqueueinfo(0x0, 0x0, 0x3f, 0x0) msgsnd(0x0, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0) r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="40010400000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb6bba8839fe8bc048c0cdafd1f8a9918bc4055eaaeb6db4ee9bcb25b1811dbf40b3a7da5a8a64db04ed6dd26eea2e37229c339b1f91201c2796173864", 0x3d}], 0x1}, 0x0) recvmsg(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1, 0x0, 0xffd5}, 0x400061de) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000001c0)) close(r1) syz_usb_control_io$uac1(r0, &(0x7f00000006c0)={0x14, &(0x7f0000000600)={0x0, 0xb, 0x3c, {0x3c, 0x21, "7a4b86424eeabab5ab726f3757037bec92fce2a8cfd5b181853acafc277b1af7eced33e4c32918b5b95477b41ba0b42298886da2012667f7ed63"}}, &(0x7f0000000680)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x40a}}}, &(0x7f0000000940)={0x44, &(0x7f0000000700)={0x0, 0x16, 0x47, "1512df4a92cffeea16429a5e1674882b2f242d4cca650f8c1cb5b691b125fd5cab0450dca515b3c711395a75bf56a9a269cc1047411100da093c9c2842c3dedebbcd62472afda8"}, &(0x7f0000000780)={0x0, 0xa, 0x1, 0x8}, &(0x7f00000007c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000800)={0x20, 0x81, 0x1, "e0"}, &(0x7f0000000840)={0x20, 0x82, 0x2, "3a95"}, &(0x7f0000000880)={0x20, 0x83, 0x1, '8'}, &(0x7f00000008c0)={0x20, 0x84, 0x2, "67d4"}, &(0x7f0000000900)={0x20, 0x85, 0x3, "f8060a"}}) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000040)=0x10000) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000180)=ANY=[@ANYBLOB="00141a00000028e1042d1a31"], 0x0, 0x0, 0x0, 0x0}) 4m19.12775663s ago: executing program 3 (id=132): r0 = socket$can_raw(0x1d, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f000000c000)=[{{&(0x7f0000000b00)={0x2, 0x4e20, @multicast2}, 0x10, &(0x7f0000000d00)=[{&(0x7f0000000b40)="50bc9b193d87ba7773928e2a2b53", 0xe}], 0x1}}], 0x1, 0x20000000) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r1 = open(&(0x7f0000000140)='./file0\x00', 0x800, 0x70) mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x40, 0x0) r2 = accept$inet6(r1, &(0x7f0000000240), &(0x7f0000000280)=0x1c) sendfile(r0, r2, &(0x7f0000000380)=0x1000000000000000, 0x6e4) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') sched_setscheduler(0x0, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x3}, @empty, 0x0, 0x1, 0x7, 0xfffffffd}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x0, 0x0, 0x0, 0x4007}}) unlinkat(r1, &(0x7f0000000000)='./file1\x00', 0x0) unlink(&(0x7f0000000040)='./file1\x00') open(&(0x7f00000005c0)='./bus\x00', 0x66842, 0x0) syz_mount_image$nilfs2(&(0x7f0000001600), &(0x7f0000001640)='./file0\x00', 0x0, &(0x7f0000001680), 0x1, 0x15ce, &(0x7f00000016c0)="$eJzs3ctvXFcZAPB7Jx6P3bxsGkpo0zSURyKhOknjSmGFK3XVBRJCSDyKUNW6IcItiCChFiTq/AWVEAs2CKou2KBu2KBuUCUkVmz4B6BiwSZFRUXiIWKU5JzxzGdf3ZnxPDy5v5/05XjuuXPPdz3je8/Ex+cUQGO17v67vn66LIqf/vYnz5x552enyqIoHuvusdGz371H7Z7Hx8PxNjr3yv998KMXesvbqSyLJ4uyKLvbiy/c6j73aFEUrxfnit8VK8Xvv/zZ49sPPXt++8q/vvjc0b+endDpd5WTbgAAAA6BZ9755w9+/t9nv7T6n7fPbhSd7vbcP99Ij4+mfv+l1FHO/eX8OaDsKct9+tOLYb8jKVphvyNhv4XQzkJFe+1wnHbFfos17R3p2bbfeQLA/SDf11aKsrXW97jVWlu7d9+/48+dxXLtletbL92YUaIAwNh8+Pn0IV8IIYQQjYmdk7PugQAATRfHDe/x+nhH6naPtjRY+7eebu3/fBiDab//tT9f7b+17YrD+Nyv76Z8XvnnKI9jiOMIj4TnDfvz3wrHWRgyz6pxhfMy3rAqz/h9Payq8h/2dZyVqvzjeNjDqir/OE73sKrKvzPlPEZVlf/SlPMYVVX+y1POY149msr8fYx/aNt7/4zX9Hm5xgMA/f5t/J8QQgjRuPjxrDsgAMChE+fH2UlyfZyPJ9bHeXhifZwXKNZ3auqXauoBgL2u/Obar98od3/Pf9DxcHncxQOpPDpkPnE84rDtH3Tc00Hbn5dxSwA02zc/XP3LH2+++I84/+/tMP/vmXQv/1UaKJjHCx4r+h935/49199Oq2K/YyGf41XHu9C/34mq/S7173eyar+r/futhP3aKeI43vj/Dcvhebnfk/tRuf+T/59ktSqfMOB2Mey3kCKut3Ii5LPnfC/15xPHtef2V8L22I/K+62G7bG/uBxOJc6f/Hgqb6byzVS+m8r39mkXgPHL99+q+X/z/eZ00S5fur61mW+v+b7zh067c2f75SnnDQCMbtD5/08X/fP/H+tub7d6+wUnd7eXvf2ClbD9yYrtV9Lj/DnzW53lu9vXXvjO1ovjPnkAaKgbr7727ee3tja/5wtf+MIX3S9mfWUCJu3i91/+7sUbr772xPWXn7+2eW3zlStPXV6/+tTn1i9dvnj3c/3F3k/3AMD9YLfTP+tMAAAAAAAAAAAAAACAKtP4c+JZnyMA0O996/8LIYQQjYudnbiCCwDAdA273u5BdY+WFq3L6x7m8tgTf1q9E3m3W0/395fi+oVwENN+/2t/vtp/a3u87XfXAx34+tfqP8C50dr9ytt/f7+3/YcXBmw/nv+F0dr/amj/fDFY+zu/DO2PODXu10L7DwzY/p7zvzpa+19P7Z9Kjy98ctD2+1//vD5uXvN10PX/nwvnn9f2Gfr8l4Y46R7fSO0DQBO1Zp3AhOReQu5H535I73r6xT7r1w/b/2+F48T19UeVj5v7QWfS49zdyessdsLzhs0/r+98Ihy3HLBfW/X+mZffKlXlP67XcdKq8m9POY9RVeW/OOU8RlWVf/y5PKyq8h/xY9XUVeW/POU85tWjqczfx7OhPt9/zu9zTZ+XazwA0O9vxv8LIYQQjYumj/+f7GgeONya/v5v+vk3++rv9a+T3x/5+xR/37JQU9+uqV+sqe+E+vh6LdXUPxiOu5Pk+lM19R+tqX+opv5jNfUna+o/XlP/cE39IzX18fc/sf5sTT0A8+l0Kl3fAaA58rhv938AaI6VVLr/A0Bz5Il1qu7/Z2rqAYD585FUur8DQIOU+8/0FMfjP57Km6l8M5XvpvK9iSUITNpjqczTuX8ilfnnPk0PXnwqlZ9O5WemlB8wfr/44QcPvlHuzvP3SKgfdD7ZstX/l3dx/v/zA+YT/35v2PlsVwZsZ1Ltrx6wfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+z/4csiYQhnEAf97BWDgGS2MsbGsLa9t9gIWlBcFgs9lsdoP3GcQPY7P4RcRqsFkE8Q7PE6yH5fcLz8MD/z8vLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABNd+XM85cUMZtP/1aj4WuKiPc68dvIVdd9RKSL/tnkodr77Xhwbaf4Lufpjs6m7mbHfnzEIp5i2ft6LJ7/P4ufXbefrd9a+n4ttf0AAAAA3NAhAAD//w71JPs=") 4m17.043195373s ago: executing program 3 (id=139): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000800)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18) bpf$ENABLE_STATS(0x20, 0x0, 0x0) move_pages(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x2000000) 4m16.207116328s ago: executing program 3 (id=142): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) rt_tgsigqueueinfo(0x0, 0x0, 0x3f, 0x0) msgsnd(0x0, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0) r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="40010400000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb6bba8839fe8bc048c0cdafd1f8a9918bc4055eaaeb6db4ee9bcb25b1811dbf40b3a7da5a8a64db04ed6dd26eea2e37229c339b1f91201c2796173864", 0x3d}], 0x1}, 0x0) recvmsg(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1, 0x0, 0xffd5}, 0x400061de) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000001c0)) close(r1) syz_usb_control_io$uac1(r0, &(0x7f00000006c0)={0x14, &(0x7f0000000600)={0x0, 0xb, 0x3c, {0x3c, 0x21, "7a4b86424eeabab5ab726f3757037bec92fce2a8cfd5b181853acafc277b1af7eced33e4c32918b5b95477b41ba0b42298886da2012667f7ed63"}}, &(0x7f0000000680)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x40a}}}, &(0x7f0000000940)={0x44, &(0x7f0000000700)={0x0, 0x16, 0x47, "1512df4a92cffeea16429a5e1674882b2f242d4cca650f8c1cb5b691b125fd5cab0450dca515b3c711395a75bf56a9a269cc1047411100da093c9c2842c3dedebbcd62472afda8"}, &(0x7f0000000780)={0x0, 0xa, 0x1, 0x8}, &(0x7f00000007c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000800)={0x20, 0x81, 0x1, "e0"}, &(0x7f0000000840)={0x20, 0x82, 0x2, "3a95"}, &(0x7f0000000880)={0x20, 0x83, 0x1, '8'}, &(0x7f00000008c0)={0x20, 0x84, 0x2, "67d4"}, &(0x7f0000000900)={0x20, 0x85, 0x3, "f8060a"}}) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000040)=0x10000) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000180)=ANY=[@ANYBLOB="00141a00000028e1042d1a31"], 0x0, 0x0, 0x0, 0x0}) 4m13.918115197s ago: executing program 32 (id=142): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) rt_tgsigqueueinfo(0x0, 0x0, 0x3f, 0x0) msgsnd(0x0, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0) r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="40010400000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb6bba8839fe8bc048c0cdafd1f8a9918bc4055eaaeb6db4ee9bcb25b1811dbf40b3a7da5a8a64db04ed6dd26eea2e37229c339b1f91201c2796173864", 0x3d}], 0x1}, 0x0) recvmsg(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1, 0x0, 0xffd5}, 0x400061de) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000001c0)) close(r1) syz_usb_control_io$uac1(r0, &(0x7f00000006c0)={0x14, &(0x7f0000000600)={0x0, 0xb, 0x3c, {0x3c, 0x21, "7a4b86424eeabab5ab726f3757037bec92fce2a8cfd5b181853acafc277b1af7eced33e4c32918b5b95477b41ba0b42298886da2012667f7ed63"}}, &(0x7f0000000680)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x40a}}}, &(0x7f0000000940)={0x44, &(0x7f0000000700)={0x0, 0x16, 0x47, "1512df4a92cffeea16429a5e1674882b2f242d4cca650f8c1cb5b691b125fd5cab0450dca515b3c711395a75bf56a9a269cc1047411100da093c9c2842c3dedebbcd62472afda8"}, &(0x7f0000000780)={0x0, 0xa, 0x1, 0x8}, &(0x7f00000007c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000800)={0x20, 0x81, 0x1, "e0"}, &(0x7f0000000840)={0x20, 0x82, 0x2, "3a95"}, &(0x7f0000000880)={0x20, 0x83, 0x1, '8'}, &(0x7f00000008c0)={0x20, 0x84, 0x2, "67d4"}, &(0x7f0000000900)={0x20, 0x85, 0x3, "f8060a"}}) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000040)=0x10000) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000180)=ANY=[@ANYBLOB="00141a00000028e1042d1a31"], 0x0, 0x0, 0x0, 0x0}) 3m21.034949322s ago: executing program 4 (id=281): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000680)={[{@errors_continue}, {@nogrpid}, {@nodiscard}, {@test_dummy_encryption}, {@nobarrier}, {@nodelalloc}, {@minixdf}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}, {@barrier_val={'barrier', 0x3d, 0x8}}, {@nogrpid}, {@journal_dev={'journal_dev', 0x3d, 0x3}}]}, 0x1, 0xbb7, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEw+2ubeSS+Xy+3dNJfLpQVxmlZSbBFspeLGhaBboSGdlJDpB0mkJs1iov+AqGvBjaAWpQu77kbBrRutW4sLoUhsFEQ0cuYjic1MkraTnLT5/eDNed95zuR9nhxmzvvCTALYtQazH2nEgYg4m0QUG4+nEdFT6/VFVOvnLS7Mjf6yMDeaxNLSyz8mkUTE3YW50ebvShrHfY1BX0R89VwS/3hz7bxTM7MTI5VKebIxPjJ94fKRqZnZJ8cvjJwvny9fPHr86eFjw8eHTgx3rNZfvzt14+f/vvB99bePfr/20zsfJHEq+hux1XV0ymAMLv9NVitExEinJ8tJV6Oe1XUmhQ2elG5xUgAAtJWuWsP9K4rRFSuLt2J8/nWuyQEAAAAdsdQVsdROoX0IAAAAeJQkNvkAAADwmGt+DuDuwtxos+X7iYTtded0RAzU619stHqkENXasS+6I2Lv3SRWf601qT/toQ1GxO1vT3yatdii7yGvpzofEf9udf2TWv0DtW9xr60/jYihDsw/eM/4Uar/VAfmz7t+AHanm6frN7K19790ef0TLe5/hRb3rgeR9/2vuf5bXLP+W6m/q83676VNznH1w/eutItl9T9z4/lPmi2bPzs+VFH34c58xH8KrepPlutP2tR/dpNzFP+4Um4Xy7v+pfcjDkXr+puS9f8/0ZGx8Up5qP6z5RzzXw5/3G7+vOvPrv/eNvVvdP0vb3KOV8+cud4utnH96Q89ySu1Xk/jkddHpqcnj0b0JC+uffzY+rk0z2n+jqz+w/9b//Xfqv7sPaHa+Dtke4H5xjEbv3HPnM9eu/rZevVne788r/+5B7z+b21yjv9/8fbhdrHV+9+sZfPfTup7YQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoSiOiP5K0tNxP01IpYl9E/DP2ppVLU9NPjF167eK5LBYxEN3p2HilPBQRxfo4ycZHa/2V8bF7xk9FxP6IeLe4pzYujV6qnMu7eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJbti4j+SNJSRKQRsVhM01Ip76wAAACAjhvIOwEAAABgy9n/AwAAwOPP/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAttv/gzVtJRFRP7qm1TE8j1p1rZsBWS/NOAMhNV94JALkp5J0AkJv73ONbLsBjKNkg3tc20tvxXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYuQ4duHkriYjqyT21lulpxLpbPuPgNmYHbKU07wSA3HStFyxsXx7A9vMSh92r9R4f2E2SDeJ9K+dU/xrp3bKcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANh5+mstSUsRkdb6aVoqRfwtIgaiOxkbr5SHIuLvEfFNsbs3G/fmnTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdNzUzOzFSqZQndXZApxAROyANnXw6yc5Io97J+50JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA8TM3MToxUKuXJqbwzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPI2NTM7MVKplCc30bl+Pyev6uRdIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+fkzAAD//2RWCkM=") r0 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6010104000140600fe8028b300000000000000000000000000bbfe8000000000000000000000000000aa47becc09caf306bc75342b48a32e4000004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5404000090780009"], 0x0) fsopen(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0xff) syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000040)='./file1\x00', 0x800810, &(0x7f0000000180)={[{@discard_async}]}, 0xfb, 0x50f9, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734d2FpAqhUbJJahw38Xptk4daqqwpVSPSNOuGBlURxcZek8ULdmxTYhQiYxPRCEFpg5R8KMIoimo+QK1ARFJAuEhxhMojoioKIFBoDVEQKSWJSBOkUM3ee2bvnLvz8GONl/5+knfOzP887zw859475wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP8Ph75y1d82iz/82/Oefu7Cicv2rrvw5WvOO/3xECZnH+/Iwh3919868fM7z71r731rbrvnyPkf7M3L5fEwUP3Tmd+5LtZ6ZGkI93aE0J0GVg5mgZ78/mCs712DIZwW5gK1ElP9WYm04fD9vhD2h7lArarv9YUwWAhc8MRDD95YTdzSF8KyEEIlbePZStZGXxo4qzcL9KeBbd1Z4FdvZGqB73ZmAThu8c1Qe9EfnKzPMDJ/uQavv54T1rE3Vzq8rpgYaZzvZ+sWuFMFvekDk8f1tJWqY0GU3h6HvNsWwbuttJ1v9rQVv0jl31DemAtVQufmqS0br5zZFR/pDGNjXY1qWqDn+alXv7TpaNKL5nUYOzByQl6HNz227M6uFZ969J6Vy1488KF9Lx1vN39U2KTF9EKrhPw1t2iex2jC58kiePuVviWN+tIVQtjy+d/7dLN4af4/0nz+H1/O8bazLnes9fWhbG4eHxmMiVeGsrk5AAAALBqLYa/ptrEHPlYoPlxJ6ivN/0fbO/4fD/nnk/lstIdCmJhN7BsO4YzZx7PAHbG5S4ZDeO9sarI+sC4JHArhnbOJFbWqkhJLYonRJPCToTwwkQQOx8BkEvhWDNycBK6LgYNJYFMMHEoC58ZAmK4fx+8P5eNoO9AXAxuyjXgwnoXwi6HYWrKtnqlVBQAAcILks8Oe+ruFcx2ON0OcXh7sa5UhnoHdMEMlqSGdwdamVQ1r6G5VQ2erGmrj3tN8+KWaO1rVXDoNo6M+w62//JvPhCZK8//x5vP/yjwd6Sgd/w9h/ezfmLszj8zU4hsm6zIAAAAAx2Hgf5//ZrN4af4/0d75/3GfSFchc3gk7obYOhzCeH0gq/YPy4HsqPdAHgAAAIDFoHY8vnYsfDq/zU7RTufT5fyTR5k/HvifmDd/76H7NzTrb2n+P9ne+f/99bdZJw7HXnxtOIQlhcAPYi+rgVmjMfDjj9cH8vEfjhvghlhVfmJCraobYokNMTCeBPY3KvHDWokz6gP5k1VrfF9tHNN5iUIAAAAATrq4OyAel4/n/7/vN2uualauNP/fcHTn/8/Og0un988MhLCqO4Su9IcBj/RnCwPGwGBHnnigP6urK63q2v4QzqkOLK3q+Xz9/+50jcEn+rKqYuCM9x149axq4pt9IawqBp783O0friZ2JYFa43/ZF8J7qqNNG//OkqzxnrTxry8J4d2FQK2qS5aEUG2sN63qoUp+HYO0qn+uhPC2QqBW1UcqIewOACxS8b/SzcUHd+6+euvGmZmpHQuYiPvw+8KW6ZmpsU3bZjZXGvRpc9LnumWMri2Pqd0r3zyTL1H02bvXD7aTrv1OcLzYVr4fv3TiYH4/fhfqmR3nmp66u2vTIX/g/eUmQuGbVKMhdy7wkPuLlcw9iaX6Y/7eMBCWXLlzasfYFzfu2rVjdfa33exrsr/xMFO2rVan26p/vr618fJouFpW4li31fJiJat2Xb591c7dV6+cvnzjpVOXTl2x+iNrxs8eXzv+0bNXVUc1nv1tMdTl81WdDPWN29sc1wkc6pndhUpOxqeGhITEYktsG1je9P/k0vx/e/P5f/zUiZ/8+foMjY7/j8TD/Nnjc4f5N8TA/naP/480OppfOzFgNAnsiYE9DvMDAADw1hAn+XFvZtwr/dMV33mxWbnS/H9Pe7//P0Hr/9eWrj+/0TL/K2KJ8Ubr/6fL/NfW/9/TaP3/dJn/2vr/+9+E9f+vrAWSTfIL6/8DAABvBSdv/f+Wy/unFwgoZWi5vH96gYBShpbL+Ld7gYCjXv//2f/8q/8OTZTm/ze3N/+3cD8AAACcOr78Z1f9TrN4af6/v735/8lf/y80Ov9/tFFgstHCgNb/AwAAYJFqtP7fyPX9FzcrV5r/H2xv/h9Pu+isyx1rfX0oW9MupGvavTJU+8kAAAAALA6dYWysp828dSujrjv2Np/KlwJtli56/k+OHN35/4fam//X/S7jpseW3dm14lOPvn7PymUvHvjQvpfmjv8DAAAAC6fd/RIAAAAAAAAAAAAAAMCb7/n/2Lu2Wbz0+/+wfvbxRr//j9f9i78veHtd7lhr6/X/8vsXfPKu3bNLFj4yFML7i4Gte7eeFvJr8y8vBh68aMU7qom9aYn7nzv3hWri4jTwiZWnv1ZNnJMENsRFEt+ZBuJVFV9bmgTi8or/ngbi9jiYBnrzwFeXZuPoSLfVTwezbdWRbqunB0MYLgRq2+rewayNjnSAtySB2gC/kAbiAP88D3SmvbprIOtVDAzGorcNZL0CAOCUFb8F9oQt0zNT4/ErfLw9s7v+NqpbsuzacrUdbTb/TL402WfvXj/YTror/S46d63xnlCpDmF16etqMUvH7ChPTC0tNt3bGwy51WpvnQ3KpY520/U2HlFfNqKxTdtmNve0HPja1lnWdLfMsro02Slm6ZzdpG3U0kZf2hhRm9umjS7H+51hbKwryfUHMTgS6rR6RbT7e/3iOn+NXgXFPFcc2ferZvWV5v8j7c3/K8VxvZZfDGBPvLLe3w1b5h8AAAAW1lfX/fob8d9nrn/4yWZ5S/P/0fbm/3EPVn4oONvbcShe/3/fcAizl9YfyQJ3xOYuGQ7hvbOpyVgiu6D++bHEeBa4I+4wWRFLbJisr2pJDBxMAj8ZygOHksDhGMj3UhwI+a6cvx8K4cOzqfX1JbbHEiNJ4NMxMJoExmJgPAksjYGJJPDy0jwwmQT+LQbCdP22untpvq0AAACORj7P6qm/G9J53sHuVhk6WmXob5Whs1WGSqsMjUYR7387ZuhJTl7pKGTqSWvtS2opZYgXwz/qfpUyhB/W50wLlpqO5x/UzjfoqM9w38e6K6GJ0vx/vL35f3/9bdb64Tj/n7v+Xxb4Qeze1+Kp46Mx8OOP1wfyHQOH42T3hlpVk3mJfNJ+QywxEQOjSWB7DEwkgQ3r88D+d9QH8pl2rfF9tcan8xKFAAAAAJx0cQdB3E0T5/+37fzKQLNypfn/RHvz/9jeQLGx62KtR5aGcG/HXG9qgZWDWSDuxxiMP49/12AIpxV2cNRKTPVnJXqThsP3+7JfqPemVX2vL/vxQbx/wRMPPXhjNXFLXwjLCntfam08W8na6EsDZ/Vmgf40sK07C8Q9P7XAdzuzABy32l7B+ILKT3WpGZm/XIPX31vlmqDp8Er7QOfJN99vrhZKaYdrvk+15uietqb7bzlhSm+PQ95ti/HdNuLdVvwilX9DeWMuVAmdm6e2bLxyZld8pPhL1pIFep6Lv1JtJ30CXod7jr23rVXSDownHx/j85eb/3XYEau76bFld3at+NSj96xc9uKBD+17qe1uNBB/KPzQNf86+KPC5l1olZC/5hbd58mkz5NF8d9A8u4e9bSFENa//PUbmsVL8//J9ub/3cntrF/HjblzOIQPFDbuI3Hz//Fw9jlYCGSfkm8rB7JD7v811PCTEwAAAE602u6O2v6C6fw2OyE8nSeX808eZf64v2Ji3vzt9rv/ry9a1ixemv9vaD7/X5J00/F/x/9ZII7/z+tU3xW9JH1gz3Htii5Vx4Jw/H9ep/q7zfH/eTn+7/j/fBz/b8Hx/3md6k9b6VvSdl+6Qggv/tEDTzeLl+b/29ub/1v/b/5F+2rr/21otP7f9kbr/+2x/h8AALCgGiw0l87zSqv3lTKkq/eVMrRcILDlEoPW/zvq9f9eOPPZ34QmSvP/Pe3N/+PLYaDY+mJZ/290fYOqbo6B7RYGBAAA4FTUaAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb677/uF/NjeLP/zb855+7sKJy/auu/Dla847/fEQpmcf78jCHf3X3zrx8zvPvWvvfWtuu+fI+R+s5OV68tvfrcsda319KIT9hUcGY+KVoeqducAFn7xrd3c18chQCO8vBrbu3XpaNfGtoRCWFwMPXrTiHdXE3rTE/c+d+0I1cXEa+MTK01+rJs7JAx1pd/9xadbdjrS7Ny4NYbgQqHX3sqX1VdXa+NM80Jm28U+DWRsxMBiLfmMwayMGZmKJ6SUhrOoOoSut6uFKVlVXWtW/VLKqutKqvlwJ4ZwQQnda1XO9WVXd6cgf782qioEz3nfg1bOqif29IawqBp783O0fria+kARqjf9Fbwjvqb5k0sa/3ZM13pM2fktPCO8OIfSmJX7ZnZXoTUs83x3C2wqBWuOf7w5hd+AtIX741H2i7dx99daNMzNTOxYw0Zu31Re2TM9MjW3aNrO5kvSpkY5C+o1rj33sz7z6pU3V28/evX6wnXR3Xq5ntstreururj3Vex/71V+sZO75KNUf8/eGgbDkyp1TO8a+uHHXrh2rs7/tZl+T/e3Ko9m2Wr1YttXyYiWrdl2+fdXO3VevnL5846VTl05dsfoja8bPHl87/tGzV1VHNZ79PRFDvf3kD/XM7kIlJ+MDQEJCYrElOus+3cZP9Q/y0hf9uY72hMrsB3RpWlHM0jE7yhMx6HXHOOJj+Z7SckSrSxOHUpY182S5tj7L2tJkYq6WvizL7Pe60uSw2Fjn7CaN9zvD2FhXo+0wUn+3uHl/dhyb96l807WbBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRg9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHApAAD//7IeJCA=") mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_CTL(r1, 0xc0109428, &(0x7f00000000c0)={0x1, 0xffff}) userfaultfd(0x80001) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) syz_open_dev$loop(&(0x7f0000000400), 0x2, 0x6800) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$snapshot(r2, &(0x7f0000000140)="cc9e", 0x2) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000003c0)=ANY=[], 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) syz_usb_disconnect(r3) close_range(r0, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0xa040, 0x0) truncate(&(0x7f00000000c0)='./file1\x00', 0x10) ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f00000004c0)={0x7f, 0x0, 0xa75c, 0x3, 0x40}) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) clock_settime(0x5, &(0x7f0000000040)={r5, r6+60000000}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r8, 0x1, 0x10, &(0x7f0000000100)=0xffff, 0x4) shutdown(r7, 0x1) recvmmsg(r8, &(0x7f0000003040)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=""/130, 0x82}, 0x750}], 0x1, 0x2302, 0x0) 3m17.371244728s ago: executing program 4 (id=290): r0 = socket(0x21, 0x800, 0x3d) setsockopt$sock_void(r0, 0x1, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000d40)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x4}}}, 0x24}}, 0x0) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000040)={0x5c, 0xa, 0x0, "3258c546dacccfae1e008faa00000000f4ff4000", 0x43564548}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x59, 0x0, 'syz1\x00', 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0xfffffffffffffffe, 0x8, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3ff, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x800000, 0x0, 0x101, 0x0, 0xd721, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]}) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/68, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000001680)) r5 = eventfd2(0x1, 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffffffffffff, 0x4, 0x700}, 0x38) ioctl$VHOST_SET_VRING_ERR(r4, 0x4008af22, &(0x7f00000001c0)={0x0, r5}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000003700)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/163, 0x0, 0x4000}) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000000)={0x0, r5}) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000001880)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) 3m13.77071964s ago: executing program 4 (id=302): socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8943, 0x0) r2 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000040)) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x4}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x1f, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b70300000000000085000000730000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x20000000, 0x440, 0x6, 0x0, 0x0, 0x2004cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000], 0x0, 0x200306}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) r5 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r5, 0x29, 0xd4, &(0x7f0000000080)=0x6, 0x4) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_io_uring_setup(0x110, &(0x7f0000000400)={0x0, 0xfac6, 0x800, 0x3, 0x287}, &(0x7f0000000240)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f00000003c0)={0x1, 0x1, 0x7, 0x0, 0xdb11}, 0xc) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 3m12.349146313s ago: executing program 4 (id=306): openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff) r0 = syz_mount_image$hfsplus(&(0x7f00000002c0), &(0x7f00000000c0)='./file1\x00', 0x3000c00, &(0x7f0000000200)=ANY=[], 0xff, 0x654, &(0x7f0000000a40)="$eJzs3c9vHGf9B/D3rje2N99+UzdN2hRVitVIgLBI/EMumAsBIeRDhapy4GwlTmNlkxbbRW6FqMvPaw/5A8rBN05I3COVCxe49epjJQSXXjCnRTM7a29tr38Ux2uX1yuafZ6ZZ+Z5Ps9nZ3Z214o2wP+s+Yk0nqSW+YnX1or1zY2Z1ubGzMNuPclIknrS6BSp/avdbn+c3E5nyUvFxqq7Wr9xHi/NvfHJZ5ufdtYa1VLuXz/ouKNZr5aMJxmqypPq785h/Y0e1l1te4ZFwm50EweDdiFJu/SPx50tP/3LM9stPZr7HX3omQ+cA7XOfXOPseRidaEX7wM6d8XOPftcWx90AAAAAHAKnt3KVtZyadBxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHlS/f5/rVrq3fp4at3f/x+utqWqny3Xj7f7k6cVBwAAAAAAAACcoutb2cpaLnXX27Xyb/6vlCtXysf/yztZyWKWczNrWchqVrOcqSRjPR0Nry2sri5PHeHI6X2PnD4k0JGqbJ7MvAEAAAAAAADgS+aXmd/5+z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJwFtWSoU5TLlW59LPVGktEkw8V+68nfuvXz7MmgAwAAAIBT8OxWtrKWS931dq38zP9C+bl/NO/kUVazlNW0spi75XcBnU/99c2NmdbmxszDYtnb7/f+eawwyh7T+e5h/5GvlXs0cy9L5ZabuZO30srd1MsjC9e68ewf1wdFTLXvVo4Y2d2qLGb+YVXu8f6xJtvPMb9MGSszcmE7I5NVbEU2njs4E8d8dnaPNJX6drBXdo20axJfKOcXq7KYz2/75Xwgdmdiuufse+HgnCdf+9MffnK/9ejB/XsrE2dnSgdbr8qhqmyXj829mZjpycSLX8ZM9DVZZuLq9vp8fpgfZyLjeT3LWcrPspDVLGY8PyhrC9X5XOu55Ptk6vbn1l4/LJLh6gztPFnHi+mV8thLWcqP8lbuZjGvlv+mM5VvZTazmet5hq8e4ZW23ueqb///vsHf+HpVaSb5XVWeDUVen+vJa+9r7ljZ1rtlJ0uXT/5+1PhKVSnG+FVVng27MzHVk4nnD87E78uXlZXWowfL9xfePtpwlz+sKsV19JszdZcozpfLxZNVrn3+7Cjant+3bapsu7LdVt/TdnW7rXOlrve9Uoer93B7e5ou217ct22mbLvW07bf+y0AzryL37g43Px786/Nj5q/bt5vvjb6/ZFvj7w8nAt/vvCdxuTQV+sv1/6Yj/KLnc//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF7fy7nsPFlqtxeVdlXa7/X6fpvNc6f6c2SkO+tIzyaCmPJzkbGT+3+12u9pSOwvxHFxpF0bSfupjNZLs13S9d8sHAzl/BvzCBDx1t1Yfvn1r5d33vrn0cOHNxTcXH83Nzs5Nzs2+OnPr3lJrcbLzOOgogadh56Y/6EgAAAAAAAAAAACAozqZ/zPQTNJ/n/6jj57mVAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBzan4ijSepZWry5mSxvrkx0yqWbn1nz0aSepLaz5Pax8ntdJaM9XRX6zfO46W5Nz75bPPTnb4a3f3rBx13NOvVkvEkQ1V5Uv3d+a/7q23PsEjYjW7iYND+EwAA//9nMgTf") linkat(r0, &(0x7f0000000100)='./file5\x00', r0, 0x0, 0x1400) r1 = syz_create_resource$binfmt(&(0x7f0000000280)='./bus\x00') execveat$binfmt(0xffffffffffffff9c, r1, 0x0, &(0x7f0000000700)={[&(0x7f00000004c0)=',\x00', &(0x7f0000000500)='//\x00', &(0x7f0000000580)='&\x16\xdf\f\n\xa5w\'\x80\x00\x00\x00\x00\x10\x00\x00\x00\',!\\\x00']}, 0x100) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_pidfd_open(r2, 0x0) ptrace$getregs(0xe, r2, 0x13ed, &(0x7f0000000180)=""/185) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = syz_open_dev$loop(&(0x7f0000000100), 0x8, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0000ea801900", [0x0, 0x2000000000001]}}) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4) 3m10.484880791s ago: executing program 4 (id=309): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000100)='%pi6 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1, 0xffffffffffffffff}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x16, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffff0b867b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r3, 0x8, 0xe, 0x0, &(0x7f0000000300)="40f0538ef047b21fb60068305500", 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3m9.581071698s ago: executing program 4 (id=313): syz_emit_ethernet(0x6a, &(0x7f00000002c0)=ANY=[@ANYBLOB="bbbbbbbbbbbb5a01f3c2f13608060001080006040001aaaaaaaaaaaaac1414bbaaaaaaaaaaaaac1414bb3e326cb2a4439c7bedef3f70a3aee784f14ccafb924e25fec5dfeff7f6586a1f3c845d587749648c395e4175c1542e2aaacc28c0a2632703d9177041fdcc76babf8dad5c2c0618e1cf7478bf48c466cb08dfa4abc423283a4d74216dc51a76"], 0x0) r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x6) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f00000001c0)=0x9a, 0x4) readv(r1, &(0x7f0000000ac0)=[{&(0x7f00000002c0)=""/47, 0x2f}], 0x1) sendmmsg$inet(r1, &(0x7f0000002340)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)='LF', 0x2}], 0x1}}], 0x1, 0x8090) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105"], 0x38}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[], 0x70}}, 0x4008080) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r3, &(0x7f0000000100)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @window, @window={0x3, 0x4, 0x8}, @sack_perm, @timestamp, @timestamp, @timestamp, @timestamp], 0x8) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r3, 0x6, 0x15, &(0x7f0000000040)=0x7ff, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_mount_image$cramfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[], 0x1, 0x143, &(0x7f0000000400)="$eJzszr1LelEcx/HP+d2rvyjNAgMLMqHlkvR0hZqCNJIMKihcmgQ9UaAoCuVoRFtbq0MlNIn/gj0tSUG09C+0uAWNxbkPRdDS/nlt532+93vu8sKjgQjwHoBlqVgolWWlInORzY215NZrux1X3Qugx7pfLZWlqMicPX8VB3bxH/Dgy60f2NnLy6lsMa/GunHAAJDow6LqM6odAr2qBe3ZWacZ48DNkN3MX1rMaSM6kAjYTe37OAd0tW/we98bgGo92mp21h/uU5MTl6MajlPRMfdX3R6WJ2ZyuOELaUjLuwu8iI7PnniabjWfAWEdYqY5J4Cac0TNC33Ftw9si5/veBEK62ngSACn1l33WvjVFwAK/fNnzvu1Ay0CiGo9mwl5GpngwD9ohrudiIiIiIiIiIiIiIiIiIjoDz4DAAD//+7/VYE=") munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r5, &(0x7f0000001f80)=""/4111, 0x100f) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x66, 0x1, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0xc, 0x10}, {}, {0x7, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x5}, 0x80000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r7, &(0x7f0000000680)='devices.deny\x00', 0x2, 0x0) 3m6.459443417s ago: executing program 33 (id=313): syz_emit_ethernet(0x6a, &(0x7f00000002c0)=ANY=[@ANYBLOB="bbbbbbbbbbbb5a01f3c2f13608060001080006040001aaaaaaaaaaaaac1414bbaaaaaaaaaaaaac1414bb3e326cb2a4439c7bedef3f70a3aee784f14ccafb924e25fec5dfeff7f6586a1f3c845d587749648c395e4175c1542e2aaacc28c0a2632703d9177041fdcc76babf8dad5c2c0618e1cf7478bf48c466cb08dfa4abc423283a4d74216dc51a76"], 0x0) r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x6) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f00000001c0)=0x9a, 0x4) readv(r1, &(0x7f0000000ac0)=[{&(0x7f00000002c0)=""/47, 0x2f}], 0x1) sendmmsg$inet(r1, &(0x7f0000002340)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)='LF', 0x2}], 0x1}}], 0x1, 0x8090) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105"], 0x38}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[], 0x70}}, 0x4008080) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r3, &(0x7f0000000100)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @window, @window={0x3, 0x4, 0x8}, @sack_perm, @timestamp, @timestamp, @timestamp, @timestamp], 0x8) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r3, 0x6, 0x15, &(0x7f0000000040)=0x7ff, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_mount_image$cramfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[], 0x1, 0x143, &(0x7f0000000400)="$eJzszr1LelEcx/HP+d2rvyjNAgMLMqHlkvR0hZqCNJIMKihcmgQ9UaAoCuVoRFtbq0MlNIn/gj0tSUG09C+0uAWNxbkPRdDS/nlt532+93vu8sKjgQjwHoBlqVgolWWlInORzY215NZrux1X3Qugx7pfLZWlqMicPX8VB3bxH/Dgy60f2NnLy6lsMa/GunHAAJDow6LqM6odAr2qBe3ZWacZ48DNkN3MX1rMaSM6kAjYTe37OAd0tW/we98bgGo92mp21h/uU5MTl6MajlPRMfdX3R6WJ2ZyuOELaUjLuwu8iI7PnniabjWfAWEdYqY5J4Cac0TNC33Ftw9si5/veBEK62ngSACn1l33WvjVFwAK/fNnzvu1Ay0CiGo9mwl5GpngwD9ohrudiIiIiIiIiIiIiIiIiIjoDz4DAAD//+7/VYE=") munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r5, &(0x7f0000001f80)=""/4111, 0x100f) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x66, 0x1, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0xc, 0x10}, {}, {0x7, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x5}, 0x80000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r7, &(0x7f0000000680)='devices.deny\x00', 0x2, 0x0) 2m19.897992481s ago: executing program 6 (id=421): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@bridge_dellink={0x34, 0x13, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r3}, [@IFLA_AF_SPEC={0x14, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x5, 0x0, 0x1, {0xc, 0x6, 0x0, 0x1, [{0x8, 0x1}]}}]}]}, 0x34}}, 0x0) 2m18.970593603s ago: executing program 6 (id=424): setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @broadcast}}}, 0x108) mq_open(0x0, 0x0, 0x0, 0x0) r0 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x3}, &(0x7f00000004c0)='\x00', 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000040)={r0, r1, r1}, 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={'poly1305-generic\x00'}}) 2m18.461717929s ago: executing program 6 (id=428): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x29a83a768e447add) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2d, 0x20000000, {0x0, 0x0, 0x0, r1, {0x5, 0x2}, {}, {0x5, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x13) 2m17.151517941s ago: executing program 6 (id=430): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @local, 0x5}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file0\x00', 0x101880a, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy") mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0) capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000004c0)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB(r2, 0xc01c64ad, &(0x7f0000000200)={r4}) sendmsg$inet6(r0, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1, 0x8423}, 0x1c, 0x0}, 0x4000000) syz_usb_connect(0x5, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="120110017a953210ac0504c777620102030109022d0001080540040904270102fffd01000921e700070122b30409050c0200020103400905df02"], 0x0) 2m12.879752085s ago: executing program 6 (id=438): setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @broadcast}}}, 0x108) mq_open(0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x80000040001}) r0 = add_key$user(0x0, &(0x7f0000000300)={'syz', 0x3}, &(0x7f00000004c0)='\x00', 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000040)={r0, r1, r1}, 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={'poly1305-generic\x00'}}) 2m11.70328503s ago: executing program 6 (id=443): socket$inet6_tcp(0xa, 0x1, 0x0) (async) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) (async) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x56, &(0x7f0000000340)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x20, 0x6, 0x0, @remote, @local, {[], {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x7ff, 0xfffffffa}]}}}}}}}}, 0x0) (async) syz_emit_ethernet(0x56, &(0x7f0000000340)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x20, 0x6, 0x0, @remote, @local, {[], {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x7ff, 0xfffffffa}]}}}}}}}}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) socket$nl_route(0x10, 0x3, 0x0) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x0, 0x25dfdbfc, {0x2, 0x20, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1000}, [@RTA_SPORT={0x6, 0x1c, 0x4e23}]}, 0x24}}, 0x20004000) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000440)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'lblc\x00', 0x1, 0x2, 0x6f}, 0x2c) (async) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000440)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'lblc\x00', 0x1, 0x2, 0x6f}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000480)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lblc\x00', 0x14, 0x8, 0x77}, {@multicast2, 0x4ea1, 0x2, 0x400000cb, 0xcef9, 0xd}}, 0x44) munlockall() madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800) (async) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800) ioctl$DRM_IOCTL_GET_MAP(r4, 0xc0286404, &(0x7f0000000140)={&(0x7f0000543000/0x4000)=nil}) madvise(&(0x7f0000220000/0x2000)=nil, 0x2000, 0x15) socket(0x18, 0x0, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000020400000000000000000850000180300000000000000", @ANYRES32, @ANYBLOB="00000000000000006111000000000000180000000000000000000000000000009500000000000000360a00000000000018010000202078250000000000202020631af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50200000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd0, &(0x7f0000000340)=""/208, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2m8.057811551s ago: executing program 34 (id=443): socket$inet6_tcp(0xa, 0x1, 0x0) (async) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) (async) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x56, &(0x7f0000000340)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x20, 0x6, 0x0, @remote, @local, {[], {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x7ff, 0xfffffffa}]}}}}}}}}, 0x0) (async) syz_emit_ethernet(0x56, &(0x7f0000000340)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x20, 0x6, 0x0, @remote, @local, {[], {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x7ff, 0xfffffffa}]}}}}}}}}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) socket$nl_route(0x10, 0x3, 0x0) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x0, 0x25dfdbfc, {0x2, 0x20, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1000}, [@RTA_SPORT={0x6, 0x1c, 0x4e23}]}, 0x24}}, 0x20004000) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000440)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'lblc\x00', 0x1, 0x2, 0x6f}, 0x2c) (async) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000440)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'lblc\x00', 0x1, 0x2, 0x6f}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000480)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lblc\x00', 0x14, 0x8, 0x77}, {@multicast2, 0x4ea1, 0x2, 0x400000cb, 0xcef9, 0xd}}, 0x44) munlockall() madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800) (async) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800) ioctl$DRM_IOCTL_GET_MAP(r4, 0xc0286404, &(0x7f0000000140)={&(0x7f0000543000/0x4000)=nil}) madvise(&(0x7f0000220000/0x2000)=nil, 0x2000, 0x15) socket(0x18, 0x0, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000020400000000000000000850000180300000000000000", @ANYRES32, @ANYBLOB="00000000000000006111000000000000180000000000000000000000000000009500000000000000360a00000000000018010000202078250000000000202020631af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50200000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd0, &(0x7f0000000340)=""/208, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 57.012081038s ago: executing program 1 (id=616): r0 = syz_open_dev$loop(&(0x7f0000000180), 0x7, 0x2480) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, 0x0) 55.699532329s ago: executing program 1 (id=620): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28002) write$sndseq(r0, 0x0, 0x0) r1 = dup(r0) mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) 54.816340496s ago: executing program 1 (id=623): creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000019100)='net/fib_trie\x00') pread64(r3, &(0x7f0000032140)=""/102344, 0x18fc8, 0x4000c2a) 50.55618489s ago: executing program 1 (id=632): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x58, &(0x7f0000000c40)={[{@inode_readahead_blks}, {@nodiscard}, {@nomblk_io_submit}, {@stripe={'stripe', 0x3d, 0x4fffb}}, {@norecovery}, {@errors_remount}, {@max_batch_time={'max_batch_time', 0x3d, 0x814}}]}, 0xfe, 0x7a6, &(0x7f0000001340)="$eJzs3c9rHGUfAPDvbH6+ad+3eeGFt/XSnLRQumlrbBWExpMIFgp6tg2bbYjZZEt2U5qQg0UEQQQtHgS9ePZHvXkT0bN/gxcRaamaFis9yMrsziab7iZN06Rpm88HJnmemWfnme/MzvM8uzPsBLBrDaV/chEHIuKDJGJfNj+JiJ56qjtitFHu9tJiIZ2SqNVe+z2pl7m1tFiIltek9mSZ/RHx/TsRh3Pt9VbmF6bGSqXibJYfrk5fGK7MLxyZnB6bKE4UZ04cGxk5fvK5kye2LtY/f1zYe/3Dl5/5avTO2/+/+v4PSYzG3mxZaxxbZSiGsn3Sk+7Chm+3upZHQ7LTG8CmpKdmV+MsjwOxL7rqKQDgSZb2/zUAYJdJ9P8AsMs0vwe4tbRYaE6dvifIru/cuetlj70bL0VEfyP+5vXNxpLu7Jpdf/066MCtZNWVkXR/DG5B/fsj4tNv3vginWKbrkMCdPLW5Yg4NzjU3v4nK/csbNLRDZQZuiuv/YOH57t0/PN8p/Ffbnn8Ex3GP30dzt3NGIrozVZX137+566tqrTp1BZUno3/Xmzc25YG2jL+W75pbbAry/07zRyMiMlSMW3b/hMRh6Kn7/xkqXhsnToO3fz75lrLhlrGf39cefPztP70/0qJ3LXuvtWvGR+rjj1IzK1uXI54qnvl3r7bbe1/86i3j3/PrLfig81Ed7zywrufrFUsjT+Ntzm1x7+9ap9FPB2d429K1r0/cTg9/EcbfzvX8fXPHw+sVX/r8U+ntP7mZ4GHIT3+A+vHP5i03q9Z2dr67x3/8vt/eYPS939v8no93ZvNuzRWrc4ei+hNXm2ff3xlbc18s3waf2PFi72xKv6V9i/p0P6lnwnPbTDG7uu/fbn5+LdXGv/4fR3/+09cvT3VtVb9Gzv+I/XUoWzORtq/jW7gg+w7AAAAAAAAAAAAAAAAAAAAAAAAANioXETsjSSXX07ncvl84xne/4uBXKlcqR4+X56bGY/6s7IHoyfX/KnLfY180vz908GW/PG78s9GxH8j4qO+f9Xz+UK5NL7TwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZs8az/9P/dq301sHAGyb/rY5tVqt1pq/WVx3MQDw2Gnv/wGAJ53+HwB2H/0/AOw++n8A2H30/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGyzM6dPp1Ptr6XFQpofvzg/N1W+eGS8WJnKT88V8oXy7IX8RLk8USrmC+Xpe62vVC5fGImZuUvD1WKlOlyZXzg7XZ6bqZ6dnB47FWeLPQ8lKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4P5X5hamxUqk4+0Qk3ouIR2AzJLY28cuRn/avV+bKPd7Goxuoqz87IR6RkHc+scMNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBj4p8AAAD//9klLL8=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file1\x00', 0x0, 0x0, 0x835, 0x0) 47.607168525s ago: executing program 1 (id=637): openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) pipe(&(0x7f0000000080)) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)={'#! ', './bus', [], 0xa, "c361615972e67dc560bd6f6d27fbea72dbc551a6"}, 0x1d) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r1, 0x802c550a, &(0x7f0000000000)=ANY=[]) 46.616004083s ago: executing program 1 (id=641): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00feffffff0000001c000000000000000000000001"], 0x40}, 0x0) 44.17622198s ago: executing program 35 (id=641): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00feffffff0000001c000000000000000000000001"], 0x40}, 0x0) 17.769934069s ago: executing program 0 (id=729): r0 = socket$inet6(0xa, 0x3, 0xff) r1 = dup2(r0, r0) setsockopt$inet_pktinfo(r1, 0x0, 0x8, 0x0, 0x0) 16.354105321s ago: executing program 0 (id=736): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0xfffffffd, {{@in6=@empty, @in=@broadcast, 0x0, 0x0, 0x0, 0x5, 0xa, 0x0, 0x26b9ffe36856e205, 0x2e}, {0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}}}, 0xb8}}, 0x0) syz_emit_ethernet(0x1fa, &(0x7f00000004c0)=ANY=[@ANYBLOB="ffffffffffff00000000000086dd665ff63e01c42f01fe80000000000000000000000000000dff020000000000000000000000000001"], 0x0) 15.696304705s ago: executing program 0 (id=739): unshare(0x2010100) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b04, &(0x7f0000000040)={'wlan1\x00', @random="8dffffff0600"}) 14.838308173s ago: executing program 0 (id=744): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000300)={[{@jqfmt_vfsv1}, {@dioread_lock}, {@barrier_val}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@errors_continue}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x185641, 0x0) r1 = open(&(0x7f00000003c0)='./bus\x00', 0x84902, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x11, r1, 0x0) write$FUSE_ATTR(r0, &(0x7f0000000440)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0xffffffffff7ffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6288f669, 0x0, 0xc000}}}, 0x78) 13.90606532s ago: executing program 0 (id=748): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xff, 0x7fff0000}]}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(0xffffffffffffffff, 0x0, 0x80000000, 0x0) 9.739593006s ago: executing program 0 (id=769): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c12, &(0x7f0000000040)={[{@nobh}, {@usrjquota}]}, 0xff, 0x240, &(0x7f0000000500)="$eJzs3T1oO2UcB/DvXRL/tg1SdRHEFxARLZS6CS51UShIKSKCChURF6UVaotb6+TioLNKJ5ciblZH6VJcFMGpaoe6CFocLA46RJJrpbYRX1Jz4n0+cLm75J77Pcfd97kQOBKgsaaTzCdpJZlJ0klSnN/gzmqaPl3dnthfTnq9x34oBttV65WzdlNJtpI8kGSvLPJCO9nYferop4NH7nl9vXP3u7tPToz1IE8dHx0+evLO4msfLNy/8dkX3y0WmU/3d8d19Yoh77WL5KZ/o9h/RNGuuwf8FUuvvP9lP/c3J7lrkP9OylQn74216/Y6ue/tP2r75vef3zrOvgJXr9fr9O+BWz2gccok3RTlbJJquSxnZ6vv8F+1JssXV9dennl+dX3lubpHKuCqdJPDhz+69uHUhfx/26ryD/xPVT9KHT6+tPN1f+GkVXeHgLG4rZr17/8zz2zeG/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmH5pJ/aC75h+aSf2iu8/kHAJqld63uJ5CButQ9/gAAAAAAAAAAAAAAAAAAAJdtT+wvn03jqvnJW8nxQ0naw+q3Bv9HnFw/eJ38sehv9puiajaSp+8YcQcjeq/mp69v+Kbe+p/eXm/9zZVk69Ukc+325euvOL3+/rkb/+TzzrMjFvibigvrDz4x3voX/bJTb/2Fg+Tj/vgzN2z8KXPLYD58/On2z9+I9V/6ecQdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDa/BgAA//8YZW08") r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x181242, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) write$binfmt_script(r2, &(0x7f0000000180)={'#! ', './file1'}, 0xb) fallocate(r0, 0x0, 0x1, 0x2000402) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0xc, r0, 0x4, 0x0, 0xd8, 0xffffffffffffffff}) 8.608040069s ago: executing program 36 (id=769): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c12, &(0x7f0000000040)={[{@nobh}, {@usrjquota}]}, 0xff, 0x240, &(0x7f0000000500)="$eJzs3T1oO2UcB/DvXRL/tg1SdRHEFxARLZS6CS51UShIKSKCChURF6UVaotb6+TioLNKJ5ciblZH6VJcFMGpaoe6CFocLA46RJJrpbYRX1Jz4n0+cLm75J77Pcfd97kQOBKgsaaTzCdpJZlJ0klSnN/gzmqaPl3dnthfTnq9x34oBttV65WzdlNJtpI8kGSvLPJCO9nYferop4NH7nl9vXP3u7tPToz1IE8dHx0+evLO4msfLNy/8dkX3y0WmU/3d8d19Yoh77WL5KZ/o9h/RNGuuwf8FUuvvP9lP/c3J7lrkP9OylQn74216/Y6ue/tP2r75vef3zrOvgJXr9fr9O+BWz2gccok3RTlbJJquSxnZ6vv8F+1JssXV9dennl+dX3lubpHKuCqdJPDhz+69uHUhfx/26ryD/xPVT9KHT6+tPN1f+GkVXeHgLG4rZr17/8zz2zeG/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmH5pJ/aC75h+aSf2iu8/kHAJqld63uJ5CButQ9/gAAAAAAAAAAAAAAAAAAAJdtT+wvn03jqvnJW8nxQ0naw+q3Bv9HnFw/eJ38sehv9puiajaSp+8YcQcjeq/mp69v+Kbe+p/eXm/9zZVk69Ukc+325euvOL3+/rkb/+TzzrMjFvibigvrDz4x3voX/bJTb/2Fg+Tj/vgzN2z8KXPLYD58/On2z9+I9V/6ecQdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDa/BgAA//8YZW08") r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x181242, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) write$binfmt_script(r2, &(0x7f0000000180)={'#! ', './file1'}, 0xb) fallocate(r0, 0x0, 0x1, 0x2000402) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0xc, r0, 0x4, 0x0, 0xd8, 0xffffffffffffffff}) 8.544084654s ago: executing program 5 (id=775): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x101842, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)) ioctl$PPPIOCSACTIVE(r0, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0}) pwrite64(r0, &(0x7f00000000c0)="49f675f5", 0x4, 0x5) readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/63, 0x3f}], 0x1) 8.066294389s ago: executing program 5 (id=777): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000440)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x2, 0x1, 0x0, 0x2, 0x2, 0x0, 0x60bd2c}, 0x10}}, 0x0) 7.467747925s ago: executing program 5 (id=779): syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000080)='./bus\x00', 0x0, &(0x7f0000002800)=ANY=[@ANYBLOB="73686f727461642c756e64656c6574652c73657373696f6e3d30303030000800003030303030303030303139302c6d6f64653d30303030303030303030303030303030303030303030352c726f6f746469723d30303030303030303030303030303030303030352c646d6f64653d30303030303030303030303030303030303030303030362c696f636861727365743d6370313235312c696f636861727365743d6b6f69382d722c6e6f7672732c0084f5b23d82aacbefd1de1daab7394a9b4696461da9ab46f2d71c895d8c"], 0xfc, 0xc41, &(0x7f0000001b80)="$eJzs3U9sHNd9B/DfG5Hi0m4rxnYUJ42LTVuksmK5+hdTsQp3VdNsA8gyEYq5BeCKpNSFKZIgqUY20oLupYceAhRFDzkRaI0CKRoYTRH0yLQukFx8KHLqiWhhIyh6YIsAOQUMZvatuKRJmzb/iLI+H5v67s68N/PezHJGIvjmBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ8QcvXTl7Lt3vVgAAh+na6NfOnnf/B4CHynX//gcAAAAAAAAAAAAAgKMuRRGPR4q5a2tpvHrfVrva6r1zd2xoePtq/amqeawqX37Vzp2/cPHLzw1e6uTV1swH1N9vn4tXRq9fqb84e3tufmphYWqyPjbTmpidnNr1FvZaf6vT1QGo3371zuTNmwv1889e2LT67sB7fY+eHLg8+PSZpzplx4aGh0c3itS6y/d87Ia07TTC43gUcSZSPPO9n6ZmRBSx92NRO9xzv1V/1YnTVSfGhoarjky3mjOL5cqRzoEoIupdlRqdY7T9uYie3kPtw84aEUtl88sGny67NzrXnG/emJ6qjzTnF1uLrdmZkdRubdmfehRxKUUsR8Rq3/s31xtF9ESK75xYSzci4ljnOHypGhi8czuKA+zjLpTtrPdGLBcPwDk7wvqiiJcjxc/ePhUT+TpTXWu+GPFymT+IeLPMFyJS+cG4GPHuNp8jHkw9UcRfluf/8lqarK4HnevK1a/Xvzpzc7arbOe68hHvD++7Utyn+0P/ljwcR/zaVIsimtUVfy19/L/sAAAAAAAAAAAAAAAAALDf+qOIz0aKl/7jT6pxxVGNSz9xefAPB361e8z4kx+ynbLssxGxVOxuTO7xPDBwJI2kdJ/HEj/MalHEn+bxf2/c78YAAAAAAAAAAAAAAAAAAAA81Ir4SaR4/p1TaTm65xRvzdyqX2/emG7PCtuZ+7czZ/r6+vp6PbWzkXM851LO5ZwrOVdzRpHr52zkHM+5lHM550rO1ZxxLNfP2cg5nnMp53LOlZyrOaMn18/ZyDmecynncs6VnKs544jM3QsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8ElSRBG/iBTf/uZaihQRjYjxaOdK3/1uHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQ6ktFfD9S1P+ocW9ZT0Sk6v+2U+UfF6NxvMzHojFY5gvRuJKzWWVP44370H72pjcV8eNI0Vd7K1JPe1k+/73td/c+BvHmtzbefS6XPdZZOfBe36MnT1weHP6NJ3d6nbZrwOmrrZk7d+tjQ8PDo12Le/LeH+taNpD3W+xT34lYeO31V5vT01PzH/9F+RHYQ/UH6EX5DXIEmuHFYb2IniPRjPvTdx4C5f3/3Ujxu+/8Z+eG377/1+JX2u/u3eHj53+2cf9/fuuGdnn/79laL9//y3v6dvf/x7uWPZ//NtLbE1FbvD3XezKitvDa62dat5u3pm5NzVw8e/Yrg4NfuXC293hE7WZreqrr1b4cLgAAAAAAAAAAAAAAAIDDk4r4/UjR/PFaqkfE3Wq81sDlwafPPHUsjlXjrTaN235l9PqV+ouzt+fmpxYWpibrYzOtidnJqd3urlYN9xobGj6Qznyo/gNuf3/txdm51+Zbt/54cdv1j9Su3FhYnG9ObL86+qOIaHQvOV01eGxouGr0dKs5U1Ud2XYw/UfXm4r4r0gxcbGevpCX5fH/W0f4bxr/v7R1Qwc0/v9TXcvKfaZUxM8jxe/81ZPxhaqdj8T7jlku93eR4vSlz+dycbws12nDY9VDBNojA8uy/xcp/ukXm8t2xkO2xyBWZc/t/sg+GMrzfyJSfP8vvhu/mZdtfv7D9uf/ka0bOqDz/0TXskc2Pa9gz10nn/8zkeKFx9+K38rLPuj5H51nb5zKhe89n+OAzv+nu5YN5P3+9v50HQAAAAAAAAAA4IHWm4r4+0jxw+Ge9Fxetpvf/5vcuqED+v2vz3Qtm9yf+Yo+9MWeDyoAAAAAHBG9qYifRIpbi2/dG0O9efx31/jP39sY/zmUtqytfs73a9VzA/bz53/dBvJ+x/febQAAAAAAAAAAAAAAAAAAADhSUiriuTyf+ng1nn9yx/nUVyLFS//zTC6XTpblOvPAD1R/1q7Nzpy5Mj09O9FcbN6YnqqPzjUnpsq6T0SKtb/9fK5bVPOrd+abb8/xvjEX+3ykGP6HTtn2XOyducmf2Ch7riz7qUjx3/+Yy66vV2U781h/eqPs+bLs30SKb/zL5u12yp7cKHuhLPvdSPGjb9Q7ZR8py3aej/qZjbLPTswWB3BWAAAAAAAAAAAAAAAAAAAAeNj0piL+PFL87+3le2P58/z/vV1vK29+q2u+/y3uVvP8D1Tz/+/0+uPM/189V2Bpp70CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAnU4oiXo8Uc9fW0kpf+b6tdrU1c+fu2NDw9tX6U1XzWFW+/KqdO3/h4pefG7zUyQ+uv98+G6+MXr9Sf3H29tz81MLC1GR9bKY1MTs5test7LX+VqerA1C//eqdyZs3F+rnn72wafXdgff6Hj05cHnw6TNPdcqODQ0Pj3aV6en9qDt9Y8c1aYflx6OIv44Uz3zvp+mHfRFF7P1YbPvZ6dt9L/aov+rE6aoTY0PDVUemW82ZxXLlSOdAFBH1rkqNzjHat3NxQBoRS2XzywafLrs3Otecb96YnqqPNOcXW4ut2ZmR1G5t2Z96FHEpRSxHxOo256A3ing1UnznxFr6176IY53j8KVro187e37ndhQH2MddKNtZ741YLh6Ac3aE9UUR/xwpfvb2qfi3voieaH/FFyNeLvMHEW9G+3yn8oNxMeLdw/te5oD1RBH/X57/y2vp7b7yetC5rlz9ev2rMzdnu8p2risHcn84PP2Hurcjfm2qRRE/qq74a+nffV8DAAAAAAAAAAAAAAAAHCFF/HqkeP6dU6kaH3xvTHFr5lb9evPGdHtYX2fsX2fM9Pr6+no9tbORczznUs7lnCs5V3NGkevnbJRZW18fz++Xci7nXMm5mjOO5fo5GznHcy7lXM65knM1Z/Tk+jkbOcdzLuVczrmSczVnHJGxewAAAAAAAAAAAAAAAAAAwCdLUf2X4tvfXEvrfe35pcejnSvmA/3E+2UAAAD//xtt+zc=") syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x4004) mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2200020, &(0x7f0000000000)) 6.58421345s ago: executing program 5 (id=783): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000e00)={0x0, 0x2904c, 0x5, 0x10003, '\x00', [{}, {0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x200}], ['\x00', '\x00', '\x00', '\x00', '\x00']}) 5.460026354s ago: executing program 5 (id=787): syz_mount_image$ext4(&(0x7f0000000140)='ext2\x00', &(0x7f0000000200)='./file1\x00', 0x4000, &(0x7f0000000240), 0xd, 0x603, &(0x7f0000001200)="$eJzs3c9rHdUeAPDv3Pxo0rQvaXm89/oWNiDSgjZp0laKuGi3UkL9gRs3xiattWkbmoimCk2hbgRxIyK4cmEF/wgtdtuVguDCjSspFJUuBa/MzUyam/sjyW1ubsx8PnCbmXNm5pzpzTdn5txz5gZQWMPpP6WIAxExm0QMJovLed2RZQ4vbffwj/fPpa8kyuWXf0siydLy7ZPs50C2c19EfP9dEvu7asudW7h+aXJmZvpatj46f3l2dG7h+pGLlycvTF+YvjL+7PjJE8dPnBw72tJ53aiTdubWW+8Mfjjx2pef/5mMffXzRBKn4oVsw5XnERE/lloqtdpwDFf+T5LarIGTm3D87aAr+z1Z+RYn3R2sEBuSv389EfHfGIyuePTmDcYHL3a0ckBblZOIMlBQifiHgsqvA/J7+1X3wbEZ98HA9vTg9FIHQG38dy/1DUZfpW9g98MkVnbrJBHRWs9ctT0Rce/uxK3zdyduRW0/HNBGizcj4n/14j+pxP9Q9MVQJf5LVfGfXheczX6m6S+1WP7qruLa+D/W4pGBtSzFf1/T+I8G8f/6ivh/o8Xyhx8tvtlfFf/9rZ4SAAAAAAAAFNad0xHxTL3P/0vL43+izvifgYg4tQnlD69ar/38v3R/E4oB6nhwOuL5uuN/S/no36GubGlvZTxAT3L+4sz00Yj4V0Qcjp5d6fpYkzKOfLT/s0Z5w9n4v/yVln8vGwuY1eN+967qfaYm5ycf97yBiAc3I/5fd/xvstz+J3Xa//Tvwew6y9j/1O2zjfLWjn+gXcpfRByq2/4/empF0vz5HKOV64HR/Kqg1hPvffxNo/JbjX+PmIDHl7b/u5vH/1Cy8nk9c3mPwPodW+guN8pr9fq/N3ml8siZ3izt3cn5+WtjEb3Jma40tSp9fIMVhh0qj4c8XtL4P/xk8/6/etf//RGxuOrYye/Vc4pz//lr4JdG9XH9D52Txv/Uhtr/jS+M3x76tlH562v/j1fa+sNZiv4/WPJpHqa91em1Ubgc0FVZW11fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgJShGxJ5LSyPJyqTQyEjEQEf+O3aWZq3PzT5+/+vaVqTSv8v3/pfybfgeX1pP8+/+HVqyPr1o/FhH7IuKTrv7K+si5qzNTnT55AAAAAAAAAAAAAAAAAAAA2CYGGsz/T/3a1enaAW3X3cI+e9tQD2Dr1Yn/HzpRD2DrtdL+AzuD+IfiEv9QXOIfikv8Q3GJfygu8Q/FJf4BAAAAAGBH2Xfwzk9JRCw+1195pXqzvJ6O1gxot1KnKwB0jEf8QHEZ+gPF5R4fSNbI72u401p7NjN77jF2BgAAAAAAAAAAAIDCOXTA/H8oKvP/objM/4fiyuf/H+xwPYCt17Pifh8ormYz+evO/19zLwAAAAAAAAAAAABgM80tXL80OTMzfW0zF3bFOjf+uh2lt7rw6vaoxlYulMvlG+lvwXapzz98IR8Kv8Wld8f6Ns7n+q3vyJ37mwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFT7OwAA//8yESP+") syz_pidfd_open(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_int(r1, 0x29, 0x4c, 0x0, &(0x7f0000000600)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x15, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@printk={@p, {}, {0x5}, {0x7, 0x0, 0xa}, {}, {}, {0x72, 0x9}}], {{}, {0x5}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 4.936283712s ago: executing program 2 (id=789): munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000003000000000000000000500851000000600000018020000", @ANYRES32, @ANYBLOB="0000000000ff00006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) 4.436453924s ago: executing program 8 (id=791): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0xfffffffd) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000080)={0x1, 0x1, &(0x7f0000000580)=""/249, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x0, 0x0}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1) 4.307122621s ago: executing program 2 (id=792): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newlink={0x40, 0x10, 0x403, 0x0, 0x2, {0x0, 0x0, 0x0, 0x0, 0x400}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0x2}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x3}]}}}]}, 0x40}, 0x1, 0xffffffea, 0x0, 0x4000}, 0x48044) 3.715095537s ago: executing program 2 (id=794): openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xd, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78}) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0}) 3.712037996s ago: executing program 7 (id=795): mkdir(&(0x7f0000000980)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={[{@subsystem='cpuset'}, {@subsystem='memory'}, {@subsystem='cpuacct'}]}) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000340)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000140), 0x1e) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f00000043c0)=ANY=[@ANYBLOB="003b09000000e9"], 0x2, 0x1a2, &(0x7f0000000440)="$eJzs0L9rE2Ecx/H397knPypUiYpDBRuweF6oJndVB6fgFCEHDi6CQUMam2KippfBlha6SEGq/Rd0qqMKOokoOBcHwUHPpZs0Q3EQB4nk8kTwb/B5Dfe57wfunodvK+pGGeD3/mqDMgmHg3xE0MC0jDqlRvnazN9Nbo2CS2beNPnM5FS0vHK73m43l/IX8+T+KYAfSfe3il5wTNEXysjn/dVGXW6GDMp01HxIrkrhEU6NrveYKT3J0Rs4DNxNLiu64lbhULHXuVeMllfOLHbqC82F5p0gmLtQOlcqnQ+KtxbbzdIrxHsoiies4YVkQia8NVI1HuzoA8wK4rVU7EihT7rG1o5z+uRsH+XtMUB45/bJfNWtvLrKKbLXh5evcER4ihMyU2VCoUkOqiBX1Evx9Sf9M6XIrjvO2cbd9vzGNSW/0ttl2cuKv0vK9QkKPnPD1XCY92zEzMRUYrZjdr8xLW+Gp4z3qteHz+dmOs4JSHO/3ust+Wn4IDokcEOCHEwmv1PJvXLw1nxjgi/jF8uyLMuyLMuyLOs/8CcAAP//o/hj9Q==") openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare(0x22000600) 3.234067106s ago: executing program 7 (id=796): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1cd) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lseek(r0, 0x100, 0x0) getdents64(r0, &(0x7f0000000540)=""/51, 0x33) 3.071779975s ago: executing program 8 (id=797): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) syz_emit_ethernet(0x6e, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000000180c200000086dd601220086b4b89"], 0x0) 3.025052284s ago: executing program 2 (id=798): rename(&(0x7f0000000080)='./file0/file0\x00', 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000024c0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000080)=@abs={0x1, 0x30}, 0x6e, 0x0}}], 0x2, 0xe0) 2.524909093s ago: executing program 8 (id=799): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000004c0)={0x79, 0x0, 0x3}) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000000000100000002"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.455939773s ago: executing program 7 (id=800): r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0xe, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 2.406425258s ago: executing program 2 (id=801): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008180)=[{{0x0, 0x0, 0x0}, 0x1ff}], 0x1, 0x40000103, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r4, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044) write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc) splice(r1, 0x0, r3, 0x0, 0x7151, 0x0) 1.851254655s ago: executing program 7 (id=802): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000002a00)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f0000002b00)={0x0, 0x0, &(0x7f0000002ac0)={&(0x7f0000002a40)={0x28, r1, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @random="e455fd172dd6"}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004}, 0x4000000) 1.591606083s ago: executing program 8 (id=803): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b55f8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000002600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 1.157983952s ago: executing program 7 (id=804): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x208000, &(0x7f00000017c0)={[{@noblock_validity}, {}, {@abort}, {@bsdgroups}, {@sb={'sb', 0x3d, 0x5}}, {@grpid}, {@data_ordered}, {@minixdf}, {@barrier}]}, 0x3, 0x583, &(0x7f0000000800)="$eJzs3V9rW+UfAPDvSdu1+/P7rYMx1Asp7MLJXLq2/pkgbF6KDgd6P0N7VkbTZTTpWOtg24W78UaGIOJAfAHeezl8A76KgQ6GjKoX3kROerJmbdOmXbZU8/nA2Z4n56Tf8+Q5z5PvOSchAfStseyfQsTLEfFVEnG4Zd1g5CvHVrdbeXxjOluSqNc/+T2JJH+suX2S/38wr7wUET9/EXGysDFudWl5rlQupwt5fbw2f3W8urR86vJ8aTadTa9MTk2deWtq8t133t5Jc/ZvtfL1C399+/H9D858eXzlmx8fHrmbxLk4lK9rbcczuNVaGYux/DUZinPrNpzoQrC9JOn1DrArA/k4H4psDjgcA/moB/77bkZEHehTifEPfaqZB2Tnv/t6m4r0xKP3V0+Amtc21q4DDK5eG4mRxrnRgZXkqTOj7Hx3tAvxsxg//XbvbrbENtchbnYhHkDTrdsRcXpwcOP8l+Tz3+6dblw83tr6GG3mv/pwNKZioIvuZ/nPG5vlP4Un+U9skv8c3GTs7sb247/wsAth2sryv/di8/bnRgfy2v8aOd9QculyOT0dEf+PiBMxNJzVt7qfc2blQb3dutb8L1uy+M1cMN+Ph4PDTz9nplQrPUubWz26HfHKWv6bxIb5f6SR667v/+z1uNBhjGPpvVfbrdu+/a26nwHXf4h4bdP+X7ujlWx9f3K8cTyMN4+Kjf68c+yXdvF31v7uy/r/wNbtH01a79dWdx7j+5G/03brdnv870s+bZSb56zXS7XawkTEvuSjjY9Prj23WW9un7X/xPGt57/Njv/9EfFZh+2/c/RO2033Qv/P7Kj/d1548OHn37WL31n/v9koncgf6WT+63QHn+W1AwAAAAAAgL2mEBGHIikUn5QLhWJx9fMdR+NAoVyp1k5eqixemYnGd2VHY6jQvNN9uOXzEBP552Gb9cl19amIOBIRXw/sb9SL05XyTK8bDwAAAAAAAAAAAAAAAAAAAHvEwTbf/8/8OtDrvQOeOz/5Df1r2/HfjV96AvYk7//Qv4x/6F/GP/Qv4x/6l/EP/Wsn43/kOe4H8OJ5/4f+ZfwDAAAAAAAAAAAAAAAAAAAAAAAAAABAV104fz5b6iuPb0xn9ZlrS4tzlWunZtLqXHF+cbo4XVm4WpytVGbLaXG6Mr/d3ytXKlcnJmPx+ngtrdbGq0vLF+cri1dqFy/Pl2bTi+nQC2kVAAAAAAAAAAAAAAAAAAAA/LtUl5bnSuVyuqDQtnA29sRu7LqQbNfLZ/ODYVchBnvfQIUOC8N/dL5xjycmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjxTwAAAP//YGEvig==") r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x802, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff00"/35], 0x119) 1.097490634s ago: executing program 2 (id=805): syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file1\x00', 0x800, &(0x7f0000001040)=ANY=[@ANYBLOB='uid=', @ANYRESDEC=0x0, @ANYBLOB="2c756e64656c6574652c6e6f7672732c6164696e6963622c766f6c756d653d30303030303030303030303030303030303030322c7569643d666f726765742c6769643d666f726765742c6e6f7374726963742c6e6f7672732c0085f95733019d784ca386da1fd41ffabd4b47acca2b8d488be702157dd8711c31732d"], 0xff, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x105042, 0x189) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffff7, 0x4012011, r0, 0x1000) syz_mount_image$hfsplus(&(0x7f0000000400), &(0x7f0000002300)='./file1\x00', 0x1000074, &(0x7f0000002240)=ANY=[@ANYRES8=0x0, @ANYRESHEX, @ANYRESOCT, @ANYRESOCT], 0x5, 0x6a3, &(0x7f0000001b80)="$eJzs3UtsHGcdAPD/rPfhDSh12iQNqBJWIxWEReKHnGIuNahClqhQVQ6I4ypxGisbt7Jd5EQIwvvAhUPvFAnfuIDEPaicgVOvPlZC4pKTAYlF87LXr/Wu43ht8ftFs/N98z3m+/4z49mdVbQB/N9amIjqk0hiYeKt9TS/uTHT3tyYeVCmI6IREZWIar6KZDki+ThiPvIlPpduLLpLDtvPh0tz73zydPPTPFctlqx+pVe7fW5VDtj4uFhiPCJGivUz2NXf7T391QfuLtmeYRqw62XgYNhqEdHZ5XtXd0qO1P91C5xZSX7f3HdBj0VciIjR4n1AflfM79lnV+PoKo9PYxwAAAAwZC/8KvsIf3HY4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDzpPj9/6RYKmV6PJLy9//rxbYo0ufak2EPAAAAAAAAAAAG963P7tnwha3YivW4WOY7Sfad/6tZ5nL2+pn4IFZjMVbiRqxHK9ZiLVZiKiLGsvJa9lpfb62trUz10XJ6u2V0tZzucwbN408eAAAAAAAAAM6L6uBNfhILO9//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAWZBEjOSrbLlcpseiUo2I0Yiop/UeR/ytTJ9Jv/lzd67zn05mX7UnpzkmAAAAGJIXtmIr1uNime8k2Wf+q9nn/tH4IJZjLZZiLdqxGHeyZwH5p/7K5sZMe3Nj5kG67O/36/8caBhZj5E/ezh4z9eyGs24G0vZlhtxO96LdtyJStYyda0cz8Hj+nE6puSNQp8ju1Os05n/OmoDzeo4kr5rjmURSUeUR2SyaJtG41LvSAx4dMo9lbGfisr2k5/LJxnz9Xz1+u/ydTqfXwwUk+dtbySmu86+q70jEfHFP/3+u/fay/cbd1cnzs6UBtDoeoK2NxIzXZF4ud9I3Duvkeg2mUXiynZ+Ib4Z34mJGI+3YyWW4vvRirVYjPF4M1oxEq3ifE5fx3pHan5X7u1iXTlsJPXsuNSKv6I9x9QoS97MRteKV7O2F2Mpvh3vxZ1YjFvZv+mYitdjNmZjrusIX+njqq/0vOqbezdc/1LXw+RfHlRjaNKBXdq+O3Wf9ZPZdXBp15adKL148vej6ueLRLqPn/Y6GU7d3khMdUXipd6R+G32Z2W1vXx/5V7r/T7391qxTq+jn5+pu0R6vryYHqwst/vsSMte2ls2mserXnzjkpftvuOmZVe2y466UuvFe7j9PU1nZS8fWDaTlV3rKtv1fms+f78FwJl34csX6s1/NP/a/Kj5s+a95luj32h8tfFKPWp/qX2tOjnyWuWV5I/xUfxw5/M/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwfKsPH91vtduLK3sSnU7nR4cUPcdEMyLKLRFHtarF0XWOTjSP0aoeEVmiWiYG22mjr8r1naPzxh+eJby1QVtFnMgxrRYn2cNH9//V6XQOq1yJfjqMyZM4x2o9zvmdRPkrafuKOuUPW53uddFv4t+dk+twSH+QgFNzc+3B+zdXHz76ytKD1ruL7y4uz83Ozk3Ozd76+827S+3Fyfx12KMEnoedm/6wRwIAAAAAAAAAAAD06zT+W8Ihu/7vKU8VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKcWJhpF6sZk+rq5MdNOlzK9XTGrVomI5AcRyccR85EvMdbVXXLYfj5cmnvnk6ebn+a5arFk9Su72tWOM4vHxRLjETFSrLuNPkN/t4v1sUaWSbZnOB9Ru14GDobtfwEAAP//axIEXA==") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r1, 0xc004ae02, &(0x7f0000001fc0)=ANY=[]) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) unshare(0x22020600) 991.573132ms ago: executing program 8 (id=806): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x2) syz_emit_ethernet(0x4e, &(0x7f0000000280)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "5b1c35", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@generic={0xfe, 0x2}]}}}}}}}}, 0x0) 741.764351ms ago: executing program 5 (id=807): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f00000000c0)='./file1\x00', 0x180481a, &(0x7f0000000140)=ANY=[], 0xfb, 0x69d, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvrDd2Ni0hSZM2oEq1GgkQEYkTKy3mQkAI5VBVVTlwthKnseKkxXGRWyHi8HrtoX9AOeSCOCFx4hKpcOBCb70hH5GQuJQD4cKimZ211971Zt0mXpt+PtHs8zrPPPObl32xognwuXXlbJoPUuTK2VdWy/L6/dml9fuztzr5V5tJppKsJWW2kaT4d7vd/jC5nBQbwxTb0j7vL869/vEn63/vlJr1UvVvDFtvm7rf2rbqtW7ddJKJOv0Mtox39TOPV2zM/HKSM3UKY3coSXuLH/3l6Y2WHq1Bax/ekzkCT1bRed/scyw5Ul/o5eeA7jtvY29nN7qpEftt/wQBAAAAB031HbjZV72l5osP8zCrxdE9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcaGubz/8v6qXRzU+n6D7/f7KuS53fX17YXfcHT2oeAAAAAAAAALCHXniYh1nN0W65XVR/83+xKpysXp/K27mThSznXFYzn5WsZDkXkhzrGWhydX5lZapbGrbmxUFrLl98xES7Q7cew04DAAAAAAAAwP+fn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgPyiSiU6S4l5P9bE0mkkOJ5ksK9aSj7r5g+zBuCcAAAAAe2AqeZjVHO2W20VOJnm2+g3gcN7O7axkMStZykKuVb8LdL71N9bvzy6t35+9VS79437nn7uaRjViOr89DN7y6apHK9ezWNWcy9W8maVcS6Nas3S6nk931G3zulfOqfh27eXRZnatTss9f69O+9zd1c7uZJc/phyrInKoE5GJZKaeWxmN490jM/gI7fLobNlSFnIhjY3Jnty2pcmtO7M15ptDNoZt70idlvvzq51iPhadSPy33bGQiz1n37PDY5589Q+/++FMnd8/uzSaiTptV6+t/nNiticSz40SiRtLt2/euH7n7EGLRJ+ZKhKnNspX8v38IGczndeynMX8OPNZyUKm870qN18f/KLnkt8hUpe3lF571Ewm6zO0c7B2N6cXq3WPZjGv5s1cy0Jeqv5dzIW8nEu5lLmeI3xq+BGurvpG/1VfaX9h4OTPfK3OtJL8uk73hzKux3viunnWz1TxPr6lZjNKJ0aI0oB74zDNL9eZchs/f9SNdE9tj8SFnkg8MzwSv6luK3eWbt9cvjH/1mibO/FenSmvo18m0/vnRlKeLyfKg1WVpracHWXbMxttW+NVtp3caGv0tZ3KH9NsdreymLUdr9TJ+jNc/0gXq7bnBrbNVm2ne9oGfd4CYN878vUjk61/tP7a+qD1i9aN1iuHvzv1zannJ3PoT4e+1ZyZ+Erj+eL3+SA/3fz+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHp33nn35vzS0sLytky73b770eCmETPd59V8ytW3Z7pPhRqhc6b/9lTZdUDTRNp3d2h6UpkvPZ3s1bb2b+Y/7Xa7ril26PPbP28P1FTGFLr6OX/tfRG6MWXGdksC9sj5lVtvnb/zzrvfWLw1/8bCGwu35y5dmpuZu/TS7Pnri0sLM53Xcc8SeBI23/THPRMAAAAAAAAAAABgVI/5/wysDWoa9z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB9uVs2k+SJELM+dmyvL6/dmlcunmN3s2kzSSFD9Jig+Ty+ksOdYzXLHTdt5fnHv940/W/9XuqMer+jeGrTeatXrJdJKJTnrvcY13tU6HKobtQrGxh2XAznQDB+P2vwAAAP//eL8QGw==") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 198.61854ms ago: executing program 7 (id=808): unshare(0x28040680) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, 0x0, 0x0) 0s ago: executing program 8 (id=809): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000040)={0x0, 0x100}, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) kernel console output (not intermixed with test programs): er cycle [ 408.517873][ T7062] loop0: detected capacity change from 0 to 64 [ 408.633582][ T7062] hfs: get root inode failed [ 409.058775][ T7064] loop4: detected capacity change from 0 to 1024 [ 409.835276][ T5853] usb 6-1: new low-speed USB device number 5 using dummy_hcd [ 410.243873][ T5853] usb 6-1: device descriptor read/8, error -71 [ 410.744128][ T7075] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.755104][ T7075] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.249841][ T1349] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.452605][ T1349] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.680293][ T1349] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.895849][ T1349] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.060414][ T5853] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 412.340000][ T5853] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 412.350183][ T5853] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.361121][ T5853] usb 6-1: Product: syz [ 412.365796][ T5853] usb 6-1: Manufacturer: syz [ 412.370684][ T5853] usb 6-1: SerialNumber: syz [ 412.387288][ T1349] batadv1: left allmulticast mode [ 412.392734][ T1349] batadv1: left promiscuous mode [ 412.399308][ T1349] bridge0: port 3(batadv1) entered disabled state [ 412.468665][ T1349] bridge_slave_1: left allmulticast mode [ 412.475018][ T1349] bridge_slave_1: left promiscuous mode [ 412.481797][ T1349] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.546994][ T5853] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 412.602966][ T1349] bridge_slave_0: left allmulticast mode [ 412.612183][ T1349] bridge_slave_0: left promiscuous mode [ 412.619161][ T1349] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.727190][ T11] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 413.492440][ T5853] usb 6-1: USB disconnect, device number 7 [ 413.838212][ T11] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 413.847340][ T11] ath9k_htc: Failed to initialize the device [ 413.859807][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 413.866843][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 413.867055][ T5853] usb 6-1: ath9k_htc: USB layer deinitialized [ 413.939199][ T1349] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 414.010895][ T1349] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 414.047208][ T1349] bond0 (unregistering): Released all slaves [ 414.759629][ T1349] hsr_slave_0: left promiscuous mode [ 414.788686][ T1349] hsr_slave_1: left promiscuous mode [ 414.799269][ T1349] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 414.810594][ T1349] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 414.925689][ T7091] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 414.936714][ T1349] veth1_macvtap: left promiscuous mode [ 414.949781][ T1349] veth0_macvtap: left promiscuous mode [ 414.958934][ T1349] veth1_vlan: left promiscuous mode [ 414.964725][ T1349] veth0_vlan: left promiscuous mode [ 416.104975][ T5806] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 416.125368][ T1349] team0 (unregistering): Port device team_slave_1 removed [ 416.185451][ T5806] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 416.204772][ T5806] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 416.215069][ T1349] team0 (unregistering): Port device team_slave_0 removed [ 416.298848][ T7104] loop5: detected capacity change from 0 to 1024 [ 416.333607][ T5806] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 416.348509][ T5806] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 417.492080][ T7111] loop0: detected capacity change from 0 to 2048 [ 417.558006][ T7111] EXT4-fs: Ignoring removed nomblk_io_submit option [ 417.681418][ T7111] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 418.112685][ T5799] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 418.385039][ T5806] Bluetooth: hci4: command tx timeout [ 418.500848][ T7101] chnl_net:caif_netlink_parms(): no params data found [ 419.637843][ T24] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 419.749600][ T7143] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 419.988292][ T7143] kvm: pic: non byte read [ 420.045124][ T24] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 420.055611][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.073254][ T24] usb 1-1: Product: syz [ 420.079776][ T24] usb 1-1: Manufacturer: syz [ 420.084950][ T24] usb 1-1: SerialNumber: syz [ 420.344990][ T24] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 420.495032][ T5806] Bluetooth: hci4: command tx timeout [ 420.663945][ T3073] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 420.888614][ T7101] bridge0: port 1(bridge_slave_0) entered blocking state [ 420.896566][ T7101] bridge0: port 1(bridge_slave_0) entered disabled state [ 420.904591][ T7101] bridge_slave_0: entered allmulticast mode [ 420.914700][ T7101] bridge_slave_0: entered promiscuous mode [ 421.090259][ T7101] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.098384][ T7101] bridge0: port 2(bridge_slave_1) entered disabled state [ 421.106457][ T7101] bridge_slave_1: entered allmulticast mode [ 421.116497][ T7101] bridge_slave_1: entered promiscuous mode [ 421.172382][ T11] usb 1-1: USB disconnect, device number 14 [ 421.790957][ T7101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 422.015955][ T7101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 422.130891][ T3073] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 422.138914][ T3073] ath9k_htc: Failed to initialize the device [ 422.185765][ T11] usb 1-1: ath9k_htc: USB layer deinitialized [ 422.247499][ T7155] loop1: detected capacity change from 0 to 32768 [ 422.402137][ T7155] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 422.440088][ T7101] team0: Port device team_slave_0 added [ 422.454947][ T7155] (syz.1.333,7155,1):ocfs2_clear_journal_error:1147 ERROR: File system error -318767104 recorded in journal 0. [ 422.462039][ T7101] team0: Port device team_slave_1 added [ 422.471529][ T7155] (syz.1.333,7155,1):ocfs2_clear_journal_error:1149 ERROR: File system on device loop1 needs checking. [ 422.534448][ T7155] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 422.547087][ T5806] Bluetooth: hci4: command tx timeout [ 422.780198][ T7101] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 422.792381][ T7101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 422.823352][ T7101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 423.003115][ T5798] ocfs2: Unmounting device (7,1) on (node local) [ 423.070762][ T7101] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 423.080550][ T7101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 423.112625][ T7101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 423.273491][ T7166] netlink: 8 bytes leftover after parsing attributes in process `syz.2.338'. [ 424.625578][ T5806] Bluetooth: hci4: command tx timeout [ 424.793175][ T7101] hsr_slave_0: entered promiscuous mode [ 424.806991][ T7101] hsr_slave_1: entered promiscuous mode [ 424.816843][ T7101] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 424.828082][ T7101] Cannot create hsr debugfs directory [ 426.178331][ T7188] FAULT_INJECTION: forcing a failure. [ 426.178331][ T7188] name failslab, interval 1, probability 0, space 0, times 0 [ 426.195498][ T7188] CPU: 1 UID: 0 PID: 7188 Comm: syz.1.344 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(undef) [ 426.195664][ T7188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 426.195751][ T7188] Call Trace: [ 426.195802][ T7188] [ 426.195853][ T7188] __dump_stack+0x26/0x30 [ 426.196033][ T7188] dump_stack_lvl+0x1df/0x270 [ 426.196215][ T7188] dump_stack+0x1e/0x25 [ 426.196375][ T7188] should_fail_ex+0x7dc/0x8a0 [ 426.196564][ T7188] should_failslab+0x15b/0x200 [ 426.196778][ T7188] kmem_cache_alloc_noprof+0xf0/0xec0 [ 426.196940][ T7188] ? skb_clone+0x3ca/0x580 [ 426.197146][ T7188] ? kmsan_get_metadata+0x105/0x1b0 [ 426.197352][ T7188] skb_clone+0x3ca/0x580 [ 426.197546][ T7188] __netlink_deliver_tap+0x695/0xdd0 [ 426.197747][ T7188] ? kmsan_get_metadata+0x105/0x1b0 [ 426.197966][ T7188] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 426.198183][ T7188] netlink_unicast+0x118a/0x1290 [ 426.198376][ T7188] netlink_sendmsg+0x10b3/0x1250 [ 426.198592][ T7188] ? __pfx_netlink_sendmsg+0x10/0x10 [ 426.198771][ T7188] ? __pfx_netlink_sendmsg+0x10/0x10 [ 426.198956][ T7188] __sock_sendmsg+0x330/0x3d0 [ 426.199105][ T7188] ____sys_sendmsg+0x7e0/0xd80 [ 426.199323][ T7188] ___sys_sendmsg+0x271/0x3b0 [ 426.199551][ T7188] ? __rcu_read_unlock+0x6d/0xd0 [ 426.199743][ T7188] ? __fget_files+0x3b4/0x4a0 [ 426.199927][ T7188] ? __fget_files+0x3b9/0x4a0 [ 426.200121][ T7188] ? kmsan_get_metadata+0x105/0x1b0 [ 426.200322][ T7188] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 426.200548][ T7188] __x64_sys_sendmsg+0x211/0x3e0 [ 426.200745][ T7188] ? kmsan_get_metadata+0x105/0x1b0 [ 426.200965][ T7188] x64_sys_call+0x32fb/0x3db0 [ 426.201151][ T7188] do_syscall_64+0xd9/0x1b0 [ 426.201343][ T7188] ? irqentry_exit+0x16/0x60 [ 426.201523][ T7188] ? clear_bhb_loop+0x40/0x90 [ 426.201671][ T7188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.201830][ T7188] RIP: 0033:0x7fb30dd8e969 [ 426.201935][ T7188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 426.202069][ T7188] RSP: 002b:00007fb30eb64038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 426.202207][ T7188] RAX: ffffffffffffffda RBX: 00007fb30dfb5fa0 RCX: 00007fb30dd8e969 [ 426.202314][ T7188] RDX: 0000000004000054 RSI: 0000200000000000 RDI: 0000000000000003 [ 426.202406][ T7188] RBP: 00007fb30eb64090 R08: 0000000000000000 R09: 0000000000000000 [ 426.202503][ T7188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 426.202590][ T7188] R13: 0000000000000000 R14: 00007fb30dfb5fa0 R15: 00007ffcbcbbd878 [ 426.202721][ T7188] [ 427.064779][ T7188] syz.1.344 (7188) used greatest stack depth: 2504 bytes left [ 427.182149][ T7101] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 427.225699][ T7101] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 427.324757][ T7101] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 427.365294][ T7101] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 428.589865][ T7101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 428.847581][ T7101] 8021q: adding VLAN 0 to HW filter on device team0 [ 428.964063][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 428.973089][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 429.106047][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 429.115141][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 429.459206][ T7101] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 429.476300][ T7101] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 429.671929][ T30] audit: type=1326 audit(1748000167.390:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7207 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcac258e969 code=0x7ffc0000 [ 429.818580][ T30] audit: type=1326 audit(1748000167.450:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7207 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fcac258e969 code=0x7ffc0000 [ 429.853671][ T30] audit: type=1326 audit(1748000167.450:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7207 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcac258e969 code=0x7ffc0000 [ 429.885595][ T30] audit: type=1326 audit(1748000167.460:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7207 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=243 compat=0 ip=0x7fcac258e969 code=0x7ffc0000 [ 429.924819][ T30] audit: type=1326 audit(1748000167.460:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7207 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcac258e969 code=0x7ffc0000 [ 429.957610][ T30] audit: type=1326 audit(1748000167.470:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7207 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=241 compat=0 ip=0x7fcac258e969 code=0x7ffc0000 [ 429.983514][ T30] audit: type=1326 audit(1748000167.470:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7207 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcac258e969 code=0x7ffc0000 [ 430.019756][ T30] audit: type=1326 audit(1748000167.470:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7207 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fcac258e969 code=0x7ffc0000 [ 430.055231][ T30] audit: type=1326 audit(1748000167.470:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7207 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcac258e969 code=0x7ffc0000 [ 430.086993][ T30] audit: type=1326 audit(1748000167.490:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7207 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcac258e969 code=0x7ffc0000 [ 430.663518][ T7214] netlink: get zone limit has 4 unknown bytes [ 431.980083][ T7224] loop1: detected capacity change from 0 to 1024 [ 432.115323][ T7101] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 432.145314][ T7224] hfsplus: failed to load root directory [ 432.338084][ T11] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 432.622122][ T11] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 432.635657][ T11] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.648582][ T11] usb 6-1: Product: syz [ 432.653964][ T11] usb 6-1: Manufacturer: syz [ 432.662983][ T11] usb 6-1: SerialNumber: syz [ 432.885882][ T11] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 433.017763][ T5853] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 433.348809][ T11] usb 6-1: USB disconnect, device number 8 [ 434.064972][ T5853] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 434.073781][ T5853] ath9k_htc: Failed to initialize the device [ 434.144967][ T11] usb 6-1: ath9k_htc: USB layer deinitialized [ 435.673946][ T7246] loop1: detected capacity change from 0 to 32768 [ 435.677224][ T7248] loop5: detected capacity change from 0 to 4096 [ 435.693154][ T7101] veth0_vlan: entered promiscuous mode [ 435.791738][ T7246] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 435.872926][ T7101] veth1_vlan: entered promiscuous mode [ 436.201323][ T11] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 436.229056][ T7246] XFS (loop1): Metadata CRC error detected at xfs_agf_read_verify+0x1b9/0x300, xfs_agf block 0x1 [ 436.246624][ T7101] veth0_macvtap: entered promiscuous mode [ 436.266310][ T7246] XFS (loop1): Unmount and run xfs_repair [ 436.274488][ T7246] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 436.280212][ T7101] veth1_macvtap: entered promiscuous mode [ 436.289876][ T7246] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 10 00 XAGF............ [ 436.303641][ T7246] 00000010: 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 01 ................ [ 436.317504][ T7246] 00000020: 00 00 00 01 00 00 00 07 00 00 00 01 00 00 00 06 ................ [ 436.327101][ T7246] 00000030: 00 00 00 06 00 00 0d cb 00 00 0d ca 00 00 00 00 ................ [ 436.337910][ T7246] 00000040: a2 f8 2a ab 77 f8 42 86 af d4 a8 f7 47 a7 4b ab ..*.w.B.....G.K. [ 436.358042][ T7246] 00000050: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 436.370125][ T7246] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 436.382891][ T7246] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 436.392763][ T7246] XFS (loop1): metadata I/O error in "xfs_read_agf+0x23d/0x550" at daddr 0x1 len 1 error 74 [ 436.409118][ T7246] XFS (loop1): Error -117 reserving per-AG metadata reserve pool. [ 436.418126][ T7246] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_fs_reserve_ag_blocks+0x4d7/0x590 (fs/xfs/xfs_fsops.c:566). Shutting down filesystem. [ 436.437771][ T7246] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 436.454917][ T7246] XFS (loop1): Ending clean mount [ 436.461374][ T7246] XFS (loop1): Error -5 reserving per-AG metadata reserve pool. [ 436.624662][ T7248] ntfs3(loop5): ino=b, Correct links count -> 1. [ 436.674575][ T11] usb 1-1: Using ep0 maxpacket: 16 [ 436.681022][ T7248] ntfs3(loop5): ino=18, mi_enum_attr [ 436.687165][ T7248] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 436.701902][ T11] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 436.713408][ T11] usb 1-1: config 0 has no interfaces? [ 436.719518][ T11] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 436.729101][ T11] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.882604][ T7101] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 436.956987][ T11] usb 1-1: config 0 descriptor?? [ 437.094535][ T7101] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 437.351047][ T7101] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.360487][ T7101] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.372253][ T7101] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.382838][ T7101] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 439.340482][ T24] usb 1-1: USB disconnect, device number 15 [ 439.910532][ T7283] loop1: detected capacity change from 0 to 32768 [ 439.921001][ T7283] ocfs2: Unknown parameter 'journal_async_coWmit' [ 440.105966][ T24] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 440.488618][ T7283] netlink: 112 bytes leftover after parsing attributes in process `syz.1.373'. [ 440.499777][ T7283] netlink: 112 bytes leftover after parsing attributes in process `syz.1.373'. [ 440.814566][ T24] usb 1-1: device descriptor read/64, error -71 [ 440.955859][ T7291] loop5: detected capacity change from 0 to 32768 [ 440.966225][ T7291] BTRFS warning: excessive commit interval 2147483649, use with care [ 440.974901][ T7291] btrfs: Deprecated parameter 'usebackuproot' [ 440.981252][ T7291] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 441.045492][ T7291] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.374 (7291) [ 441.107971][ T7291] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 441.118698][ T7291] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm [ 441.128209][ T7291] BTRFS info (device loop5): using free-space-tree [ 441.187730][ T24] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 441.202461][ T7296] loop1: detected capacity change from 0 to 256 [ 441.225707][ T7296] exfat: Deprecated parameter 'namecase' [ 441.326033][ T24] usb 1-1: device descriptor read/64, error -71 [ 441.382291][ T14] BTRFS warning (device loop5): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 441.402169][ T7291] BTRFS error (device loop5): failed to load root extent [ 441.410022][ T7291] BTRFS warning (device loop5): try to load backup roots slot 1 [ 441.427858][ T3971] BTRFS warning (device loop5): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 441.430556][ T7296] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 441.443270][ T7291] BTRFS warning (device loop5): couldn't read tree root [ 441.461732][ T7291] BTRFS warning (device loop5): try to load backup roots slot 2 [ 441.482945][ T24] usb usb1-port1: attempt power cycle [ 441.483606][ T4111] BTRFS error (device loop5): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 441.501044][ T7291] BTRFS warning (device loop5): couldn't read tree root [ 441.510443][ T7291] BTRFS warning (device loop5): try to load backup roots slot 3 [ 441.587839][ T7291] BTRFS info (device loop5): rebuilding free space tree [ 441.632058][ T7291] BTRFS info (device loop5): checking UUID tree [ 441.759651][ T7288] BTRFS info (device loop5): setting incompat feature flag for DEFAULT_SUBVOL (0x2) [ 441.895803][ T24] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 441.960126][ T24] usb 1-1: device descriptor read/8, error -71 [ 442.224974][ T24] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 442.270494][ T24] usb 1-1: device descriptor read/8, error -71 [ 442.403213][ T24] usb usb1-port1: unable to enumerate USB device [ 443.041961][ T7324] loop1: detected capacity change from 0 to 512 [ 443.073248][ T7324] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 443.246027][ T7324] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 443.262160][ T7324] ext4 filesystem being mounted at /71/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 443.318291][ T7324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 444.113539][ T6512] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 444.817796][ T24] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 444.978621][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 445.002325][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 445.013816][ T24] usb 1-1: config 0 has no interfaces? [ 445.019818][ T24] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 445.032770][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 445.100267][ T24] usb 1-1: config 0 descriptor?? [ 445.399572][ T5853] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 445.446539][ T1349] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 445.454872][ T1349] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 445.558972][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 445.570199][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 445.682205][ T5853] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 445.692009][ T5853] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 445.700449][ T5853] usb 2-1: Product: syz [ 445.705017][ T5853] usb 2-1: Manufacturer: syz [ 445.709871][ T5853] usb 2-1: SerialNumber: syz [ 445.817617][ T5853] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 445.998911][ T11] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 446.498754][ T5853] usb 2-1: USB disconnect, device number 19 [ 447.130511][ T11] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 447.138971][ T11] ath9k_htc: Failed to initialize the device [ 447.142783][ T7350] loop6: detected capacity change from 0 to 32768 [ 447.192461][ T5853] usb 2-1: ath9k_htc: USB layer deinitialized [ 447.231956][ T7350] btrfs: Deprecated parameter 'usebackuproot' [ 447.238680][ T7350] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 447.254313][ T7350] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.315 (7350) [ 447.294955][ T7350] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 447.316404][ T7350] BTRFS info (device loop6): using crc32c (crc32c-x86_64) checksum algorithm [ 447.330037][ T7350] BTRFS info (device loop6): using free-space-tree [ 447.458123][ T5885] usb 1-1: USB disconnect, device number 20 [ 447.491089][ T7350] BTRFS info (device loop6): rebuilding free space tree [ 447.673160][ T7369] netlink: 156 bytes leftover after parsing attributes in process `syz.5.386'. [ 447.796251][ T7350] input: syz0 as /devices/virtual/input/input21 [ 448.516632][ T7101] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 448.605162][ T7376] FAULT_INJECTION: forcing a failure. [ 448.605162][ T7376] name failslab, interval 1, probability 0, space 0, times 0 [ 448.623139][ T7376] CPU: 1 UID: 0 PID: 7376 Comm: syz.1.389 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(undef) [ 448.623296][ T7376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 448.623387][ T7376] Call Trace: [ 448.623441][ T7376] [ 448.623494][ T7376] __dump_stack+0x26/0x30 [ 448.623668][ T7376] dump_stack_lvl+0x1df/0x270 [ 448.623848][ T7376] dump_stack+0x1e/0x25 [ 448.624008][ T7376] should_fail_ex+0x7dc/0x8a0 [ 448.624190][ T7376] should_failslab+0x15b/0x200 [ 448.624410][ T7376] kmem_cache_alloc_noprof+0xf0/0xec0 [ 448.624569][ T7376] ? skb_clone+0x3ca/0x580 [ 448.624750][ T7376] ? kmsan_get_metadata+0x105/0x1b0 [ 448.624973][ T7376] skb_clone+0x3ca/0x580 [ 448.625172][ T7376] __netlink_deliver_tap+0x695/0xdd0 [ 448.625381][ T7376] ? kmsan_get_metadata+0x105/0x1b0 [ 448.625596][ T7376] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 448.625819][ T7376] netlink_dump+0x11ee/0x1690 [ 448.626053][ T7376] netlink_recvmsg+0xbda/0x1760 [ 448.626286][ T7376] ? __pfx_netlink_recvmsg+0x10/0x10 [ 448.626479][ T7376] sock_recvmsg+0x2df/0x390 [ 448.626641][ T7376] ____sys_recvmsg+0x193/0x610 [ 448.626831][ T7376] ? should_fail_ex+0x1c0/0x8a0 [ 448.627052][ T7376] ___sys_recvmsg+0x20b/0x850 [ 448.627281][ T7376] ? kmsan_get_metadata+0x105/0x1b0 [ 448.627486][ T7376] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 448.627700][ T7376] do_recvmmsg+0x40e/0xdf0 [ 448.627896][ T7376] ? stack_depot_save_flags+0x35/0x7c0 [ 448.628052][ T7376] ? kmsan_get_metadata+0x105/0x1b0 [ 448.628284][ T7376] __x64_sys_recvmmsg+0x383/0x500 [ 448.628504][ T7376] x64_sys_call+0x220d/0x3db0 [ 448.628692][ T7376] do_syscall_64+0xd9/0x1b0 [ 448.628878][ T7376] ? irqentry_exit+0x16/0x60 [ 448.629041][ T7376] ? clear_bhb_loop+0x40/0x90 [ 448.629200][ T7376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.629359][ T7376] RIP: 0033:0x7fb30dd8e969 [ 448.629465][ T7376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 448.629594][ T7376] RSP: 002b:00007fb30eb64038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 448.629724][ T7376] RAX: ffffffffffffffda RBX: 00007fb30dfb5fa0 RCX: 00007fb30dd8e969 [ 448.629829][ T7376] RDX: 0000000000000005 RSI: 0000200000001f80 RDI: 0000000000000003 [ 448.629920][ T7376] RBP: 00007fb30eb64090 R08: 0000000000000000 R09: 0000000000000000 [ 448.630010][ T7376] R10: 0000000040008062 R11: 0000000000000246 R12: 0000000000000001 [ 448.630098][ T7376] R13: 0000000000000000 R14: 00007fb30dfb5fa0 R15: 00007ffcbcbbd878 [ 448.630226][ T7376] [ 448.947561][ T7378] loop0: detected capacity change from 0 to 1024 [ 449.002322][ T7380] loop5: detected capacity change from 0 to 512 [ 449.118174][ T7380] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 449.517175][ T7380] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 449.533562][ T7380] ext4 filesystem being mounted at /40/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 449.813056][ T7380] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 451.959508][ T5885] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 452.265219][ T5885] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 452.274789][ T5885] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 452.283120][ T5885] usb 6-1: Product: syz [ 452.287745][ T5885] usb 6-1: Manufacturer: syz [ 452.292626][ T5885] usb 6-1: SerialNumber: syz [ 452.408735][ T5885] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 452.530446][ T11] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 453.516179][ T5885] usb 6-1: USB disconnect, device number 9 [ 453.598805][ T11] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 453.607462][ T11] ath9k_htc: Failed to initialize the device [ 453.657077][ T5885] usb 6-1: ath9k_htc: USB layer deinitialized [ 455.657106][ T7427] loop6: detected capacity change from 0 to 1024 [ 456.332484][ T7439] ip6erspan0: entered promiscuous mode [ 457.876668][ T11] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 458.124763][ T11] usb 1-1: Using ep0 maxpacket: 8 [ 458.171310][ T11] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 458.181675][ T11] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 458.192620][ T11] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 458.203181][ T11] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 458.217067][ T11] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 458.227094][ T11] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.686408][ T7444] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 458.696390][ T7444] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 458.844691][ T11] usb 1-1: GET_CAPABILITIES returned 11 [ 458.850843][ T11] usbtmc 1-1:16.0: can't read capabilities [ 459.072028][ T11] usb 1-1: USB disconnect, device number 21 [ 459.201307][ T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 459.413308][ T24] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 459.423121][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.436509][ T24] usb 7-1: Product: syz [ 459.441104][ T24] usb 7-1: Manufacturer: syz [ 459.446315][ T24] usb 7-1: SerialNumber: syz [ 459.513672][ T24] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 459.708521][ T3073] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 459.989288][ T24] usb 7-1: USB disconnect, device number 2 [ 461.123063][ T3073] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 461.140573][ T3073] ath9k_htc: Failed to initialize the device [ 461.152000][ T24] usb 7-1: ath9k_htc: USB layer deinitialized [ 462.539548][ T7476] loop5: detected capacity change from 0 to 1024 [ 462.697498][ T7481] program syz.0.427 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 462.940593][ T7481] loop0: detected capacity change from 0 to 512 [ 463.023440][ T7481] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 463.040754][ T7481] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 463.249084][ T7481] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.427: bg 0: block 104: invalid block bitmap [ 463.398286][ T7481] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 463.519813][ T7481] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.427: invalid indirect mapped block 1 (level 1) [ 463.655024][ T7481] EXT4-fs (loop0): 1 truncate cleaned up [ 463.668928][ T7481] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 464.765503][ T5799] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 465.463832][ T7495] loop6: detected capacity change from 0 to 40427 [ 465.541289][ T7495] F2FS-fs (loop6): build fault injection attr: rate: 771, type: 0x3fffff [ 465.554828][ T7495] F2FS-fs (loop6): invalid crc value [ 465.934307][ T24] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 466.010748][ T7495] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 466.082322][ T7495] F2FS-fs (loop6): inject inconsistent footer in sanity_check_node_footer of f2fs_get_inode_page+0x40/0x50 [ 466.094781][ T7495] F2FS-fs (loop6): inconsistent node block, node_type:1, nid:20, node_footer[nid:20,ino:20,ofs:0,cpver:0,blkaddr:0] [ 466.114494][ T24] usb 2-1: device descriptor read/64, error -71 [ 466.157335][ T7495] CPU: 1 UID: 0 PID: 7495 Comm: syz.6.430 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(undef) [ 466.157503][ T7495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 466.157591][ T7495] Call Trace: [ 466.157642][ T7495] [ 466.157694][ T7495] __dump_stack+0x26/0x30 [ 466.157881][ T7495] dump_stack_lvl+0x1df/0x270 [ 466.158062][ T7495] dump_stack+0x1e/0x25 [ 466.158229][ T7495] f2fs_handle_critical_error+0xa6f/0xc20 [ 466.158452][ T7495] f2fs_stop_checkpoint+0x60/0x70 [ 466.158653][ T7495] f2fs_update_inode_page+0x40d/0x700 [ 466.158842][ T7495] f2fs_add_orphan_inode+0x7e/0xd0 [ 466.159041][ T7495] f2fs_drop_nlink+0x488/0x4b0 [ 466.159259][ T7495] ? f2fs_mark_inode_dirty_sync+0x176/0x270 [ 466.159451][ T7495] f2fs_delete_inline_entry+0x895/0xdd0 [ 466.159664][ T7495] f2fs_delete_entry+0x6e6/0x2ce0 [ 466.159896][ T7495] f2fs_unlink+0x546/0xda0 [ 466.160088][ T7495] ? __pfx_f2fs_unlink+0x10/0x10 [ 466.160268][ T7495] vfs_unlink+0x616/0xab0 [ 466.160470][ T7495] ovl_cleanup+0x152/0x290 [ 466.160646][ T7495] ovl_get_workdir+0x173d/0x2630 [ 466.160875][ T7495] ovl_fill_super+0x1613/0x6230 [ 466.161043][ T7495] ? kmsan_get_metadata+0x105/0x1b0 [ 466.161254][ T7495] ? kmsan_get_metadata+0x105/0x1b0 [ 466.161455][ T7495] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 466.161698][ T7495] ? sget_fc+0x1551/0x16f0 [ 466.161881][ T7495] get_tree_nodev+0x164/0x360 [ 466.162049][ T7495] ? kmsan_get_metadata+0x105/0x1b0 [ 466.162254][ T7495] ? __pfx_ovl_fill_super+0x10/0x10 [ 466.162393][ T7495] ? __pfx_ovl_get_tree+0x10/0x10 [ 466.162540][ T7495] ovl_get_tree+0x35/0x40 [ 466.162681][ T7495] vfs_get_tree+0xb3/0x5c0 [ 466.162860][ T7495] ? mount_capable+0xd9/0x100 [ 466.163022][ T7495] do_new_mount+0x738/0x1610 [ 466.163204][ T7495] ? kmsan_get_metadata+0x105/0x1b0 [ 466.163399][ T7495] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 466.163628][ T7495] path_mount+0x6db/0x1e90 [ 466.163846][ T7495] ? user_path_at+0x32d/0x3d0 [ 466.164393][ T7495] __se_sys_mount+0x6eb/0x7d0 [ 466.164666][ T7495] __x64_sys_mount+0xe4/0x150 [ 466.164906][ T7495] x64_sys_call+0xfa7/0x3db0 [ 466.165114][ T7495] do_syscall_64+0xd9/0x1b0 [ 466.165312][ T7495] ? irqentry_exit+0x16/0x60 [ 466.165486][ T7495] ? clear_bhb_loop+0x40/0x90 [ 466.165644][ T7495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.165803][ T7495] RIP: 0033:0x7f1fce98e969 [ 466.165910][ T7495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 466.166038][ T7495] RSP: 002b:00007f1fcf897038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 466.166180][ T7495] RAX: ffffffffffffffda RBX: 00007f1fcebb5fa0 RCX: 00007f1fce98e969 [ 466.166284][ T7495] RDX: 0000200000000000 RSI: 0000200000000040 RDI: 0000000000000000 [ 466.166368][ T7495] RBP: 00007f1fcea10ab1 R08: 0000200000000100 R09: 0000000000000000 [ 466.166464][ T7495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 466.166551][ T7495] R13: 0000000000000000 R14: 00007f1fcebb5fa0 R15: 00007ffec05663e8 [ 466.166675][ T7495] [ 466.490753][ T7495] F2FS-fs (loop6): Stopped filesystem due to reason: 5 [ 466.501028][ T7495] F2FS-fs (loop6): f2fs_evict_inode: inconsistent node id, ino:20 [ 466.512374][ T7495] overlayfs: failed to set xattr on upper [ 466.518483][ T7495] overlayfs: ...falling back to redirect_dir=nofollow. [ 466.525815][ T7495] overlayfs: ...falling back to index=off. [ 466.531872][ T7495] overlayfs: ...falling back to uuid=null. [ 466.680697][ T24] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 466.824417][ T24] usb 2-1: device descriptor read/64, error -71 [ 466.977436][ T24] usb usb2-port1: attempt power cycle [ 467.418197][ T24] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 467.494289][ T24] usb 2-1: device descriptor read/8, error -71 [ 467.614599][ T11] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 467.759483][ T24] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 467.879411][ T24] usb 2-1: device descriptor read/8, error -71 [ 468.026805][ T24] usb usb2-port1: unable to enumerate USB device [ 468.042669][ T7101] syz-executor: attempt to access beyond end of device [ 468.042669][ T7101] loop6: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 468.618858][ T7523] loop5: detected capacity change from 0 to 256 [ 468.700020][ T14] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.161382][ T14] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.394000][ T14] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.602998][ T14] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.959542][ T7534] loop5: detected capacity change from 0 to 1024 [ 470.012090][ T14] bridge_slave_1: left allmulticast mode [ 470.021351][ T14] bridge_slave_1: left promiscuous mode [ 470.028358][ T14] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.063756][ T14] bridge_slave_0: left allmulticast mode [ 470.070620][ T14] bridge_slave_0: left promiscuous mode [ 470.080917][ T14] bridge0: port 1(bridge_slave_0) entered disabled state [ 471.899303][ T14] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 471.999532][ T14] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 472.051842][ T14] bond0 (unregistering): Released all slaves [ 472.225683][ T5807] Bluetooth: hci3: command 0x0406 tx timeout [ 472.688183][ T14] hsr_slave_0: left promiscuous mode [ 472.707827][ T14] hsr_slave_1: left promiscuous mode [ 472.717578][ T14] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 472.725827][ T14] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 472.767853][ T14] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 472.775994][ T14] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 472.855024][ T14] veth1_macvtap: left promiscuous mode [ 472.860969][ T14] veth0_macvtap: left promiscuous mode [ 472.867421][ T14] veth1_vlan: left promiscuous mode [ 472.873320][ T14] veth0_vlan: left promiscuous mode [ 474.105121][ T14] team0 (unregistering): Port device team_slave_1 removed [ 474.207098][ T14] team0 (unregistering): Port device team_slave_0 removed [ 474.865200][ T5806] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 474.925355][ T5806] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 474.939792][ T5806] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 475.047271][ T5806] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 475.069303][ T5806] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 475.338629][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 475.345684][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 476.424546][ T3073] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 476.584863][ T3073] usb 2-1: device descriptor read/64, error -71 [ 476.849759][ T3073] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 476.897767][ T7565] loop5: detected capacity change from 0 to 32768 [ 476.909942][ T7565] btrfs: Deprecated parameter 'usebackuproot' [ 476.916449][ T7565] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 476.956743][ T7565] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.451 (7565) [ 476.978339][ T7565] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 476.989120][ T7565] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm [ 477.001606][ T7565] BTRFS info (device loop5): using free-space-tree [ 477.049742][ T3073] usb 2-1: device descriptor read/64, error -71 [ 477.105531][ T5807] Bluetooth: hci4: command tx timeout [ 477.177369][ T3073] usb usb2-port1: attempt power cycle [ 477.239110][ T7565] BTRFS info (device loop5): rebuilding free space tree [ 477.372135][ T7553] chnl_net:caif_netlink_parms(): no params data found [ 477.443671][ T7565] input: syz0 as /devices/virtual/input/input22 [ 477.633985][ T3073] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 477.658644][ T3073] usb 2-1: device descriptor read/8, error -71 [ 477.917537][ T3073] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 477.967075][ T3073] usb 2-1: device descriptor read/8, error -71 [ 477.983187][ T6512] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 478.082535][ T3073] usb usb2-port1: unable to enumerate USB device [ 479.065443][ T7553] bridge0: port 1(bridge_slave_0) entered blocking state [ 479.073119][ T7553] bridge0: port 1(bridge_slave_0) entered disabled state [ 479.081107][ T7553] bridge_slave_0: entered allmulticast mode [ 479.090964][ T7553] bridge_slave_0: entered promiscuous mode [ 479.195577][ T5807] Bluetooth: hci4: command tx timeout [ 479.237926][ T7553] bridge0: port 2(bridge_slave_1) entered blocking state [ 479.245814][ T7553] bridge0: port 2(bridge_slave_1) entered disabled state [ 479.257283][ T7553] bridge_slave_1: entered allmulticast mode [ 479.267886][ T7553] bridge_slave_1: entered promiscuous mode [ 479.408412][ T7602] loop0: detected capacity change from 0 to 2048 [ 479.641834][ T7553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 479.753782][ T30] audit: type=1804 audit(1748000217.460:115): pid=7602 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.460" name="/newroot/93/file1/file1" dev="loop0" ino=1048609 res=1 errno=0 [ 479.797722][ T7553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 480.236495][ T7553] team0: Port device team_slave_0 added [ 480.325985][ T7553] team0: Port device team_slave_1 added [ 481.176187][ T7553] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 481.183685][ T7553] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 481.212954][ T7553] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 481.242842][ T7616] overlayfs: missing 'lowerdir' [ 481.281368][ T5807] Bluetooth: hci4: command tx timeout [ 481.282617][ T24] IPVS: starting estimator thread 0... [ 481.337123][ T7553] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 481.345055][ T7553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 481.373890][ T7613] loop1: detected capacity change from 0 to 4096 [ 481.382452][ T7553] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 481.425361][ T7617] IPVS: using max 240 ests per chain, 12000 per kthread [ 481.467603][ T24] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 481.681476][ T24] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83 [ 481.695426][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 481.709474][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 481.725503][ T24] usb 1-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 481.740222][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 481.872884][ T24] usb 1-1: config 0 descriptor?? [ 481.893018][ T7613] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 482.001964][ T24] em28xx 1-1:0.0: error: skipping audio endpoint 0x83, because it uses bulk transfers ! [ 482.007375][ T7553] hsr_slave_0: entered promiscuous mode [ 482.027064][ T7553] hsr_slave_1: entered promiscuous mode [ 482.037133][ T7553] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 482.045680][ T7553] Cannot create hsr debugfs directory [ 482.143053][ T24] usb 1-1: USB disconnect, device number 22 [ 483.078900][ T7621] loop5: detected capacity change from 0 to 32768 [ 483.088686][ T7621] btrfs: Deprecated parameter 'usebackuproot' [ 483.095460][ T7621] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 483.114774][ T7621] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.466 (7621) [ 483.242775][ T7621] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 483.259823][ T7621] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm [ 483.270474][ T7621] BTRFS info (device loop5): using free-space-tree [ 483.357019][ T5807] Bluetooth: hci4: command tx timeout [ 483.394582][ T7638] x_tables: duplicate underflow at hook 3 [ 483.503273][ T7621] BTRFS info (device loop5): rebuilding free space tree [ 483.645060][ T7621] input: syz0 as /devices/virtual/input/input23 [ 483.954595][ T24] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 484.079738][ T7553] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 484.134614][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 484.143604][ T7553] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 484.190979][ T24] usb 1-1: config 0 has no interfaces? [ 484.250640][ T24] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 484.262959][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.279179][ T24] usb 1-1: Product: syz [ 484.288830][ T24] usb 1-1: Manufacturer: syz [ 484.294633][ T24] usb 1-1: SerialNumber: syz [ 484.305372][ T7553] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 484.320090][ T24] usb 1-1: config 0 descriptor?? [ 484.364978][ T7553] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 484.418018][ T6512] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 485.571166][ T5853] usb 1-1: USB disconnect, device number 23 [ 485.936322][ T7553] 8021q: adding VLAN 0 to HW filter on device bond0 [ 486.147449][ T7553] 8021q: adding VLAN 0 to HW filter on device team0 [ 486.200344][ T4226] bridge0: port 1(bridge_slave_0) entered blocking state [ 486.208130][ T4226] bridge0: port 1(bridge_slave_0) entered forwarding state [ 486.302058][ T4226] bridge0: port 2(bridge_slave_1) entered blocking state [ 486.309862][ T4226] bridge0: port 2(bridge_slave_1) entered forwarding state [ 486.974576][ T5853] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 487.115152][ T5853] usb 2-1: device descriptor read/64, error -71 [ 487.364768][ T5853] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 487.547907][ T5853] usb 2-1: device descriptor read/64, error -71 [ 487.669396][ T5853] usb usb2-port1: attempt power cycle [ 488.095015][ T5853] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 488.137728][ T5853] usb 2-1: device descriptor read/8, error -71 [ 488.211621][ T7553] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 488.415378][ T5853] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 488.475250][ T7675] FAULT_INJECTION: forcing a failure. [ 488.475250][ T7675] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 488.492068][ T7675] CPU: 1 UID: 0 PID: 7675 Comm: syz.0.476 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(undef) [ 488.492232][ T7675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 488.492319][ T7675] Call Trace: [ 488.492371][ T7675] [ 488.492423][ T7675] __dump_stack+0x26/0x30 [ 488.492592][ T7675] dump_stack_lvl+0x1df/0x270 [ 488.492777][ T7675] dump_stack+0x1e/0x25 [ 488.492937][ T7675] should_fail_ex+0x7dc/0x8a0 [ 488.493127][ T7675] should_fail+0x2a/0x40 [ 488.493280][ T7675] should_fail_usercopy+0x2e/0x40 [ 488.493455][ T7675] _copy_from_iter+0x1ba/0x3220 [ 488.493596][ T7675] ? skb_set_owner_w+0x327/0x3c0 [ 488.493798][ T7675] ? kmsan_get_metadata+0x105/0x1b0 [ 488.494054][ T7675] hci_sock_sendmsg+0x79b/0x19f0 [ 488.494255][ T7675] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 488.494426][ T7675] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 488.494598][ T7675] __sock_sendmsg+0x330/0x3d0 [ 488.494749][ T7675] sock_write_iter+0x318/0x390 [ 488.494987][ T7675] vfs_write+0xb31/0x1560 [ 488.495206][ T7675] ? __pfx_sock_write_iter+0x10/0x10 [ 488.495422][ T7675] __x64_sys_write+0x1fb/0x4d0 [ 488.495629][ T7675] x64_sys_call+0x38c3/0x3db0 [ 488.495822][ T7675] do_syscall_64+0xd9/0x1b0 [ 488.496015][ T7675] ? irqentry_exit+0x16/0x60 [ 488.496195][ T7675] ? clear_bhb_loop+0x40/0x90 [ 488.496360][ T7675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.496521][ T7675] RIP: 0033:0x7f1f9e78e969 [ 488.496634][ T7675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 488.496780][ T7675] RSP: 002b:00007f1f9f662038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 488.496911][ T7675] RAX: ffffffffffffffda RBX: 00007f1f9e9b5fa0 RCX: 00007f1f9e78e969 [ 488.497013][ T7675] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000007 [ 488.497113][ T7675] RBP: 00007f1f9f662090 R08: 0000000000000000 R09: 0000000000000000 [ 488.497202][ T7675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 488.497288][ T7675] R13: 0000000000000000 R14: 00007f1f9e9b5fa0 R15: 00007ffcfe94c1f8 [ 488.497422][ T7675] [ 488.561038][ T5853] usb 2-1: device descriptor read/8, error -71 [ 488.976090][ T5853] usb usb2-port1: unable to enumerate USB device [ 489.354499][ T5860] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 489.521701][ T5860] usb 6-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 489.534835][ T5860] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.607560][ T5860] usb 6-1: config 0 descriptor?? [ 489.945215][ T7680] loop0: detected capacity change from 0 to 32768 [ 489.954799][ T7680] btrfs: Deprecated parameter 'usebackuproot' [ 489.961234][ T7680] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 490.040463][ T7680] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.478 (7680) [ 490.086333][ T7680] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 490.097077][ T7680] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm [ 490.109735][ T7680] BTRFS info (device loop0): using free-space-tree [ 490.264907][ T7680] BTRFS info (device loop0): rebuilding free space tree [ 490.403396][ T7680] input: syz0 as /devices/virtual/input/input24 [ 491.311657][ T5799] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 492.229052][ T5860] pegasus 6-1:0.0: setup Pegasus II specific registers [ 492.456167][ T5860] pegasus 6-1:0.0: can't locate MII phy, using default [ 492.528432][ T5860] pegasus 6-1:0.0: eth13, ELECOM USB Ethernet LD-USB20, de:ba:e8:ef:1a:ea [ 492.649560][ T7553] veth0_vlan: entered promiscuous mode [ 492.689545][ T5860] usb 6-1: USB disconnect, device number 10 [ 492.831952][ T7553] veth1_vlan: entered promiscuous mode [ 493.277658][ T7553] veth0_macvtap: entered promiscuous mode [ 493.407963][ T7553] veth1_macvtap: entered promiscuous mode [ 493.640216][ T7553] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 493.735674][ T7553] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 493.755740][ T11] usb 2-1: new full-speed USB device number 32 using dummy_hcd [ 493.880012][ T7553] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 493.890645][ T7553] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 493.909867][ T7553] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 493.921900][ T7553] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 493.980402][ T11] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 493.992267][ T11] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 494.007131][ T11] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 494.054017][ T7726] FAULT_INJECTION: forcing a failure. [ 494.054017][ T7726] name failslab, interval 1, probability 0, space 0, times 0 [ 494.067923][ T7726] CPU: 1 UID: 0 PID: 7726 Comm: syz.0.481 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(undef) [ 494.068083][ T7726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 494.068170][ T7726] Call Trace: [ 494.068221][ T7726] [ 494.068276][ T7726] __dump_stack+0x26/0x30 [ 494.068451][ T7726] dump_stack_lvl+0x1df/0x270 [ 494.068642][ T7726] dump_stack+0x1e/0x25 [ 494.068800][ T7726] should_fail_ex+0x7dc/0x8a0 [ 494.068984][ T7726] should_failslab+0x15b/0x200 [ 494.069196][ T7726] kmem_cache_alloc_noprof+0xf0/0xec0 [ 494.069360][ T7726] ? skb_clone+0x3ca/0x580 [ 494.069547][ T7726] ? kmsan_get_metadata+0x105/0x1b0 [ 494.069766][ T7726] skb_clone+0x3ca/0x580 [ 494.069960][ T7726] __netlink_deliver_tap+0x695/0xdd0 [ 494.070156][ T7726] ? kmsan_get_metadata+0x105/0x1b0 [ 494.070364][ T7726] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 494.070589][ T7726] netlink_unicast+0x118a/0x1290 [ 494.070781][ T7726] netlink_sendmsg+0x10b3/0x1250 [ 494.070990][ T7726] ? __pfx_netlink_sendmsg+0x10/0x10 [ 494.071163][ T7726] ? __pfx_netlink_sendmsg+0x10/0x10 [ 494.071367][ T7726] __sock_sendmsg+0x330/0x3d0 [ 494.071519][ T7726] ____sys_sendmsg+0x7e0/0xd80 [ 494.071740][ T7726] ___sys_sendmsg+0x271/0x3b0 [ 494.071946][ T7726] ? __rcu_read_unlock+0x6d/0xd0 [ 494.072133][ T7726] ? __fget_files+0x3b4/0x4a0 [ 494.072321][ T7726] ? __fget_files+0x3b9/0x4a0 [ 494.072509][ T7726] ? kmsan_get_metadata+0x105/0x1b0 [ 494.072720][ T7726] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 494.072939][ T7726] __x64_sys_sendmsg+0x211/0x3e0 [ 494.073136][ T7726] ? kmsan_get_metadata+0x105/0x1b0 [ 494.073351][ T7726] x64_sys_call+0x32fb/0x3db0 [ 494.073540][ T7726] do_syscall_64+0xd9/0x1b0 [ 494.073739][ T7726] ? irqentry_exit+0x16/0x60 [ 494.073908][ T7726] ? clear_bhb_loop+0x40/0x90 [ 494.074066][ T7726] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.074214][ T7726] RIP: 0033:0x7f1f9e78e969 [ 494.074320][ T7726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 494.074448][ T7726] RSP: 002b:00007f1f9f662038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 494.074585][ T7726] RAX: ffffffffffffffda RBX: 00007f1f9e9b5fa0 RCX: 00007f1f9e78e969 [ 494.074690][ T7726] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 494.074781][ T7726] RBP: 00007f1f9f662090 R08: 0000000000000000 R09: 0000000000000000 [ 494.074864][ T7726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 494.074947][ T7726] R13: 0000000000000000 R14: 00007f1f9e9b5fa0 R15: 00007ffcfe94c1f8 [ 494.075066][ T7726] [ 494.346980][ T7726] netlink: 32 bytes leftover after parsing attributes in process `syz.0.481'. [ 494.371583][ T11] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 494.383082][ T11] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.391846][ T11] usb 2-1: Product: syz [ 494.396390][ T11] usb 2-1: Manufacturer: syz [ 494.401251][ T11] usb 2-1: SerialNumber: syz [ 494.668961][ T11] usb 2-1: config 0 descriptor?? [ 494.677683][ T7719] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 494.745741][ T7719] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 494.776990][ T11] usb 2-1: ucan: probing device on interface #0 [ 495.465785][ T5853] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 495.505569][ T11] ucan 2-1:0.0 can0: registered device [ 496.495493][ T11] ucan 2-1:0.0 can0: firmware string: unknown [ 496.515700][ T11] usb 2-1: USB disconnect, device number 32 [ 496.737805][ T7738] loop5: detected capacity change from 0 to 32768 [ 496.747265][ T7738] BTRFS warning: excessive commit interval 2147483649, use with care [ 496.755845][ T7738] btrfs: Deprecated parameter 'usebackuproot' [ 496.765076][ T7738] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 496.777290][ T5853] usb 1-1: device descriptor read/64, error -71 [ 496.875645][ T7738] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.489 (7738) [ 497.026591][ T7738] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 497.037532][ T7738] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm [ 497.047071][ T7738] BTRFS info (device loop5): using free-space-tree [ 497.056730][ T5853] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 497.203070][ T79] BTRFS warning (device loop5): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 497.217496][ T7738] BTRFS error (device loop5): failed to load root extent [ 497.225329][ T7738] BTRFS warning (device loop5): try to load backup roots slot 1 [ 497.244922][ T5853] usb 1-1: device descriptor read/64, error -71 [ 497.269674][ T79] BTRFS warning (device loop5): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 497.288414][ T7738] BTRFS warning (device loop5): couldn't read tree root [ 497.296804][ T7738] BTRFS warning (device loop5): try to load backup roots slot 2 [ 497.389532][ T5853] usb usb1-port1: attempt power cycle [ 497.436304][ T79] BTRFS error (device loop5): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 497.447774][ T7738] BTRFS warning (device loop5): couldn't read tree root [ 497.455114][ T7738] BTRFS warning (device loop5): try to load backup roots slot 3 [ 497.523960][ T7738] BTRFS info (device loop5): rebuilding free space tree [ 497.568399][ T7738] BTRFS info (device loop5): checking UUID tree [ 497.795915][ T5853] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 497.841006][ T7737] BTRFS info (device loop5): setting incompat feature flag for DEFAULT_SUBVOL (0x2) [ 497.876719][ T5853] usb 1-1: device descriptor read/8, error -71 [ 498.206088][ T5853] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 498.589208][ T5853] usb 1-1: device descriptor read/8, error -71 [ 498.723260][ T5853] usb usb1-port1: unable to enumerate USB device [ 499.165687][ T6512] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 499.317419][ T5860] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 499.498986][ T7776] netlink: 4 bytes leftover after parsing attributes in process `syz.2.496'. [ 499.542838][ T7776] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 499.555313][ T7776] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 499.564586][ T7776] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 499.573653][ T7776] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 499.583679][ T7776] vxlan0: entered promiscuous mode [ 499.652718][ T5860] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 499.666819][ T5860] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 499.675771][ T5860] usb 1-1: Product: syz [ 499.680210][ T5860] usb 1-1: Manufacturer: syz [ 499.685243][ T5860] usb 1-1: SerialNumber: syz [ 499.759534][ T5860] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 499.856752][ T3073] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 500.156142][ T5853] usb 1-1: USB disconnect, device number 28 [ 500.201824][ C1] dummy_hcd dummy_hcd.0: timer fired with no URBs pending? [ 500.948068][ T3073] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 500.957129][ T3073] ath9k_htc: Failed to initialize the device [ 501.027680][ T5853] usb 1-1: ath9k_htc: USB layer deinitialized [ 502.160478][ T7789] loop5: detected capacity change from 0 to 32768 [ 502.170011][ T7789] XFS: noikeep mount option is deprecated. [ 502.260518][ T7789] XFS (loop5): DAX unsupported by block device. Turning off DAX. [ 502.271053][ T7789] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 502.547715][ T7789] XFS (loop5): Ending clean mount [ 502.571720][ T7789] XFS (loop5): Quotacheck needed: Please wait. [ 502.631142][ T7789] XFS (loop5): Quotacheck: Done. [ 502.753413][ T6512] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 502.875478][ T3073] usb 1-1: new full-speed USB device number 29 using dummy_hcd [ 502.969255][ T4171] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 502.978707][ T4171] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 503.162362][ T3073] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 503.177047][ T3073] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 503.189227][ T3073] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 503.255815][ T4226] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 503.263951][ T4226] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 503.341018][ T3073] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 503.350734][ T3073] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.362251][ T3073] usb 1-1: Product: syz [ 503.366881][ T3073] usb 1-1: Manufacturer: syz [ 503.371731][ T3073] usb 1-1: SerialNumber: syz [ 503.451462][ T3073] usb 1-1: config 0 descriptor?? [ 503.460615][ T7806] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 503.489341][ T7806] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 503.545560][ T3073] usb 1-1: ucan: probing device on interface #0 [ 504.182353][ T3073] ucan 1-1:0.0 can0: registered device [ 504.372461][ T3073] ucan 1-1:0.0 can0: firmware string: unknown [ 504.411763][ T3073] usb 1-1: USB disconnect, device number 29 [ 505.555545][ T7815] loop5: detected capacity change from 0 to 32768 [ 505.575781][ T7815] btrfs: Deprecated parameter 'usebackuproot' [ 505.582206][ T7815] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 505.610208][ T7815] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.501 (7815) [ 506.536294][ T7815] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 506.547444][ T7815] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm [ 506.559986][ T7815] BTRFS info (device loop5): using free-space-tree [ 507.013693][ T7815] BTRFS info (device loop5): rebuilding free space tree [ 507.172139][ T7815] input: syz0 as /devices/virtual/input/input25 [ 507.354930][ T5853] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 507.780198][ T5853] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 507.794513][ T5853] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.802879][ T5853] usb 1-1: Product: syz [ 507.807482][ T5853] usb 1-1: Manufacturer: syz [ 507.812359][ T5853] usb 1-1: SerialNumber: syz [ 507.992463][ T5853] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 508.098341][ T6512] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 508.117456][ T5859] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 508.621205][ T5853] usb 1-1: USB disconnect, device number 30 [ 509.214626][ T5859] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 509.222674][ T5859] ath9k_htc: Failed to initialize the device [ 509.266569][ T7858] loop1: detected capacity change from 0 to 32768 [ 509.278332][ T7858] XFS: attr2 mount option is deprecated. [ 509.337084][ T5853] usb 1-1: ath9k_htc: USB layer deinitialized [ 509.350975][ T7858] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 509.811630][ T7858] XFS (loop1): Ending clean mount [ 509.840104][ T7858] XFS (loop1): Quotacheck needed: Please wait. [ 509.935588][ T7858] XFS (loop1): Quotacheck: Done. [ 509.942030][ T7858] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 509.987184][ T7873] netlink: 4 bytes leftover after parsing attributes in process `syz.2.513'. [ 510.250729][ T7873] fuse: Unknown parameter 'rootqode' [ 510.306589][ T5859] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 510.408400][ T5853] usb 1-1: new full-speed USB device number 31 using dummy_hcd [ 510.504816][ T5859] usb 8-1: device descriptor read/64, error -71 [ 510.647145][ T5853] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 510.658757][ T5853] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 510.670834][ T5853] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 510.816733][ T5859] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 510.866860][ T5853] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 510.876795][ T5853] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 510.891125][ T5853] usb 1-1: Product: syz [ 510.898761][ T5853] usb 1-1: Manufacturer: syz [ 510.903620][ T5853] usb 1-1: SerialNumber: syz [ 510.934986][ T5853] usb 1-1: config 0 descriptor?? [ 510.956831][ T7877] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 510.984872][ T5859] usb 8-1: device descriptor read/64, error -71 [ 510.990953][ T3073] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 511.014433][ T7877] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 511.069135][ T5853] usb 1-1: ucan: probing device on interface #0 [ 511.101867][ T5859] usb usb8-port1: attempt power cycle [ 511.177874][ T3073] usb 2-1: Using ep0 maxpacket: 16 [ 511.228616][ T3073] usb 2-1: unable to get BOS descriptor or descriptor too short [ 511.272323][ T3073] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 511.283976][ T3073] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 511.364630][ T3073] usb 2-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.40 [ 511.374538][ T3073] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 511.382835][ T3073] usb 2-1: Product: syz [ 511.390424][ T3073] usb 2-1: Manufacturer: syz [ 511.395494][ T3073] usb 2-1: SerialNumber: syz [ 511.776713][ T7858] loop1: detected capacity change from 0 to 2048 [ 512.405464][ T7881] loop5: detected capacity change from 0 to 32768 [ 512.417136][ T7881] XFS: noikeep mount option is deprecated. [ 512.433770][ T5859] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 512.459214][ T5853] ucan 1-1:0.0 can0: registered device [ 512.525222][ T5859] usb 8-1: device descriptor read/8, error -71 [ 512.566430][ T7881] XFS (loop5): DAX unsupported by block device. Turning off DAX. [ 512.601064][ T7881] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 512.627528][ T7858] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 512.664928][ T5853] ucan 1-1:0.0 can0: firmware string: unknown [ 512.669904][ T7858] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 512.687141][ T5853] usb 1-1: USB disconnect, device number 31 [ 512.784675][ T5859] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 512.841430][ T5859] usb 8-1: device descriptor read/8, error -71 [ 512.973138][ T5859] usb usb8-port1: unable to enumerate USB device [ 513.691345][ T7881] XFS (loop5): Ending clean mount [ 513.705098][ T7881] XFS (loop5): Quotacheck needed: Please wait. [ 514.119235][ T7881] XFS (loop5): Quotacheck: Done. [ 514.406362][ T3073] usbhid 2-1:1.0: can't add hid device: -22 [ 514.413228][ T3073] usbhid 2-1:1.0: probe with driver usbhid failed with error -22 [ 514.445776][ T3073] usb 2-1: USB disconnect, device number 33 [ 514.617671][ T6512] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 515.458221][ T7905] loop0: detected capacity change from 0 to 32768 [ 515.467977][ T7905] btrfs: Deprecated parameter 'usebackuproot' [ 515.474553][ T7905] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 515.535354][ T7905] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.520 (7905) [ 515.586105][ T7905] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 515.597781][ T7905] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm [ 515.612007][ T7905] BTRFS info (device loop0): using free-space-tree [ 515.893985][ T7905] BTRFS info (device loop0): rebuilding free space tree [ 516.098140][ T7905] input: syz0 as /devices/virtual/input/input26 [ 516.143965][ T7922] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 516.660424][ T5799] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 517.574329][ T7935] loop5: detected capacity change from 0 to 128 [ 517.648757][ T7935] ADFS-fs (loop5): error: can't find an ADFS filesystem on dev loop5. [ 518.054883][ T3073] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 518.201386][ T7935] loop5: detected capacity change from 0 to 4096 [ 518.273420][ T3073] usb 8-1: Using ep0 maxpacket: 8 [ 518.291138][ T3073] usb 8-1: no configurations [ 518.296321][ T3073] usb 8-1: can't read configurations, error -22 [ 518.403453][ T7935] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 518.477490][ T3073] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 518.634517][ T3073] usb 8-1: Using ep0 maxpacket: 8 [ 518.651520][ T3073] usb 8-1: no configurations [ 518.657043][ T3073] usb 8-1: can't read configurations, error -22 [ 518.696240][ T3073] usb usb8-port1: attempt power cycle [ 518.831406][ T5859] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 518.865282][ T6512] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 519.068641][ T5859] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 519.074780][ T3073] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 519.078690][ T5859] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 519.098539][ T5859] usb 1-1: Product: syz [ 519.102964][ T5859] usb 1-1: Manufacturer: syz [ 519.108031][ T5859] usb 1-1: SerialNumber: syz [ 519.197934][ T3073] usb 8-1: Using ep0 maxpacket: 8 [ 519.236234][ T5859] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 519.240846][ T3073] usb 8-1: no configurations [ 519.253275][ T3073] usb 8-1: can't read configurations, error -22 [ 519.345527][ T5853] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 519.434851][ T3073] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 519.519584][ T3073] usb 8-1: Using ep0 maxpacket: 8 [ 519.555950][ T3073] usb 8-1: no configurations [ 519.561652][ T3073] usb 8-1: can't read configurations, error -22 [ 519.652396][ T5860] usb 1-1: USB disconnect, device number 32 [ 519.671337][ T3073] usb usb8-port1: unable to enumerate USB device [ 520.466729][ T5853] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 520.474804][ T5853] ath9k_htc: Failed to initialize the device [ 520.484828][ T5860] usb 1-1: ath9k_htc: USB layer deinitialized [ 520.541920][ T7950] loop5: detected capacity change from 0 to 32768 [ 520.551536][ T7950] XFS: noikeep mount option is deprecated. [ 520.651820][ T7950] XFS (loop5): DAX unsupported by block device. Turning off DAX. [ 520.665185][ T7950] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 520.873149][ T7950] XFS (loop5): Ending clean mount [ 520.895715][ T7950] XFS (loop5): Quotacheck needed: Please wait. [ 520.960018][ T7950] XFS (loop5): Quotacheck: Done. [ 521.162316][ T6512] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 523.479310][ T5853] usb 2-1: new full-speed USB device number 34 using dummy_hcd [ 523.587375][ T7987] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 523.767314][ T7987] kvm: pic: level sensitive irq not supported [ 523.767781][ T7987] kvm: pic: non byte read [ 523.780646][ T5853] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 523.799023][ T5853] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 523.813322][ T5853] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 524.024923][ T5853] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 524.035243][ T5853] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.044561][ T5853] usb 2-1: Product: syz [ 524.049338][ T5853] usb 2-1: Manufacturer: syz [ 524.054733][ T5853] usb 2-1: SerialNumber: syz [ 524.549517][ T7998] fuse: Bad value for 'fd' [ 525.116267][ T5853] usb 2-1: config 0 descriptor?? [ 525.134561][ T7985] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 525.142783][ T7985] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 525.335901][ T5853] usb 2-1: ucan: probing device on interface #0 [ 525.350533][ T7996] loop0: detected capacity change from 0 to 32768 [ 525.361942][ T7996] XFS: noikeep mount option is deprecated. [ 525.484933][ T7996] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 525.496500][ T7996] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 525.892888][ T7996] XFS (loop0): Ending clean mount [ 525.923264][ T7996] XFS (loop0): Quotacheck needed: Please wait. [ 525.998723][ T5853] ucan 2-1:0.0 can0: registered device [ 526.013843][ T7996] XFS (loop0): Quotacheck: Done. [ 526.030805][ T5859] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 526.186664][ T5799] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 526.188010][ T5853] ucan 2-1:0.0 can0: firmware string: unknown [ 526.233444][ T5853] usb 2-1: USB disconnect, device number 34 [ 526.298556][ T5859] usb 6-1: Using ep0 maxpacket: 16 [ 526.333445][ T5859] usb 6-1: config 7 has an invalid interface number: 247 but max is 0 [ 526.343266][ T5859] usb 6-1: config 7 has no interface number 0 [ 526.350770][ T5859] usb 6-1: config 7 interface 247 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 526.364573][ T5859] usb 6-1: config 7 interface 247 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 526.376870][ T5859] usb 6-1: config 7 interface 247 altsetting 0 bulk endpoint 0x9 has invalid maxpacket 0 [ 526.416579][ T5859] usb 6-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=6c.22 [ 526.426306][ T5859] usb 6-1: New USB device strings: Mfr=1, Product=74, SerialNumber=147 [ 526.436061][ T5859] usb 6-1: Product: syz [ 526.440500][ T5859] usb 6-1: Manufacturer: syz [ 526.446530][ T5859] usb 6-1: SerialNumber: syz [ 526.538519][ T5859] ni6501 6-1:7.247: driver 'ni6501' failed to auto-configure device. [ 527.086177][ T5853] usb 6-1: USB disconnect, device number 11 [ 528.380797][ T8032] loop0: detected capacity change from 0 to 8 [ 528.575121][ T5860] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 528.719700][ T8034] FAULT_INJECTION: forcing a failure. [ 528.719700][ T8034] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 528.733561][ T8034] CPU: 0 UID: 0 PID: 8034 Comm: syz.7.558 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(undef) [ 528.733718][ T8034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 528.733806][ T8034] Call Trace: [ 528.733861][ T8034] [ 528.733915][ T8034] __dump_stack+0x26/0x30 [ 528.734104][ T8034] dump_stack_lvl+0x1df/0x270 [ 528.734284][ T8034] dump_stack+0x1e/0x25 [ 528.734444][ T8034] should_fail_ex+0x7dc/0x8a0 [ 528.734625][ T8034] should_fail+0x2a/0x40 [ 528.734771][ T8034] should_fail_usercopy+0x2e/0x40 [ 528.734950][ T8034] _copy_to_iter+0x745/0x32f0 [ 528.735090][ T8034] ? kmsan_get_metadata+0x105/0x1b0 [ 528.735296][ T8034] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 528.735560][ T8034] __skb_datagram_iter+0x18f/0x1250 [ 528.735763][ T8034] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 528.735987][ T8034] skb_copy_datagram_iter+0x5b/0x1e0 [ 528.736172][ T8034] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 528.736407][ T8034] netlink_recvmsg+0x4bf/0x1760 [ 528.736635][ T8034] ? __pfx_netlink_recvmsg+0x10/0x10 [ 528.736817][ T8034] sock_recvmsg+0x2df/0x390 [ 528.736974][ T8034] ____sys_recvmsg+0x193/0x610 [ 528.737212][ T8034] ___sys_recvmsg+0x20b/0x850 [ 528.737433][ T8034] ? kmsan_get_metadata+0x105/0x1b0 [ 528.737625][ T8034] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 528.737841][ T8034] do_recvmmsg+0x40e/0xdf0 [ 528.738091][ T8034] __x64_sys_recvmmsg+0x206/0x500 [ 528.738300][ T8034] x64_sys_call+0x220d/0x3db0 [ 528.738489][ T8034] do_syscall_64+0xd9/0x1b0 [ 528.738669][ T8034] ? irqentry_exit+0x16/0x60 [ 528.738837][ T8034] ? clear_bhb_loop+0x40/0x90 [ 528.739003][ T8034] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.739157][ T8034] RIP: 0033:0x7fa777f8e969 [ 528.739259][ T8034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 528.739384][ T8034] RSP: 002b:00007fa778eb1038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 528.739516][ T8034] RAX: ffffffffffffffda RBX: 00007fa7781b5fa0 RCX: 00007fa777f8e969 [ 528.739620][ T8034] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 528.739718][ T8034] RBP: 00007fa778eb1090 R08: 0000200000003700 R09: 0000000000000000 [ 528.739815][ T8034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 528.739903][ T8034] R13: 0000000000000000 R14: 00007fa7781b5fa0 R15: 00007ffeef975878 [ 528.740041][ T8034] [ 528.803021][ T5860] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 528.807208][ C0] vkms_vblank_simulate: vblank timer overrun [ 529.058757][ T5860] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 529.070505][ T5860] usb 6-1: Product: syz [ 529.075135][ T5860] usb 6-1: Manufacturer: syz [ 529.080511][ T5860] usb 6-1: SerialNumber: syz [ 529.236982][ T8038] loop1: detected capacity change from 0 to 256 [ 529.304360][ T8038] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 529.315799][ T8038] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 529.318498][ T5860] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 529.455711][ T3073] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 529.557538][ T8038] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 529.987097][ T5859] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 530.324940][ T5859] usb 8-1: Using ep0 maxpacket: 32 [ 530.376605][ T5859] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 530.388221][ T5859] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 530.398495][ T5859] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 530.407981][ T5859] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.496209][ T5860] usb 6-1: USB disconnect, device number 12 [ 530.567989][ T3073] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 530.576034][ T3073] ath9k_htc: Failed to initialize the device [ 530.727793][ T5859] usb 8-1: config 0 descriptor?? [ 530.828689][ T5859] hub 8-1:0.0: USB hub found [ 531.078803][ T5859] hub 8-1:0.0: 1 port detected [ 531.540731][ T5860] usb 6-1: ath9k_htc: USB layer deinitialized [ 531.747118][ T5859] hub 8-1:0.0: activate --> -90 [ 532.071240][ T8050] loop5: detected capacity change from 0 to 64 [ 532.102860][ T8050] MINIX-fs: bad superblock [ 532.554827][ T5859] usb 8-1-port1: config error [ 532.562027][ T5853] usb 8-1: USB disconnect, device number 10 [ 536.738131][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 536.745117][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 537.953835][ T8112] loop5: detected capacity change from 0 to 512 [ 538.187584][ T8112] EXT4-fs error (device loop5): ext4_orphan_get:1391: inode #15: comm syz.5.592: casefold flag without casefold feature [ 538.310665][ T8112] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.592: couldn't read orphan inode 15 (err -117) [ 538.778261][ T8112] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 539.707406][ T6512] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 540.854867][ T8138] loop1: detected capacity change from 0 to 512 [ 540.906557][ T8138] EXT4-fs: Ignoring removed nobh option [ 541.331835][ T8143] loop5: detected capacity change from 0 to 764 [ 541.895571][ T8147] loop7: detected capacity change from 0 to 512 [ 541.971449][ T8147] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 542.152885][ T8147] EXT4-fs warning (device loop7): ext4_expand_extra_isize_ea:2848: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 542.166866][ T8147] EXT4-fs (loop7): 1 truncate cleaned up [ 542.175188][ T8147] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 542.458713][ T8138] EXT4-fs error (device loop1): ext4_do_update_inode:5211: inode #16: comm syz.1.600: corrupted inode contents [ 542.528440][ T8138] EXT4-fs (loop1): Remounting filesystem read-only [ 542.559771][ T8138] EXT4-fs (loop1): 1 truncate cleaned up [ 542.569193][ T8138] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 542.582790][ T8138] ext4 filesystem being mounted at /109/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 542.587825][ T1862] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 542.604649][ T1862] Quota error (device loop1): write_blk: dquota write failed [ 542.612314][ T1862] Quota error (device loop1): remove_free_dqentry: Can't write block (5) with free entries [ 542.623423][ T1862] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 542.634644][ T1862] Quota error (device loop1): write_blk: dquota write failed [ 542.645658][ T1862] Quota error (device loop1): free_dqentry: Can't move quota data block (5) to free list [ 542.657542][ T1862] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started [ 542.668326][ T1862] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 542.678010][ T1862] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 542.752202][ T8156] loop0: detected capacity change from 0 to 512 [ 542.790369][ T8156] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 542.804259][ T8156] ext4 filesystem being mounted at /122/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 543.003079][ T5799] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 543.131503][ T7553] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 543.177653][ T5798] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 543.610386][ T8172] loop1: detected capacity change from 0 to 16 [ 543.623658][ T8170] loop0: detected capacity change from 0 to 512 [ 543.707640][ T8170] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 543.733298][ T8172] erofs (device loop1): mounted with root inode @ nid 36. [ 543.856123][ T8170] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 543.872628][ T8170] ext4 filesystem being mounted at /123/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 544.720790][ T5799] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 545.612911][ T5860] kernel write not supported for file /snd/seq (pid: 5860 comm: kworker/1:4) [ 546.489052][ T8196] loop0: detected capacity change from 0 to 512 [ 546.574038][ T8196] EXT4-fs: Ignoring removed nobh option [ 547.359268][ T8196] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 547.948850][ T30] audit: type=1800 audit(1748000285.670:116): pid=8196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.622" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 548.095648][ T8205] loop7: detected capacity change from 0 to 2048 [ 548.385422][ T8205] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 548.507733][ T5799] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 548.910249][ T8213] loop5: detected capacity change from 0 to 1024 [ 549.183681][ T8213] netlink: 4 bytes leftover after parsing attributes in process `syz.5.627'. [ 549.532176][ T8215] loop0: detected capacity change from 0 to 512 [ 549.542723][ T8215] EXT4-fs: Ignoring removed nobh option [ 549.740056][ T8215] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.628: invalid indirect mapped block 256 (level 2) [ 549.846106][ T8215] EXT4-fs (loop0): 2 truncates cleaned up [ 549.854803][ T8215] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 550.006339][ T8221] cgroup: Unknown subsys name 'cpuset' [ 550.767228][ T5799] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 551.145894][ T8225] loop1: detected capacity change from 0 to 2048 [ 551.177124][ T8225] EXT4-fs: Ignoring removed nomblk_io_submit option [ 551.602395][ T8225] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 552.044895][ T8225] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.632: bg 0: block 2: invalid block bitmap [ 552.355687][ T8236] loop0: detected capacity change from 0 to 1024 [ 552.415861][ T8225] EXT4-fs (loop1): Remounting filesystem read-only [ 552.479615][ T8225] EXT4-fs warning (device loop1): ext4_xattr_inode_lookup_create:1597: inode #18: comm syz.1.632: cleanup dec ref error -117 [ 552.629313][ T8236] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 552.642317][ T8236] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 553.755077][ T5799] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 553.957561][ T8246] 9pnet_fd: Insufficient options for proto=fd [ 554.167958][ T1349] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.211244][ T5798] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 554.394904][ T1349] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.492017][ T8248] loop5: detected capacity change from 0 to 256 [ 554.623591][ T1349] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.672339][ T8248] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 554.962440][ T30] audit: type=1800 audit(1748000292.670:117): pid=8248 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.640" name="file1" dev="loop5" ino=1048617 res=0 errno=0 [ 555.108185][ T1349] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.528139][ T1349] bridge_slave_1: left allmulticast mode [ 555.534635][ T1349] bridge_slave_1: left promiscuous mode [ 555.545950][ T1349] bridge0: port 2(bridge_slave_1) entered disabled state [ 555.608562][ T1349] bridge_slave_0: left allmulticast mode [ 555.614930][ T1349] bridge_slave_0: left promiscuous mode [ 555.621641][ T1349] bridge0: port 1(bridge_slave_0) entered disabled state [ 556.232973][ T1349] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 556.252318][ T1349] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 556.271786][ T1349] bond0 (unregistering): Released all slaves [ 556.811660][ T1349] hsr_slave_0: left promiscuous mode [ 556.832374][ T1349] hsr_slave_1: left promiscuous mode [ 556.841016][ T1349] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 556.851942][ T1349] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 556.910166][ T1349] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 556.918985][ T1349] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 557.046425][ T1349] veth1_macvtap: left promiscuous mode [ 557.052264][ T1349] veth0_macvtap: left promiscuous mode [ 557.056845][ T8258] loop5: detected capacity change from 0 to 256 [ 557.061600][ T1349] veth1_vlan: left promiscuous mode [ 557.070542][ T1349] veth0_vlan: left promiscuous mode [ 557.472350][ T8258] exFAT-fs (loop5): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 557.707678][ T30] audit: type=1800 audit(1748000295.430:118): pid=8258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.646" name="file1" dev="loop5" ino=1048619 res=0 errno=0 [ 557.845907][ T8258] exFAT-fs (loop5): error, broken FAT chain. [ 557.852237][ T8258] exFAT-fs (loop5): Filesystem has been set read-only [ 557.860012][ T8258] exFAT-fs (loop5): error, failed to bmap (inode : ffff888013e94730 iblock : 13, err : -5) [ 558.077285][ T1349] team0 (unregistering): Port device team_slave_1 removed [ 558.163041][ T1349] team0 (unregistering): Port device team_slave_0 removed [ 558.944236][ T5806] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 558.965203][ T5806] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 558.977000][ T5806] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 559.046640][ T5806] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 559.075135][ T5806] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 560.281688][ T5860] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 560.465880][ T5860] usb 6-1: Using ep0 maxpacket: 16 [ 560.510825][ T5860] usb 6-1: config 7 has an invalid interface number: 192 but max is 1 [ 560.519693][ T5860] usb 6-1: config 7 has an invalid interface number: 237 but max is 1 [ 560.528499][ T5860] usb 6-1: config 7 has no interface number 0 [ 560.535060][ T5860] usb 6-1: config 7 has no interface number 1 [ 560.541437][ T5860] usb 6-1: config 7 interface 192 altsetting 1 endpoint 0x8 has an invalid bInterval 127, changing to 10 [ 560.553159][ T5860] usb 6-1: config 7 interface 192 has no altsetting 0 [ 560.562050][ T8273] loop0: detected capacity change from 0 to 8192 [ 560.572194][ T5860] usb 6-1: config 7 interface 237 has no altsetting 0 [ 560.614863][ T5860] usb 6-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=22.29 [ 560.624692][ T5860] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 560.632990][ T5860] usb 6-1: Product: syz [ 560.637569][ T5860] usb 6-1: Manufacturer: syz [ 560.642449][ T5860] usb 6-1: SerialNumber: syz [ 560.920100][ T5860] radio-usb-si4713 6-1:7.192: Si4713 development board discovered: (10C4:8244) [ 560.936799][ T8283] loop7: detected capacity change from 0 to 128 [ 561.062737][ T5860] radio-usb-si4713 6-1:7.192: probe with driver radio-usb-si4713 failed with error -71 [ 561.081135][ T5860] usbhid 6-1:7.192: couldn't find an input interrupt endpoint [ 561.130562][ T8283] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 561.141760][ T5860] usb 6-1: USB disconnect, device number 13 [ 561.188308][ T5806] Bluetooth: hci1: command tx timeout [ 561.195110][ T8283] ext4 filesystem being mounted at /34/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 561.446712][ T8269] chnl_net:caif_netlink_parms(): no params data found [ 561.606522][ T7553] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 561.980659][ T8299] loop5: detected capacity change from 0 to 512 [ 562.009717][ T8299] EXT4-fs (loop5): blocks per group (71) and clusters per group (32768) inconsistent [ 562.649347][ T8307] loop5: detected capacity change from 0 to 256 [ 562.770697][ T8269] bridge0: port 1(bridge_slave_0) entered blocking state [ 562.779624][ T8269] bridge0: port 1(bridge_slave_0) entered disabled state [ 562.787615][ T8269] bridge_slave_0: entered allmulticast mode [ 562.797692][ T8269] bridge_slave_0: entered promiscuous mode [ 562.828289][ T8269] bridge0: port 2(bridge_slave_1) entered blocking state [ 562.836134][ T8269] bridge0: port 2(bridge_slave_1) entered disabled state [ 562.844226][ T8269] bridge_slave_1: entered allmulticast mode [ 562.854313][ T8269] bridge_slave_1: entered promiscuous mode [ 562.870588][ T8307] exFAT-fs (loop5): failed to load upcase table (idx : 0x000104d0, chksum : 0x606c8cac, utbl_chksum : 0xe619d30d) [ 562.982051][ T8307] exFAT-fs (loop5): error, data size is invalid(10) [ 562.989841][ T8307] exFAT-fs (loop5): Filesystem has been set read-only [ 563.174808][ T8269] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 563.266326][ T5806] Bluetooth: hci1: command tx timeout [ 563.284569][ T8269] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 563.544323][ T8314] loop0: detected capacity change from 0 to 136 [ 563.558015][ T8269] team0: Port device team_slave_0 added [ 563.671813][ T8269] team0: Port device team_slave_1 added [ 563.785055][ T8269] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 563.792302][ T8269] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 563.819278][ T8269] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 563.853289][ T8269] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 563.862035][ T8269] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 563.888913][ T8269] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 564.190677][ T8269] hsr_slave_0: entered promiscuous mode [ 564.201294][ T8269] hsr_slave_1: entered promiscuous mode [ 564.210519][ T8269] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 564.218574][ T8269] Cannot create hsr debugfs directory [ 565.025324][ T8330] loop5: detected capacity change from 0 to 512 [ 565.099187][ T8330] EXT4-fs (loop5): blocks per group (95) and clusters per group (32768) inconsistent [ 565.240098][ T8325] loop0: detected capacity change from 0 to 256 [ 565.256794][ T8325] exfat: Bad value for 'uid' [ 565.261700][ T8325] exfat: Bad value for 'uid' [ 565.328685][ T8269] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 565.350533][ T5806] Bluetooth: hci1: command tx timeout [ 565.465883][ T8269] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 565.546512][ T8269] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 565.648016][ T8269] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 566.637699][ T8347] loop5: detected capacity change from 0 to 256 [ 566.654640][ T8269] 8021q: adding VLAN 0 to HW filter on device bond0 [ 566.660287][ T8347] exfat: Invalid uid '0x00000000ffffffff' [ 566.719382][ T5860] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 566.768512][ T8269] 8021q: adding VLAN 0 to HW filter on device team0 [ 566.851570][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 566.859458][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 566.947179][ T5860] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 566.958707][ T5860] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 566.968931][ T5860] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 566.970747][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 566.982294][ T5860] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 566.989616][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 566.998692][ T5860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.286184][ T5860] usb 1-1: config 0 descriptor?? [ 567.306037][ T8269] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 567.378611][ T8351] loop5: detected capacity change from 0 to 16 [ 567.425641][ T5806] Bluetooth: hci1: command tx timeout [ 567.439244][ T8351] erofs (device loop5): mounted with root inode @ nid 36. [ 567.845248][ T5860] plantronics 0003:047F:FFFF.0002: unbalanced delimiter at end of report description [ 567.879579][ T5860] plantronics 0003:047F:FFFF.0002: parse failed [ 567.887393][ T5860] plantronics 0003:047F:FFFF.0002: probe with driver plantronics failed with error -22 [ 568.039658][ T5853] usb 1-1: USB disconnect, device number 33 [ 568.288354][ T8357] loop5: detected capacity change from 0 to 2048 [ 568.355681][ T8357] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 569.840080][ T8269] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 570.791126][ T8376] loop0: detected capacity change from 0 to 512 [ 570.808224][ T8378] loop5: detected capacity change from 0 to 1024 [ 570.851344][ T8376] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.861835][ T8376] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 570.960011][ T8376] EXT4-fs error (device loop0): __ext4_fill_super:5502: inode #2: comm syz.0.687: iget: special inode unallocated [ 571.014726][ T8376] EXT4-fs (loop0): get root inode failed [ 571.020838][ T8376] EXT4-fs (loop0): mount failed [ 571.705309][ T8390] loop0: detected capacity change from 0 to 1024 [ 571.790086][ T51] hfsplus: b-tree write err: -5, ino 4 [ 572.346935][ T8269] veth0_vlan: entered promiscuous mode [ 572.445466][ T8269] veth1_vlan: entered promiscuous mode [ 572.769887][ T8269] veth0_macvtap: entered promiscuous mode [ 572.807525][ T8269] veth1_macvtap: entered promiscuous mode [ 572.992296][ T8269] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 573.106313][ T8269] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 573.216807][ T8269] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 573.228166][ T8269] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 573.237456][ T8269] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 573.246661][ T8269] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 574.474883][ T8422] loop5: detected capacity change from 0 to 512 [ 574.545738][ T8422] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 574.685137][ T8422] EXT4-fs (loop5): 1 truncate cleaned up [ 574.699586][ T8422] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 574.886004][ T8422] syz.5.704 (pid 8422) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 574.970035][ T8422] EXT4-fs (loop5): shut down requested (1) [ 575.025122][ T8422] fscrypt (loop5, inode 18): Error -5 getting encryption context [ 575.326568][ T6512] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 575.762143][ T8438] loop5: detected capacity change from 0 to 512 [ 575.823523][ T8438] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 575.875978][ T8446] cgroup: Unknown subsys name 'cpuset' [ 576.006834][ T8438] EXT4-fs (loop5): 1 truncate cleaned up [ 576.015591][ T8438] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 576.809825][ T8459] loop7: detected capacity change from 0 to 8 [ 577.106455][ T5860] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 577.462434][ T5860] usb 1-1: Using ep0 maxpacket: 32 [ 577.517648][ T5860] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 577.529299][ T5860] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 577.540036][ T5860] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 577.549537][ T5860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.851072][ T5860] usb 1-1: config 0 descriptor?? [ 577.916257][ T5860] hub 1-1:0.0: USB hub found [ 578.233098][ T8456] loop0: detected capacity change from 0 to 128 [ 578.255442][ T8456] EXT4-fs: Ignoring removed nobh option [ 578.522470][ T8456] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 578.700838][ T8456] ext4 filesystem being mounted at /146/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 578.926807][ T5860] hub 1-1:0.0: 1 port detected [ 579.144966][ T5860] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 579.151963][ T5860] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 579.283105][ T6512] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 579.302710][ T5860] usbhid 1-1:0.0: can't add hid device: -71 [ 579.312061][ T5860] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 579.361791][ T5860] usb 1-1: USB disconnect, device number 34 [ 579.575044][ T5853] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 579.752367][ T5853] usb 8-1: Using ep0 maxpacket: 32 [ 579.829843][ T5853] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 579.841907][ T5853] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 579.852714][ T5853] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 579.862332][ T5853] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 579.935665][ T5799] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 579.959334][ T5853] usb 8-1: config 0 descriptor?? [ 580.463238][ T5853] savu 0003:1E7D:2D5A.0003: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.7-1/input0 [ 580.655370][ T8492] kvm: emulating exchange as write [ 580.702045][ T5853] usb 8-1: USB disconnect, device number 11 [ 580.722586][ T8490] loop5: detected capacity change from 0 to 512 [ 580.742785][ T8490] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 580.917787][ T2956] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 580.926728][ T2956] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 580.928686][ T8490] EXT4-fs (loop5): 1 truncate cleaned up [ 580.950828][ T8490] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 581.157875][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 581.166294][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 582.259162][ T8499] loop0: detected capacity change from 0 to 512 [ 582.364836][ T8499] EXT4-fs (loop0): Test dummy encryption mode enabled [ 582.378485][ T8499] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.510323][ T8499] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.724: bad orphan inode 131083 [ 582.589137][ T8499] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 583.261807][ T5799] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 583.361482][ T8510] loop7: detected capacity change from 0 to 128 [ 583.490206][ T8510] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 583.519503][ T8512] loop8: detected capacity change from 0 to 128 [ 583.641674][ T8510] ext4 filesystem being mounted at /41/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 584.386147][ T6512] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 584.462171][ T7553] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 584.599924][ T8521] 9pnet_fd: Insufficient options for proto=fd [ 584.807968][ T8525] loop7: detected capacity change from 0 to 128 [ 584.847034][ T8525] FAT-fs (loop7): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 584.891441][ T8530] loop8: detected capacity change from 0 to 128 [ 585.008598][ T8530] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 585.107164][ T8530] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 585.150303][ T8525] syz.7.733: attempt to access beyond end of device [ 585.150303][ T8525] loop7: rw=34817, sector=121, nr_sectors = 21 limit=128 [ 585.751693][ T8269] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 585.779336][ T3971] FAT-fs (loop7): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 586.103888][ T8545] loop5: detected capacity change from 0 to 128 [ 586.276239][ T8545] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 586.305279][ T8545] ext4 filesystem being mounted at /109/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 586.502349][ T8553] loop0: detected capacity change from 0 to 1024 [ 586.557137][ T8553] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 586.596966][ T8548] loop7: detected capacity change from 0 to 1024 [ 586.635794][ T5860] usb 6-1: new full-speed USB device number 14 using dummy_hcd [ 586.657244][ T8553] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 586.675849][ T8548] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 586.691897][ T8558] loop8: detected capacity change from 0 to 1024 [ 586.694553][ T8548] EXT4-fs (loop7): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 586.711178][ T8548] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869) [ 586.721372][ T8548] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 586.732107][ T8548] EXT4-fs error (device loop7): ext4_get_journal_inode:5798: comm syz.7.742: inode #1: comm syz.7.742: iget: illegal inode # [ 586.747664][ T8548] EXT4-fs (loop7): Remounting filesystem read-only [ 586.754942][ T8548] EXT4-fs (loop7): no journal found [ 586.835050][ T5860] usb 6-1: unable to get BOS descriptor or descriptor too short [ 586.846773][ T5860] usb 6-1: not running at top speed; connect to a high speed hub [ 586.887116][ T5860] usb 6-1: config 1 has an invalid descriptor of length 242, skipping remainder of the config [ 586.898232][ T5860] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4 [ 586.965122][ T5860] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 586.980110][ T5860] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.990314][ T5860] usb 6-1: Product: syz [ 586.994916][ T5860] usb 6-1: Manufacturer: syz [ 586.999828][ T5860] usb 6-1: SerialNumber: syz [ 587.148103][ T5799] EXT4-fs error (device loop0): ext4_read_inline_dir:1501: inode #12: block 7: comm syz-executor: path /152/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 587.236261][ T5799] EXT4-fs error (device loop0): ext4_read_inline_dir:1501: inode #12: block 7: comm syz-executor: path /152/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 587.306334][ T5799] EXT4-fs error (device loop0): empty_inline_dir:1785: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0 [ 587.415956][ T5799] EXT4-fs warning (device loop0): empty_inline_dir:1792: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 587.442669][ T5860] usb 6-1: USB disconnect, device number 14 [ 587.470129][ T5799] EXT4-fs error (device loop0): ext4_read_inline_dir:1501: inode #12: block 7: comm syz-executor: path /152/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 587.511235][ T8565] loop7: detected capacity change from 0 to 1024 [ 587.535810][ T5799] EXT4-fs error (device loop0): ext4_read_inline_dir:1501: inode #12: block 7: comm syz-executor: path /152/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 587.563842][ T8565] hfsplus: Bad value for 'type' [ 587.614990][ T5799] EXT4-fs error (device loop0): empty_inline_dir:1785: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0 [ 587.643717][ T5799] EXT4-fs warning (device loop0): empty_inline_dir:1792: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 587.667600][ T5799] EXT4-fs error (device loop0): ext4_read_inline_dir:1501: inode #12: block 7: comm syz-executor: path /152/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 587.731249][ T5799] EXT4-fs error (device loop0): ext4_read_inline_dir:1501: inode #12: block 7: comm syz-executor: path /152/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 587.770869][ T5799] EXT4-fs error (device loop0): empty_inline_dir:1785: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0 [ 587.828373][ T8568] cgroup: Unknown subsys name 'cpuset' [ 587.835959][ T5799] EXT4-fs warning (device loop0): empty_inline_dir:1792: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 587.907879][ T5799] EXT4-fs error (device loop0): ext4_read_inline_dir:1501: inode #12: block 7: comm syz-executor: path /152/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 588.020193][ T5799] EXT4-fs warning (device loop0): empty_inline_dir:1792: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 588.073344][ T6512] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 588.099194][ T5799] EXT4-fs warning (device loop0): empty_inline_dir:1792: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 588.178322][ T8570] loop8: detected capacity change from 0 to 128 [ 588.226441][ T8570] vfat: Unknown parameter '0xffffffffffffffff' [ 588.256836][ T5799] EXT4-fs warning (device loop0): empty_inline_dir:1792: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 588.344755][ T5799] EXT4-fs warning (device loop0): empty_inline_dir:1792: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 588.420316][ T5799] EXT4-fs warning (device loop0): empty_inline_dir:1792: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 588.490437][ T5799] EXT4-fs warning (device loop0): empty_inline_dir:1792: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 588.541715][ T8575] loop7: detected capacity change from 0 to 512 [ 588.562649][ T5799] EXT4-fs warning (device loop0): empty_inline_dir:1792: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 588.621943][ T8575] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended [ 588.631926][ T8575] EXT4-fs (loop7): blocks per group (255) and clusters per group (8192) inconsistent [ 589.339847][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.348433][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.357086][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.365359][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.373463][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.381791][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.390181][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.398466][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.406789][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.415055][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.423271][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.431603][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.446322][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.456568][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.464810][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.472952][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.482026][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.490258][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.499004][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.507462][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.516005][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.524366][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.532603][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.547723][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.558011][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.566298][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.574671][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.582783][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.591878][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.600148][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.608459][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.616817][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.625191][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.633304][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.648378][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.658512][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.667009][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.675322][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.683459][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.691782][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.700102][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.708412][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.716681][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.725223][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.733331][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.748363][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.758770][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.767063][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.775333][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.783468][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.791799][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.800061][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.808350][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: unknown main item tag 0x0 [ 589.879780][ T5860] hid-generic 0000:007F:FFFFFFFE.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 590.440865][ T8602] tracefs: Bad value for 'mode' [ 590.743444][ T8604] cgroup: Unknown subsys name 'cpuset' [ 591.090657][ T5799] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 591.476697][ T8615] netlink: 8 bytes leftover after parsing attributes in process `syz.7.768'. [ 592.777090][ T5860] usb 9-1: new full-speed USB device number 2 using dummy_hcd [ 592.960699][ T5860] usb 9-1: unable to get BOS descriptor or descriptor too short [ 592.981968][ T5860] usb 9-1: not running at top speed; connect to a high speed hub [ 593.014366][ T5860] usb 9-1: config 10 has an invalid interface number: 133 but max is 0 [ 593.028962][ T5860] usb 9-1: config 10 has no interface number 0 [ 593.071078][ T5807] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 593.086330][ T5807] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 593.101554][ T5807] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 593.110626][ T5860] usb 9-1: New USB device found, idVendor=0403, idProduct=da70, bcdDevice= 4.26 [ 593.125622][ T5860] usb 9-1: New USB device strings: Mfr=23, Product=235, SerialNumber=7 [ 593.136268][ T5860] usb 9-1: Product: syz [ 593.140731][ T5860] usb 9-1: Manufacturer: syz [ 593.145776][ T5860] usb 9-1: SerialNumber: syz [ 593.161270][ T5807] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 593.176420][ T5807] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 593.568939][ T5860] usb 9-1: NDI device with a latency value of 1 [ 593.577024][ T5860] ftdi_sio 9-1:10.133: FTDI USB Serial Device converter detected [ 593.587205][ T5860] ftdi_sio ttyUSB0: unknown device type: 0x426 [ 593.598090][ T5860] usb 9-1: USB disconnect, device number 2 [ 593.606491][ T5860] ftdi_sio 9-1:10.133: device disconnected [ 593.982370][ T8643] loop5: detected capacity change from 0 to 2048 [ 594.032708][ T8643] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 594.160487][ T8643] udf: Unknown parameter '' [ 594.339630][ T8632] chnl_net:caif_netlink_parms(): no params data found [ 594.411945][ T8648] loop8: detected capacity change from 0 to 128 [ 594.465632][ T8648] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 594.683116][ T8653] loop5: detected capacity change from 0 to 128 [ 594.707865][ T8648] FAT-fs (loop8): FAT read failed (blocknr 128) [ 594.781440][ T8653] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 594.874865][ T8653] ext4 filesystem being mounted at /118/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 595.265393][ T8632] bridge0: port 1(bridge_slave_0) entered blocking state [ 595.279162][ T8632] bridge0: port 1(bridge_slave_0) entered disabled state [ 595.287288][ T8632] bridge_slave_0: entered allmulticast mode [ 595.297459][ T8632] bridge_slave_0: entered promiscuous mode [ 595.313491][ T5807] Bluetooth: hci0: command tx timeout [ 595.322492][ T8632] bridge0: port 2(bridge_slave_1) entered blocking state [ 595.330739][ T8632] bridge0: port 2(bridge_slave_1) entered disabled state [ 595.338858][ T8632] bridge_slave_1: entered allmulticast mode [ 595.349353][ T8632] bridge_slave_1: entered promiscuous mode [ 595.516261][ T6512] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 595.544837][ T8632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 595.612573][ T8632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 596.001765][ T8632] team0: Port device team_slave_0 added [ 596.066638][ T8632] team0: Port device team_slave_1 added [ 596.099379][ T8668] loop8: detected capacity change from 0 to 8 [ 596.109674][ T8666] loop5: detected capacity change from 0 to 1024 [ 596.187374][ T8666] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities [ 596.384776][ T8632] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 596.392664][ T8632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 596.423677][ T8632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 596.569428][ T8632] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 596.577551][ T8632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 596.609302][ T8632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 597.051897][ T8632] hsr_slave_0: entered promiscuous mode [ 597.062955][ T8632] hsr_slave_1: entered promiscuous mode [ 597.072323][ T8632] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 597.080258][ T8632] Cannot create hsr debugfs directory [ 597.345619][ T5807] Bluetooth: hci0: command tx timeout [ 597.472000][ T8683] cgroup: Unknown subsys name 'cpuset' [ 597.485991][ T8683] loop7: detected capacity change from 0 to 8 [ 598.177152][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 598.183896][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 598.483830][ T8632] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 598.568632][ T8632] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 598.638937][ T8632] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 598.725876][ T8632] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 599.427372][ T5806] Bluetooth: hci0: command tx timeout [ 599.991384][ T8632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 600.110431][ T8711] loop7: detected capacity change from 0 to 1024 [ 600.149446][ T8632] 8021q: adding VLAN 0 to HW filter on device team0 [ 600.225473][ T5811] Bluetooth: hci4: command 0x0406 tx timeout [ 600.251793][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 600.259548][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 600.422170][ T8632] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 600.433296][ T8632] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 600.464277][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 600.471973][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 600.926578][ T8718] loop5: detected capacity change from 0 to 1024 [ 600.986041][ T30] audit: type=1800 audit(1748000338.700:119): pid=8715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.805" name="file2" dev="tmpfs" ino=1198 res=0 errno=0 [ 601.099601][ T8718] ===================================================== [ 601.111087][ T8718] BUG: KMSAN: uninit-value in hfsplus_uni2asc+0x99f/0x25e0 [ 601.120221][ T8718] hfsplus_uni2asc+0x99f/0x25e0 [ 601.125502][ T8718] hfsplus_readdir+0xd60/0x1a70 [ 601.130605][ T8718] iterate_dir+0x716/0x920 [ 601.135510][ T8718] __se_sys_getdents64+0x17e/0x550 [ 601.140876][ T8718] __x64_sys_getdents64+0x97/0xe0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 601.146314][ T8718] x64_sys_call+0x16c4/0x3db0 [ 601.151984][ T8718] do_syscall_64+0xd9/0x1b0 [ 601.156912][ T8718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.163062][ T8718] [ 601.165796][ T8718] Uninit was created at: [ 601.170335][ T8718] __kmalloc_noprof+0x95f/0x1310 [ 601.175702][ T8718] hfsplus_find_init+0x90/0x1d0 [ 601.180813][ T8718] hfsplus_readdir+0x1dc/0x1a70 [ 601.187048][ T8718] iterate_dir+0x716/0x920 [ 601.191865][ T8718] __se_sys_getdents64+0x17e/0x550 [ 601.199084][ T8718] __x64_sys_getdents64+0x97/0xe0 [ 601.204855][ T8718] x64_sys_call+0x16c4/0x3db0 [ 601.214313][ T8718] do_syscall_64+0xd9/0x1b0 [ 601.219141][ T8718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.226979][ T8718] [ 601.229519][ T8718] CPU: 0 UID: 0 PID: 8718 Comm: syz.5.807 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(undef) [ 601.242206][ T8718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 601.252647][ T8718] ===================================================== [ 601.259921][ T8718] Disabling lock debugging due to kernel taint [ 601.266727][ T8718] Kernel panic - not syncing: kmsan.panic set ... [ 601.273372][ T8718] CPU: 0 UID: 0 PID: 8718 Comm: syz.5.807 Tainted: G B 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(undef) [ 601.287377][ T8718] Tainted: [B]=BAD_PAGE [ 601.291889][ T8718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 601.302170][ T8718] Call Trace: [ 601.305699][ T8718] [ 601.308812][ T8718] __dump_stack+0x26/0x30 [ 601.313387][ T8718] dump_stack_lvl+0x53/0x270 [ 601.319816][ T8718] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 601.325952][ T8718] dump_stack+0x1e/0x25 [ 601.330429][ T8718] panic+0x4bd/0xd50 [ 601.334606][ T8718] kmsan_report+0x29d/0x2a0 [ 601.339367][ T8718] ? __msan_warning+0x96/0x120 [ 601.344356][ T8718] ? hfsplus_uni2asc+0x99f/0x25e0 [ 601.349632][ T8718] ? hfsplus_readdir+0xd60/0x1a70 [ 601.354889][ T8718] ? iterate_dir+0x716/0x920 [ 601.359685][ T8718] ? __se_sys_getdents64+0x17e/0x550 [ 601.365722][ T8718] ? __x64_sys_getdents64+0x97/0xe0 [ 601.371163][ T8718] ? x64_sys_call+0x16c4/0x3db0 [ 601.376261][ T8718] ? do_syscall_64+0xd9/0x1b0 [ 601.381174][ T8718] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.387446][ T8718] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 601.394402][ T8718] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 601.400937][ T8718] ? kmsan_get_metadata+0x105/0x1b0 [ 601.406406][ T8718] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 601.412829][ T8718] ? kmsan_get_metadata+0x105/0x1b0 [ 601.418324][ T8718] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 601.425280][ T8718] ? kmsan_get_metadata+0x105/0x1b0 [ 601.430761][ T8718] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 601.436839][ T8718] ? utf32_to_utf8+0x3e4/0x410 [ 601.441850][ T8718] ? kmsan_get_metadata+0x105/0x1b0 [ 601.447336][ T8718] __msan_warning+0x96/0x120 [ 601.452171][ T8718] hfsplus_uni2asc+0x99f/0x25e0 [ 601.457335][ T8718] hfsplus_readdir+0xd60/0x1a70 [ 601.462542][ T8718] ? aa_file_perm+0x378/0x18d0 [ 601.467556][ T8718] ? futex_unqueue+0x21f/0x2b0 [ 601.472576][ T8718] ? futex_wait_queue+0x13b/0x1a0 [ 601.477871][ T8718] ? kmsan_get_metadata+0x105/0x1b0 [ 601.483346][ T8718] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 601.489466][ T8718] ? __pfx_hfsplus_readdir+0x10/0x10 [ 601.494988][ T8718] iterate_dir+0x716/0x920 [ 601.499738][ T8718] __se_sys_getdents64+0x17e/0x550 [ 601.505227][ T8718] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 601.511563][ T8718] ? __pfx_filldir64+0x10/0x10 [ 601.516571][ T8718] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 601.522732][ T8718] __x64_sys_getdents64+0x97/0xe0 [ 601.528214][ T8718] x64_sys_call+0x16c4/0x3db0 [ 601.533161][ T8718] do_syscall_64+0xd9/0x1b0 [ 601.538948][ T8718] ? irqentry_exit+0x16/0x60 [ 601.543762][ T8718] ? clear_bhb_loop+0x40/0x90 [ 601.548664][ T8718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.554772][ T8718] RIP: 0033:0x7f01e1f8e969 [ 601.559381][ T8718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 601.579334][ T8718] RSP: 002b:00007f01dfdf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 601.587988][ T8718] RAX: ffffffffffffffda RBX: 00007f01e21b5fa0 RCX: 00007f01e1f8e969 [ 601.596421][ T8718] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000004 [ 601.604579][ T8718] RBP: 00007f01e2010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 601.612734][ T8718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 601.620876][ T8718] R13: 0000000000000000 R14: 00007f01e21b5fa0 R15: 00007ffe86dea0d8 [ 601.629075][ T8718] [ 601.632493][ T8718] Kernel Offset: disabled [ 601.636927][ T8718] Rebooting in 86400 seconds..