last executing test programs:

17.613073259s ago: executing program 4 (id=1502):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x0, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
unshare(0x24060c80)
openat2(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
close_range(r4, 0xffffffffffffffff, 0x0)

16.788790619s ago: executing program 4 (id=1507):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
fstat(r5, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
setuid(r6)
ioctl$VT_RESIZE(r4, 0x5609, 0x0)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x14, r7, 0x705, 0x0, 0x0, {0x34}}, 0x14}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)

12.774868629s ago: executing program 1 (id=1517):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
unshare(0x24060c80)
openat2(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
close_range(r4, 0xffffffffffffffff, 0x0)

11.521027995s ago: executing program 1 (id=1519):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

9.579525909s ago: executing program 0 (id=1527):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000006380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000008dceba394fc9d73b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e7ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea2105600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8ffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000f87c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
dup3(r2, r0, 0x0)
r3 = eventfd(0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])

8.51078502s ago: executing program 0 (id=1528):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4f8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c956fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce7f506295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f33101db32f6ab137d943dd3c1e8db9f3e1263573dc721ae82fe0bc63598751a5092c9f7dbfc39d564834e3703492c2a651643d8ce5c36d97a4812cf73fc8ea0d68d7489cfcb0176"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0xb)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
r2 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r2, &(0x7f0000000700)={0x10, 0x0, 0x0, 0x800000}, 0xc)
sendmsg$nl_route(r2, 0x0, 0x0)

8.409546998s ago: executing program 3 (id=1529):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
getrlimit(0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000010018"], 0x88}}, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0xf, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@empty, @in6=@private2}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0xfffc, @multicast1}}]}, 0x80}}, 0x0)

8.328937725s ago: executing program 1 (id=1530):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
unshare(0x24060c80)
openat2(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
close_range(r4, 0xffffffffffffffff, 0x0)

8.315741076s ago: executing program 0 (id=1531):
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpid()
socket$tipc(0x1e, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = syz_open_dev$sndctrl(0x0, 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, 0x0)
getdents64(r0, 0x0, 0x0)
r5 = syz_open_dev$video4linux(&(0x7f0000000000), 0x71, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r5, 0xc0585605, &(0x7f0000000100)={0x1, 0x1, @raw_data=[0xe7, 0x0, 0x1013]})
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_X2APIC_API(r6, 0x4068aea3, &(0x7f0000000200)={0x81, 0x0, 0x6})
io_setup(0x5, &(0x7f0000000000))
openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)

7.08912473s ago: executing program 0 (id=1532):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000ac0)='./bus\x00', 0x0, &(0x7f0000020000)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1548f5e0b33006bd1049ca45bd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc96eb384dbb4268c50943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906bde2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75", @ANYRES64], 0x1, 0x5511, &(0x7f0000015b80)="$eJzs3E1rY9UfB/CTdjqdp//8i7hwNxcGoYVJmPRh0F3VGXzADsWHhStNkzRkJsktTZrWrly4FBe+Djei4Mql+BIEXbsTF4o7Qck9pzIdFdRmkqn9fOD2e+/JzS+/E0rLuQk3AGfWQvbzj6VwNVwMIcyGEK6EUOyX0lZYj/FUCOFaCGHmga2Uxn8fOB9CuBRCuDoqHmuW0kMf3RheX/vhlZ+++Hr+3OVPPv92erMGpu3pEEJ3J+7vd2PmrZj30nht2C6yuzpMGR/o3k/Hecz95lZRYb92dF6tyJVWPD/f2euPcrtTq4+y1d4uxnd68QX7w9ZRneIJ92q7xXGjuVVku58X2TqMfR0cxr9th/1BrNNI9d4tyofB4CjjePOgGeczf7/Iem+QxmPdvNE8GOUwZXq5UM87jaKPrZO804+3V9u9vYNs2Nztt/NetlapPlOp3ipXd/NGc9BcLde6jVur2WKrMzqtPGjWuuutPG91mpV63l3KFlv1erlazRZvN7fatV5WrVZWKjfLa0tp70b24t03s04jWxzl8+3e3qDd6Wfb+W4Wn7GULVdWnl3Krlez1zc2s83X7tzZ2Hzj7dtv3X1u4+UX0kl/aCtbXL65vFyu3iwvV5dO7/xH/+v/0fzfT02Pcf5wIqVpNwBw+lj/A5P28VcxT/P6P/yb9f+O9f/DrP/P9vzhRKz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOrO/mPn2p2FmIx5fT+P/S0BPpuBRCmAkh/PonZsP5YzVnU525vzh/7qEeviyFosLoNebTdimEsJ62X/7/qN8FAAAA+O/67L1rH8bVevyxMO2GmKR40WbmyjtjqlcKIcwtfD+GKiFdbApPnryraPT7fS4cjKlacQHrwpiKxUtu58ZV7W+ZPRYXHohSjJmJtgMAAEzE8ZXAZFchAAAATNIH026A6Sg+aU3fxU9f4J+PkT4QvHjsCAAAADiFStNuAAAAAHjkivX/43P/v2+Kfff/AwAAgPGK9/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiNnfvJSR2K4gB8Wuh7vD9GYpy7FWewDFdgHDo0LMBNsATcghtgDThzCQYMbYnWYKLhto3k+5K23Bvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCmp2Ixfbi7uD80Z705TJq7AQAAAPZZFYtp+WJcjf/V8yf11Fk9ziIij4h9vfsgfjUyB3VO8cn7iw81PEaUCdvP+F0ffyPisj5eTtv+FgAAAOB4LWfzSdWtV6dx3wXRpWrRJv9/lSgvi4hi/JwoLd+ezhOFlb/vYdwmSisXsEaJwqolt2GqtC8ZNC6jd5esuuSdlgMAAHSi2Ql024UAAADQpZu+C6AfWey2Mnd7weU/7982BP80RgAAAMAPlPVdAAAAANC6sv/3/D8AAAA4btXz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjTqlhMl7P5pDF5/f2c9eYw6e4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXtmfdxQIgTAIg73rO5O5/2GlQUNjkyoQPv7GYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4M3v/vJ/YmqcSeZeG0vPI8naqbF1auydG0d/GF+/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYn9eUiAEgiAK5oz/nfT9DysJegYRIqDhUUUtGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ot/98n9iapxJ5k4bS8cjydpVY+uqsfegcfRgvP0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYud+XuOo4gCAf3dnZ2urYoySQ0QUPOjFptva2qsHJXjwTxBCuq3RrT/aHGwpQi7eJOdeRI8ighJv/R96bqGXeuthDxU89VCZ2ZnkdS24WjqzST4fePO+Mwzzvm8SQr7zZhcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa+L29OCs2C5O4Wx27df/aetHfnuoLN7bvLBetiDtNJr0PPHgYr6b7naX2cgEAAODwyOr6PiLu5jurRd9dKOv/vD6nqPl/eH4S1/X8dN1f93XtX7Tff7v38u5AC5Nxioue3xgNT/wzld7Tm+V8e+Ffz+iVd7589pKVP5Duh1svjfPyfna+u3nz/X4ZHmkiWwDg/zhe91VQ/z9U9IM2EwPg0OglhXdd/2cL7eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0IT+Vjxbx52IWO7txYXb96+tl/3U/o3tO8t1O3P9+nZ6zeISeUSc3xgNTzQ1kX3g8pWrn62NRsNLzQevRUR7o1fBxzOcE9FmhoInDbrV7/q85LM/gpb/MAEAcODkVSvq+rv5zmpxrLMY8fDHR+v/N5M40vp/qk/r/3ufnLmVjpXW/4PGZjj/VjYvfrly+crVtzcurl0YXhh+/s7JwbuDU2dPnz67Uj4rWfHEBAAAgCfTr1pa/3cXI8ZT6//HkjhmrP+/+n7wTTpWpv5/rL1Fv7YzAQAAONxefP2vPzuPOd7p9+Prtc3NS4PJdnf/5GTbQqr/2ZGqpfV/tth2VgAAAEATxludR9b/zyVxzLj+/9xPr/ySXjOLiKPV+v/x9S9G55qbTksezHRWEx8nfupTBQAAYK4drVq6/p+X7/93d1956EbEW29M4uprAGeq/7MPvv05HSt9//9Uc1OcS92lyf0o+6WI3lLbGQEAAHCQPVO1otj/I99Z/fTXYx/1vf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0LS/AwAA//+xhkJ5")
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf9, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
write$binfmt_script(r0, &(0x7f00000003c0), 0xb)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r7 = dup3(r6, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f00000002c0)=[@acquire], 0x0, 0x0, 0x0})
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@metacopy_on}], [], 0x2c})
r8 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
fchmodat(r8, &(0x7f00000000c0)='./file1\x00', 0x0)
openat(r8, &(0x7f00000001c0)='./file1\x00', 0x5, 0x0)
r9 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800030090020000080004"], 0x44}, 0x1, 0xba01}, 0x0)
write$binfmt_script(r9, &(0x7f0000000340)={'#! ', './file0', [{0x20, '\\@&&\x00'}, {0x20, '#! '}], 0xa, "bdb69cfb93e7f0ac45f09a7e1fd1b2e3189c7f64ff721353fdcb0bd4bc6f0c2a405e097f27235ebffdf292993541f79f84e313249d968f67b27040e08c051fd1a7fa0ba39747e19bb2d4ed2bc7ead91dfac761e689815f3f4730927baa8686b965"}, 0x76)

6.466646993s ago: executing program 2 (id=1533):
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = open(0x0, 0x6a8580, 0x3e)
r1 = signalfd4(r0, 0x0, 0x0, 0x800) (async)
epoll_create1(0x80000) (async)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) (async)
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) (async)
accept4$inet(r2, &(0x7f00000003c0), 0x0, 0x0) (async)
prlimit64(0x0, 0xd, 0x0, 0x0)
gettid() (async)
r3 = socket(0x10, 0x6, 0x3)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x7f}, 0x10) (async)
write(0xffffffffffffffff, &(0x7f00000001c0)="2400000039005f0214fffffffffffff8070000001d00000000000000080009000b2b8f55f1da66c01202000051e855a63faa3ea32da675bf56d094b9cae27dba392c98dc9b5928d5379dc031bee5cdac2da10aa100857fa2a21bb659a13e81f7ed64f043fef3606dab27a89245889fe7b157fb6dd025b49628c41cabebd1e21b18a5244c006a6045fab9e69e5a2152e67820a79b62b48e6fbd17c8482c35557635af01b5b248d0524aac3c52b119269052225a02b2ec45c6a7f82b4bc77059117dff9496b4985e36dfd3dbcb15ba9b736fe936e2e1c5299f5f2fc918489a6a86d2d2e27d91f42c2ac71f26128bb07e86e0868ccf223f159d9e66691e04b1e106c9145c2e3540ac0962915ef12f907f664614d2b20e9d21a3c6acd3c520aa561cff37134e99f60f4b36881addeb02", 0x12e) (async)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x749}) (async)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000288000/0x4000)=nil, 0x4000}, 0x3})
socket$inet_udplite(0x2, 0x2, 0x88) (async)
r5 = epoll_create1(0x0) (async)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000300)={0x60000000}) (async)
read$char_usb(0xffffffffffffffff, &(0x7f0000001980)=""/179, 0xb3) (async)
r6 = epoll_create(0x8001)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000080)) (async)
r7 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_buf(r7, 0x1, 0x3b, &(0x7f0000000000)=""/123, &(0x7f0000000080)=0x7b) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x0, 0x0, 0x8}, 0x48) (async)
r8 = socket$igmp(0x2, 0x3, 0x2)
io_setup(0x9, &(0x7f0000000140)=<r9=>0x0)
io_submit(r9, 0x1, &(0x7f00000002c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r8, 0x0}]) (async)
io_cancel(r9, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x62}, 0x0) (async)
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x1)

6.276920788s ago: executing program 2 (id=1534):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={0xffffffffffffffff, 0x8, 0xe, 0x6})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private=0xa010101}, 0x0, 0x0, 0x4}}, 0x26)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = syz_open_dev$video4linux(&(0x7f0000000040), 0x401, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r4, 0xc038563b, &(0x7f0000000080)={0x0, 0x0, {0x0, 0x0, 0x0, 0x5}})
r5 = dup(r2)
socket$inet(0x2, 0x80001, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f00000001c0)=@assoc_value, 0x0)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x19, &(0x7f00000000c0), 0x8)
mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0)
openat$cgroup_devices(r1, &(0x7f0000000300)='devices.deny\x00', 0x2, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000003c0)={0x74, 0x1000fd}, 0x20)

5.697363188s ago: executing program 2 (id=1535):
r0 = syz_open_dev$sg(&(0x7f0000001b40), 0x0, 0x0)
ioctl$SG_SET_COMMAND_Q(r0, 0x227e, 0xfffffffffffffffe)
syz_mount_image$reiserfs(&(0x7f0000000140), &(0x7f0000001140)='./file0\x00', 0x98, &(0x7f0000000280), 0x1, 0x10ef, &(0x7f00000022c0)="$eJzs2DGLE0EYBuB3dg/kqshcvx5oYSHHHfEPXKGQxsLaLljZmUrJz/HnyFX2R3pTBOyVTQwJEhDJYuB4Hlh252Vmvp1yvgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDvLPlekosmqdusSVKSrrubLJJ02/zx17ZJydv3k9mrj+PXs8209FmT0q9aj+vN01rHdVxv6suL22d19unzh3avZEmX+9V8ev5mOehR+trtoDsCAADAw/DzaKMT1wcAAAD+ZrBGAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAA6vajSVKSrrubLJJ0p/0tAAAA4EglTd6NDuWbNsDOi3wblZRHu+RH6edc58uB9QAAAMC/KXv38ec5z5O9/DJnubrajH+/srxN2iTXf+xzv5pP18/lfFr+5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAGCqAAAA//9TGNII")
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a32000000001400000011"], 0x7c}}, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000000100)={@local, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @dev={0xac, 0x14, 0x14, 0xff}, @remote}, {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "d8faebab25c9440f1e0b429560dea05fcfa134c5886328060189b9c9d245a4ec", "ddff6f80bb17115c263975c19a199a87b509ec91752b1f6b9fe52dd68897d0dd66c8047ecb3c1ccab1b385024cd3ef42", "7af3756acdedd1857ba2429edec68ec07113ef939e2683eb956c3100", {"e311f95152ce9fab74b351abd67a3e95", "f543716814ec69725136619246be0a0c"}}}}}}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r6, &(0x7f0000000080)='D', 0x1, 0x1, 0x0, 0x0)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000100)='&', 0x1}], 0x1}, 0x0)
recvmmsg(r6, &(0x7f0000000440), 0x3, 0x40010102, 0x0)
write$binfmt_script(r5, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="ea00", 0x2)
preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x101}, @NFT_MSG_DELRULE={0x14, 0x8, 0xa, 0x0, 0x0, 0x0, {0x2}}], {0x14}}, 0x50}}, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)

5.662301671s ago: executing program 3 (id=1536):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)
close(r0)
open$dir(&(0x7f0000000740)='./file0\x00', 0x7a1201, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) (fail_nth: 6)

5.475550686s ago: executing program 1 (id=1537):
r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@discard}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x1, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
ioctl$BTRFS_IOC_ADD_DEV(r0, 0x5000940a, &(0x7f0000001b40)={{r1}, "d419c4a4e7a36c6882f2913a35fc6156758fd541c46293f3070417e1126c58d3a0c398c7f71bea3ca9e8d2c75239b4d5ffdf74f328c7ca2946bbcb09b57467926ad2b33c370ba2f05ca641e81cfbb07440c9ce93e356e44323989b5e5f2e05506bff9ee332de80ee47aa7b5284e4ab82ac78c7e12fae40c4b622b4acceb41d2d5f570c94dd6bfe67d1a5ed01d741a2b91a63be723797f167046a5a86d96e151ee911c8c77e7c620b0b3f75e373a4fba18ad352f2f24d41d72e71b516ee42bb53c0f6ca8a5bc05e298ff50915b5b1d81efb34042e74ccdf6f4d4011458a78670f3f678c239c69d02135839ec492b6b41b85c5e564b21173ac667be2aa5e7c78c19e836956fff83c8e77705a26abf8297fd6601aaf03989ad7efde7e95a0274b49eda099705192c11b2d2919f9e4f618f7a990c43d8fc72a45613d978447e57a77cc4a502fea39e1f9e62c62b55cb660c4462d2ad2e105c383a60dbeddccc88a2b3913488c7adc1e81177249461484670d87ffdb36bb45c1ba8370ab82779b4b4ceb181922afced2676bdc40701a0ae117ff7d3fe4d0e567b25bf88c9df881abb4817385b6593bd98cbe6c9fda53ff08f02942bec0ad99b08da7fb9e772212cdefbf7db1521107ca650a3f30abad43f9f3d8beaf34ebd6c34c07995c3381f9a22875c0f80182b4d1fdcdc418d1a9c227e507532f56293b04d5edb52e8682a8e169f7ea5d89711323f6ea3c7892285a7dedaee59977f29eb0043649720ee84675269c846ebca0423e5dcdd8d5fb384e94839856fa4697addba6f6f4f98a525ad66407dbb4b69ecdb0856126022768401bfea2522c0c77beb46eb727674577216434de0ad111754d6d45753747f3da2d1fffbb0e540cef0ecf26862e535bb26d5708d01fc7d252a6816ba35637febb2c714a2b5f0b42ea79f8192336e5f6e4819c4ce9b2b977f072d5c4599de0a999a9f5ec7e4f06680c3d7efd2459caff08595073efc826f19f2d87f837224e235bcd957a68875ee00052cc8187beecff5fcb70594be4538c9fe93e94f2f49b337423b2bd8b34323099731bd668274bf13fbfe110f7d01baed38b4710146399a22b7d4a6c3c49dc4fd7b3ea51679f5266d5e4ad3de37870f53751c83ffa405f27bfc064705aa0b2e38980b18c9dde1d5f749f5ed3ea247997af67cf102994b88c4107765b29ec3f67c7117a160144d061a3e002b9810ca92b04b44d2bde124d133da1a03a94f8bad5aa10255c24f4cce81b25770ca0547fa59eb12afc509f273852cb640198945c57997debe3a83bda7ee336a43d957c8ff57bcb73df4586eb41ad4546e27913859a7cb3f67cd1187aad7224d52effc6dc81452bbe966f6ea0de837066d872cafee13660e80b69e3a5c6bea719819281aa0dafd3ba385dc82e060a41e270d68bc92372079c998d7f9293b520d8333010ea8b6c7200d94207029ef047af0b53b591c9478419ee0cb3dabbb5f96d0ae9ed9cee57a218f490974a00a9ced885fc93ad5bcbfa9dcfd95673e12162e9da3053a235975a7d7e51b5b0c7229b8565271a7aa3d3b33dbcc6581b3b3523706d458675b07aea07645279d7f9bb21ceb09e1b839bcab5b8837550213659b2c73dbe03b45b17e96df235f9ef0436b0a80f629b9b1653795720f1492a7a92282f6bdc4d4bfb2449024d0aab6242bffe344790c18807b430392b06adcb6363117924ed4b25fae8eaf96cb3180b54da9123903d53d3cc90145245c4c2ca524bdb7836f7399d5188b8cb8b61a0e261f230f145e19ec49487a8ecdd6e43be1388a68dcb228f02ba9647cbf6366e292b3dab0c57833779f7c9eb6f25330d070af841bb9ed379a730f6cf7d51105ad636894a73d59148ce9c4024239fb37c97a9cb1928236a4f1f4c450a8f90c4748ae805d31f740e62843ca9b330e5a69ca6ef8603ac7c3642c84e2e1ac452205ffb46b87f8fadb722d64d64653c6f03a5dfacdd695eb2290f10bbec93f4b2c3d478e1f6be2322de71e63ddbc8750ad0535963a495849334dc334a7e238a81b4aad66b81098459571bb5120c9e600491da0d0623c1b8b65339ed8dbb025c173e54c00904034c0d1da720d00b0d471e6080002779519dc4e5bdf9717dba11a2e4ebfa1c1dafdc11cb549136ce749c74c63b1fc597976d87c17094405ffb8732635a856b58cf8907dfa82a7f6e8cc49c0eb11b9b4f12d90c1e60b9be228881de93d4eb8a7a5e192d69d25bdd91dedae635b52194dda2cb06573c567e70fb5c8167e283a1ebad89feae34739253e2a41d1056083f08dd075085f9eef0aea98d73eda93b9737350fff32c70c10d24709d005fb1bb0402689799b53112def7c5acc074da5887bb5ee5b45d66adcb68a63ce0837b59943df98537681a77d985947c6bf811a7bfe2afbabaeaf7f06febcdf50dacfe50b8ef276cadfcdcc2ffd1402b37d68d4c927f17257d1d7d5b8427385d1685f8a1abccc400b10d20337b978ff7c184f8437d72261ff5f80d44debd5db03ec0e668d454d1bb85e164fb580d0c1a61f287edec4ccdefd494a78497099278edf2fbee87dd1f4765204a2126968f877b51a05f62c73a3175ff12c4ad374cd45a15d263765f39511670723e3965c6a3b86171713c5cfe8ada41cd0de265cd8cbc426f50c487879ac8eb1ee09da1fd9db8c398145ea15348a88fff0b8db1ecec180f4b333d8f2d4e379daf702df4f981a2bdb31a4fab3fc1bc169f05252121c0d499ef771a2a3d958aa6523b0e6461b2742921fba6c6354a7b6fbbd5031c93fee636671a07faaa631ee76fdad21c30e00b0d5169e8b1ea02eedb51a3094398305585d15b13286a39c66e292c14b372649a5e04181d9dfee1f7df70fde002f83d0d071b229cd5bb595db92cb537075578fadc27ae896caa672d414295c53e0d453802d2ea1a07c83313636d7334bccb166e2a039c2ebc9df111e72d5ae20b08658f7b5417f48c93788d45962aa04e516b2319c7a44e742046166f83ef15732d13077a6dcaeab3256a91e385c30d9ad8e3c2649914edbd1805854b9305c969ebbe78ca8d4d157c42152ea42be12415cfc62956c7f2e91f2203eb5d5b888e1ba35ced04c700e47c6b9545718e7604dae9384efcd40e21f2ca2888c1ef777938b632b7d4ad2279873b4d9a0a5eb6cf9be3c2c979efea8d68eaad9f8fa87cff52a9314fbcb8557c515983b81fee309adee068b53fee5906720e1e872d1be494caf062e805a798561713365a02475a73748f64251eaedb153c80763455b99ca0f50c6315f93ce08db0d94863fa1432671559352bb54f6569312d355090bef1aa6d09d19c66dbaf58e2cd4f0e322aa8e26202d9fa87ced19a1a9c99609a9a74d80e0e803c09729bf9102fb6378b6aebec219d8f159f585a17a89309ff49681cdc9013b6e6ce4310e20cf48d25df7cb9ac48f157001929e0044fadc8144178c91870ea29ec0bba3e52227038845d9b84ee54bf5bce5e76035de2f735e7027f60dbd257a57aae5d9885b98d931397b27d1966c66f064ff90bc3cccfe3cd9905dc78ac87fbd214bd1d79baa7124b3f0fd671e8e44bef02c70800bc1305aa57250351cc9fc50294b6f883341798c4e9682a58f67d648c19f14e6e8b619e9605e74a671763759a9c28b6c5cfaf9f6da4209ba8d1e50760676325a277b3c823b5ad2d860f55becafd00628dc36ae3a379ccd3b52cc1a43fa07ef93d57d4c51e7f300aabea9f1fd115ba6ba75573fa529d4fc17c3d76f96c63a7fc0893774d077a112019f976c591e8897251efebb66d6ccc9cc9a7a671e0ea5a71dd800e1674532a5ec4b4be80d264312e7ca7b83b1daa6c291779ec0d33a3a008b282688698183ca1081b67c6d62c2950b6834d99196cd58d0bb4c62a1a13b34b559dbf12eea6ad7be6f5254f39838d0e8815e1fe97e97a39f24872a1429a17a63c9bce827f96c78df21535c150a603bb746c51687728cd29ee4af4dec1d692d8eb5d6c905aa450d1530f392549393c7ac5a9c90b98f4cca6e64ada3cef7a86b61fa07d4f2f16211fee520334b428ccdf76fbfb7be801f6480c76780afea95616e48be1f210bf5e51aea58fb9a9d738c510508e3ec765d9b38f3b4ec43e7fe0cf9827dbb8400c29f0b678909cf2a95435ace1ebdb471bbc8845733e928ad14de2a38f253c472c5e6709d38942e8cc99a354aadf0c489efc1cc0c78ea908a145db39094128d5a81f442715fa1816b63fa918d238a001f2f428d2959a7d563e863109498d4cd28189a21d2f6bace85d24a5584a1ae4f25b6049c4d85c35685373915e25ddf64010a292badc625ead0cd879c8bcc452d00b2ba5e2b170f41fc6a961ae6ba2386af689a8fc35e07f7d2f7f189278e070280d217a38296e3f7532450037958d9694aed145536e36ac51ac97f070b6c2b88e2eeca308d2adf2378b20cd8b99f195c30d1548049c3b7aafa5a1e94afc14a6db78d9b7482c1a1bd3ab25a75071ef2444aea030caf2a0d9605736a69f47c7396c6097d2c2ab8ff10455cef6ad60aa0f90f44932979b31f98f9b43cbb61e72c8a604001393db87b8e357c5c6fb396fed8b7899a7f75fd76fbeb30ced20bd03a3c615699b71ae1f668bceb2484c902f402a23231e12495b2c55dfa0d810f50ffaa99f1e5359c3a15c9732cf022556509f482cba250e73593ea99971e0491660eba0ac39ca0c96e9a6025d058afc31336c7b0cbc33b14a78572049276fe4ebf4cba54073955db26ffa93306ac4b6519bcf26d589087f6d7897b2f240cd16299425800ee8c38dd60f89366942d49c4f39325f45bcdeb83e93fe984b46a539ecf278ce9026f393097afd51328e9d36b78c7f4b3c4a3cb6715153550015fb41297d88190155867b952f8043e71d46570c86e64f8d808624c5d04429c13545e2a8dc8211973c45a90fa620a2e5a22857981083780455bec9138521902c2cd62789682743552c18d3462405efaf82a5150c7543bfe0162014023b021fdff45f3a287b765bd6ab689140dbe60da3c254673621472708061836d3068a1920e623acf462a92e34498aec8d2c61dfef64baf98a3f3683cff060d006bf005c41f62e5d34d1456f7f258ed95bc7ce85a67a30a97238d74d3ef290b4c96f4857b7e5c31ed1369e2a871f4de0cb92d0fb36939ef2f41fd43632a193afe024bc961ee31b816092193d8afb9f903932b3b541ace510ec156d7f484923397388f82cd05b11061727b48c7ca6826624a0c6959a105d90deb01236ea46a8f4b241713cebe79dfd19c515153c208958c2c807df5a8ec0dfe44eaf8f26ef40e1e47a45c644cefd146c3eec0c51bbaddad33f68ccc5c37d4816adacd5f385f71b741f846d164611fcec35d1b457b2d8cb94034f67dec6a1cfe4381c6aa5193303d34a6b71516f7872da0ec75b272b99e3be8bf9e1def7e15d0ce1fe11b7ec40eac3fceb24ecdc9577fd3df55bfd5b620eef6d3acf0e8a32be7c74fb68828d47d834882dae368e9b25a96cd2666b824c545625f68b26ca1b197f608ebae4ac2dc14a0a4c6a7d16dcb553efb0807ffcae3a89962709ab99df4cc4cd0d15e9ceacea089062fceca191d115a7caade2ed96d5997e1c3887a51162a1e64e8a058515ffdecc63c8e657267734f430212fadd47f044b77ea8fb073dd364c145ac21ae8c7fcb1504325ffc8add25d0d4fb62a724a5ce1db8854d1f5a4a0eb8a28569e721f2c368468d2c10496c5aec6be2b8a018c3b04637b8a5c9d1e83d2856f44dde7aeabe83d0"})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
preadv2(r3, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/184, 0xb8}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

4.895050546s ago: executing program 3 (id=1538):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000006380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000008dceba394fc9d73b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e7ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea2105600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8ffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000f87c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
dup3(r2, r0, 0x0)
r3 = eventfd(0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])

4.12757491s ago: executing program 0 (id=1539):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)={0x14, 0x0, 0x6c04073ee59f7719, 0x0, 0x0, {0x4}}, 0x14}}, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

3.940898216s ago: executing program 3 (id=1540):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4f8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c956fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce7f506295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f33101db32f6ab137d943dd3c1e8db9f3e1263573dc721ae82fe0bc63598751a5092c9f7dbfc39d564834e3703492c2a651643d8ce5c36d97a4812cf73fc8ea0d68d7489cfcb0176"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0xb)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
r2 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r2, &(0x7f0000000700)={0x10, 0x0, 0x0, 0x800000}, 0xc)
sendmsg$nl_route(r2, 0x0, 0x0)

3.729012384s ago: executing program 3 (id=1541):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='ufs\x00', 0x0, 0x0)

3.532897031s ago: executing program 1 (id=1542):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r5, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000280)={&(0x7f00000035c0)=ANY=[@ANYBLOB="a4180000f62ceb376c798b90eecfbbc8e7292b44f93fba02dab6b382c3eb79bcdae9bf058e797d3c759ad8990742642d28d1360d2afa552abc599bf7ee00921cec0aa6f6de4d1e233b850056024b3202b6473992d8b7613a8e5e4fa02d2268b7fb0504c5e557163da61f", @ANYRES16, @ANYBLOB], 0x18a4}, 0x1, 0x0, 0x0, 0x24000000}, 0x4)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r6}, 0x38)
unshare(0x24060c80)
openat2(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r8 = fsopen(&(0x7f00000004c0)='gadgetfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
close_range(r7, 0xffffffffffffffff, 0x0)

3.143304694s ago: executing program 2 (id=1543):
mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103)
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d0900dadfe4307533bc84303030303030303030010030303030242cf57365725f69643d00", @ANYBLOB])
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x10000, &(0x7f0000000c00), 0x1, 0xb8e, &(0x7f00000017c0)="$eJzs3M9vVNUeAPDvvZ2WQgstLy/vPchLbGIQo3EolGjCClwbNdEFS8Z2SpoOP+yUxDYsCu7VhTEuSAx/gol7ceHKxAUuDP4FxEgM0Q24qLnzo0zoTFthhoP4+SRn7jlzhvl+v3PD3HOSuQ3gH2uqeMgjDkTEmSxiovV8HhEjjd5oxFrzdffvXp4tWhbr6+/8mkUWEffuXp5tv1fWOo61BqMRcfP1LP714ea49ZXVxUqtVl1qjY8sn7t4pL6y+srCucrZ6tnq+eMzrx2feXVmpo+13r743uf//+HNF65e/2j6rc/2fZfFyRhvzXXW0S9TMbXxmXQqRUSl38ESGWrV01lnVkqYEAAAW8o71nD/iYkYigeLt4n49sekyQEAAAB9sT4UsQ4AAAA84zL7fwAAAHjGtX8HcO/u5dl2S/uLhCfrzqmImGzW376/uTlTirXGcTSGI2LPb1l03taaNf/ZY5sqIn31fbVoMaD7kLeydiUi/tft/GeN+icbd3Fvrj+PiOk+xJ96aNy9/m53UffH49R/sg/xd1Y/APTXjVPNC9nm61++sf6JLte/Updr16NIff1rr//ub1r/Pah/qMf67+0dxjj4x0s3e811rv9Of/zTXBG/OD5WUX/BnSsRB0vd6s826s961H9mhzHGZm9fa/bWNy3kivqLetvtSde/fj3iUHSvvy3b6u8THZlfqFWnm489Yhz65vThXvE7z3/RivjtvcCTUJz/PT3q3+78X9xhjMn//nKg19z29ec/j2TvNnojrWc+qCwvLx2NGMne2Pz8sa1zab+m/R5F/S8+v/X//271F98Ja63PodgLXGkdi/HVh2KOHTr25aPXP1hF/XOPeP4/2WGML76+9n6vudT1AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD3kEfEeGR5eaOf5+VyxFhE/Dv25LUL9eWX5y9cOj9XzEVMxnA+v1CrTkfERHOcFeOjjf6D8bGHxjMRsT8iPp3Y3RiXZy/U5lIXDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIaxiBiPLC9HRB4Rv0/kebmcOisAAACg7yZTJwAAAAAMnP0/AAAAPPvs/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABiw/c/duJVFxNqJ3Y1WGGnNDSfNDBi0PHUCQDJDqRMAkimlTgBIxh4fyLaZH+05s6vvuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw9Dp84MatLCLWTuxutMJIa244aWbAoOWpEwCSGUqdAJBMKXUCQDL2+EC2zfxoz5ldfc8FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKfXeKNleTki8kY/z8vliL0RMRnD2fxCrTodEfsi4tLeiGJ8NHXSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9F19ZXWxUqtVl3R0dHQ2Oqm/mQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASKG+srpYqdWqS/XUmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACp1VdWFyu1WnVpgJ3UNQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkM6fAQAA//9A0Qap")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
getrlimit(0x8, &(0x7f0000000100))
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000010018"], 0x88}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0xf, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@empty, @in6=@private2}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0xfffc, @multicast1}}]}, 0x80}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r7=>0x0})
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f0020000", @ANYRES16=r8, @ANYBLOB="010400000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="d2023300802b0001080211000000080211"], 0x2f0}}, 0x0)

1.278318972s ago: executing program 4 (id=1509):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000000000008500000023000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xc2)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000800000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x98, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x53, 0xe, {{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @random, 0x0, @void, @void, @void, @void, @val={0x6, 0x2}, @val={0x5, 0x3}, @void, @void, @val={0x3c, 0x4}, @val={0x2d, 0x1a}, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0xa}]}]}]}]}, 0x98}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0}, 0x90)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r7=>0x0})
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
close(r8)
r9 = socket$inet_sctp(0x2, 0x5, 0x84)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r12 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f0000001200)={'wlan1\x00', <r13=>0x0})
sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f00000000c0)={0x54, r11, 0x3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x8}], @NL80211_ATTR_FRAME={0x25, 0x33, @auth={{{}, {}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, 0x0, 0x0, @val={0x10, 0x1}}}]}, 0x54}}, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r14=>0x0}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r8, 0x84, 0x17, &(0x7f0000000000)={r14, 0x0, 0x1, "cd"}, 0x9)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000)={0x9, 0x8001, 0x28, 0x8000, r14}, 0x10)
sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000300)={0x40, r5, 0xb97534d5fe9700cf, 0x0, 0x0, {{0x12}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_WME={0x14, 0x81, [@NL80211_STA_WME_MAX_SP={0x12}, @NL80211_STA_WME_UAPSD_QUEUES={0x5}]}]}, 0x40}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))

1.276698902s ago: executing program 2 (id=1544):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={0xffffffffffffffff, 0x8, 0xe, 0x6})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private=0xa010101}, 0x0, 0x0, 0x4}}, 0x26)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = syz_open_dev$video4linux(&(0x7f0000000040), 0x401, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r4, 0xc038563b, &(0x7f0000000080)={0x0, 0x0, {0x0, 0x0, 0x0, 0x5}})
r5 = dup(r2)
socket$inet(0x2, 0x80001, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f00000001c0)=@assoc_value, 0x0)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x19, &(0x7f00000000c0), 0x8)
mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0)
openat$cgroup_devices(r1, &(0x7f0000000300)='devices.deny\x00', 0x2, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000003c0)={0x74, 0x1000fd}, 0x20)

941.13018ms ago: executing program 4 (id=1545):
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={0x0}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = socket$unix(0x1, 0x0, 0x0)
listen(r0, 0x0)
socket$unix(0x1, 0x1, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e)
r1 = socket$netlink(0x10, 0x3, 0x4)
write(r1, &(0x7f00000000c0)="29000000140005b7ff000000040860eb0101b6ff02159f02c26ed638eeb738256e06a40e07fff0797e", 0x140)
socket$nl_generic(0x10, 0x3, 0x10)

831.56494ms ago: executing program 2 (id=1546):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
getrlimit(0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000010018"], 0x88}}, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0xf, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@empty, @in6=@private2}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0xfffc, @multicast1}}]}, 0x80}}, 0x0)

724.158528ms ago: executing program 3 (id=1547):
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={0x0}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = socket$unix(0x1, 0x0, 0x0)
listen(r0, 0x0)
socket$unix(0x1, 0x1, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e)
r1 = socket$netlink(0x10, 0x3, 0x4)
write(r1, &(0x7f00000000c0)="29000000140005b7ff000000040860eb0101b6ff02159f02c26ed638eeb738256e06a40e07fff0797e", 0x140) (fail_nth: 1)
socket$nl_generic(0x10, 0x3, 0x10)

329.588442ms ago: executing program 4 (id=1548):
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x2000c96, &(0x7f0000000180)=ANY=[@ANYBLOB="636865636b3d72656c617865642c696f636861727365743d69736f383835392d312c6f76657272696465726f636b7065726d2c646d6f64653d3078303030303030300030303030303030392c686964652c6f76657272696465726f636b7065726d2c636865636b3d7374726963742c6d61703d6f66662c6d6f64653d3078303030303030303030303030303030312c696f636861727365743d63703933322c6e6f726f636b2c646d6f64653d3078666666666666666666666666666366612c6d61703d6e6f72bf616c2c6d61703d61636f726e2c6d6f1c113d3078302330303030303030303030303030352c686964652c657569643e9bffbbc8dc0831f1f71752c0ec6370d60ec0e169761a3a8f175112119b57f387cea723b9c1ceb05c28c44fa818248d2baadc1b5d05f2db2b872312abba57baab497f38ff34f39d07", @ANYRES8=0x0, @ANYBLOB="2c6f815abdc1e3d22493d6626a5f757365723d", @ANYRES8, @ANYBLOB="b8dd7a36e920d213dee765f8b23cbcdcd3"], 0x12, 0x9e8, &(0x7f0000000440)="$eJzs3c1vHOd9B/Dv8EWiaUOSbdV1BdtayZVM2yxFUrVUwYdWIlcSXb4UJAVY6MFyLaoQxNat3QK2UaAyUPRUowVa9JDcjJxyMuBLfAl8S27JKYcAgf8FIyflxGBml9SSXHJJhW+WPx9id+flN8/zm53Zebi7s/OE75alo6vGlpaq2yOO3/jxHmTMAXZl/JvPv/isvH16P4fSnTeKnyR9SWpJT5Lnk96x8dmZqQ4F3UtuJfk6KZIcTuNxS26l+O889XD86xQ/LOvd0KGtlkwnS3yv7ff+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1ExNj48PFIcysT0jbdrDUltnbHx2ZkiS0vr5ywv0/BV1et38VXHepOivKWvb7mr7+ePP5z9XJLa6bzQGHuh6pA8ffnkyeeOvflsT9fy8htl8wc5vPViP/z4k3vvLi4ufLAriRx81+rTE3MzE1OXr9VrE3MztUsXLgyfu351rnZ1YrI+d3Nuvj5VG5utX56fma0NjL1aG7l06XytPnRz5sb0tfGhyfryxIt/Njo8fKH21tDf1C/Pzs1Mn3traG7s+sTk5MT0tSqmnF3GXCx3xL+emK/N1y9P1Wp37i4unF+TU3fW7L9l0EinNSmDRjsFjQ6Pjo6MjI6OfNrsPXtlwoU3Lr1xcXi4Z3iNrIvYpZ2Wg+WJjTfzzh/E4RF1Ndr/ZDITmc6NvJ1a27+xjGc2M5naYH7Tcvt/5lx903pb2/9mK9/TMvtEeXc6LzVH+zZo/zfIZe/+PszH+ST38m4Ws5iFfLDvGe3t37XUM52JzGUmE5nK5WpKrTmllku5kAsZzju5npOZSy1XM5HJ1DOXm5nLfOrVHjWW2dRzOfOZyWxqGchYXk0tI7mUSzmfWuoZys3M5Eamcy3juVyVcid3q+f9/CY5rgSNbCVodJOgdY35ttv/+tp/Tvje2fmDODyipWb7f6hz6MDYXiQEAAAA7Lg/+XmOHH/mZ79JirxYfS5/dWKyPrzfaQEAAAA7qDpd74XyobccejGF9/8AAADwuCmq39gVSfpzsjG0/EsoHwIAAADAY6L6/v+lFCcfTvD+HwAAAB4zna+x3zGiGFy+/G/tduPxdjOiMVb0X52YrA+NzUy+OZKz1VUGql8arCutOyl6q58fvJZTjahT/Y3H/ocllnX2lVEjQ2+O5LWcbq7IwMvlw8sDbSJHG5GvNCJfaY3szqrI82UkADzuTm/SHm+1/X8tg42IwRNVk99zok0bPKxlBYCDYqWPnd81uzRr0/43I17aqP3/803e/5cRz+TOycYpBUN5L+9nMbczmOYZByfblbrcG0HjNITBDp8G9DdPWfjlxa4Mrvs8oG9lXVtjFzKawbafCLSUWyzncL4R17072wAA9trpTdvhrbX/gx3e//c7pRAADpSVHux3cWC/1xEAWE0rDQAAAAAAAAAAAAAAAAAAAAAAAAAAADtvSxfw/8XZZHFxIdmDzgJWBvq2k+HmA13Zo5z3faA7yX7V/pfZ9lLlNj4oT52B1QP7fGACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgTxRJd7vpXcnhJMNJzu19Vrvn/n4nsFNqj7ZY8SAP8lGO7HQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADfd83r/3el8fhkY1J6upIzSW4l+dv9znEnPdjvBPbNP1T3Ldf/70p6s1Skp7HZU/SOjc/OTJWbvzhczv/m8y8+K2+dy17fq0JZQFnDqs4lmjW0TOldvdTT1VL94wsf3vuX9/+pNn6l2jGvzF+dHJ+6NvtXDwOfK75sdIHQ2g3Ccr7/duan/9My+VCz8i/LNW1vbb1Xq3rH19f7x+2W3qDeLbi7uDBa1jRff3v+X//x7kcts57JqeTlgWRgdU1/X942qOnU2udzteLb4j+LI/n/3Kq2f/lsFEtFuYmOVuv/xJ27iwtD772/eHslp39fldOxnExyO+nbek4nq+NJW9Ve19Vb1jpcBZV3xzuUt6mWEkc2eF6frnaZ/m2tQ23jdah0eN6bGZ1vm9H//vOzObvtLX22Q41tFd8Wvy6u51f5j5b+P7rK7X8mbV+dbYqoIlv2lNZ5q15eXY3Ias1HW2e8s7bMDV+V7IL/yt/lL1a2f1fL8b+5rfbmeNRSY/vXRbL918WPjq5rUR6qWqTja1qk5tFno2WaeR5vRG2Q5x/l9aTnxLaOKK93OKLs1uv/B8VAfpv7+v8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOviLpbje9KzmT5FiSo+V4LVlaG3P/Eerr6i8eJc0d8yg5f/cUG65o8SAP8lGO7HVGAAAAAAAAAOyOK+PffP7FZ+Wt+j6+O3/a1ZxTS3qSHCv+r3dsfHZmqkNBvcmt5a/0+7aXw63y7qmH41+XY893WGh/Tx8AgO+03wcAAP//BZNu0Q==")
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0, <r1=>0x0}, &(0x7f00000000c0)=0x5)
setuid(r1)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
r4 = socket(0x10, 0x2, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140), 0x24}}, 0x0)
getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000004600)=@newtfilter={0x84, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xc}}, [@filter_kind_options=@f_basic={{0xa}, {0x54, 0x2, [@TCA_BASIC_EMATCHES={0x50, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x44, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1}, @TCF_EM_U32={0x1c}, @TCF_EM_IPSET={0x10, 0x3}]}, @TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x84}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r7 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r8=>0x0}, &(0x7f0000cab000)=0xc)
r9 = memfd_create(&(0x7f0000001c00)='\x00\xc2\xea\x99\xbb\x1c\xdfjl]\x8f\x99\xa5\xbc\n\\q\xbf\t\x8c\xe0\x19`\x8e\x00\x00\x00\x00\x00\x00\x00\x00\x00\b \xff\x13\x96\xe3\xc4\x02\x00\x00\xe4V\xe2\xfe\v8\x04\xa5\xb9\xc4:\xf3\xf6y_w\xd8\xcf\x90k\x05\x00\xf9\x1e\xe8m\xec\x12\xa015\xc2\xb3}|K\x111\xd4\f<\xeb\x18\xad\xbb!1\x85\x96P\x1b\xa1\x9a\x81\xf8\xb1\xecB)\xe5\xaa,_D\xe5|\xb1j\f\xafP\x85I\xd5\xa0I\xb0\x02\x01w\x9f9\xd6[\x1e\xad \xd9^p\x95\xaf\xb5\x8b\\\x05\xd7G\xcbV\x8e\xd0\xac\x87I7\xbd\xc6\x9bI\x92\xb2\x87.\xb3\x1fs\xe7%\xdd+\xca*4\x92\xc0\xee\r\xb4\x117\xa7ei~\xb8\x16\xd1P\xf2\x84\x89K\x16\xd0F|\xa3\x89\xc9~9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \xb2\xba3,\xb2\xe0t\x11d!\xe1\x82\x80\x93\x80<\x13\x8d\x8fmI2\x90t\x1c\xa1\x12R\x7fH\xa8\xa6Jy\xaf\xc7)\xf8\xb5Qk\x920&6r\x93c;p\xcd \x83QW\x00\xe2@Da\xd4v>\xbb\x91^>,\xa1b5\xde\xc9\x02\x96\x1c\xb9\x9fIl\x12\xa3\x19\xd4\x03\x97\x06\x87I\xfd \xf0\xfc\xb4\x0e)\xf2\x9e\x9b\x94\xd0\xda\xc8\"\x00\x00\x00\x00\x00\x91\xfa\xd1\x13[\x02\\\xb1\x1c\xa7t\xe7\x17\x94\xa7hk\xe7\x81\xeb\x1b\xc9~\"\xceD\xcb\xdc\v@\xb8\x11\xfe1mK\x15\xf1\"?\x8d\xa6\xd2/}S[\xd7\xfd\x193\x88\xf5\xa13<\x98D5\xdbx\x1b\xd2\af5\xab>rL\xd2\xc1\xb8\xd4\v\x8c\xd2\xe9/\x9a\xd4=\xab\xf7\"\xca\xe8\x85u\x1cq]1\xfd\x04|\xf54\xbe-\xb1Wu\xf0\xdf\x93\x8d(F\xef^&\x8b\xa9mw\xbc\x0f^\xa5e\x93\xf3!\x8fy\xf7[\xeac\xc0c\x8c\xfc(+D\x83\xd7Y\x95mB\x01\xc3\xed\xf3\xe9\f\xae\x1f\xbdI8\xefJ\xebaA\xce\xa6\xe7,\xb1\xe59\xd1\xc6F\"w\x97\x9f\x10\xf5a\xa9\xcaQ\xc3\xd6E\xc2N\x18\r;m\x02\x88\xe7\x87\x7f8%^o\xbb\xedN\xd0u\x97k;\x16\x8f\x02\xf6\x94\x84\xb8R\x9c2;#K%\xe0\xd0\x82\x8e/\x01]l\x864v\xbc,%\xc7\x89\x86ly<)\xe0ZE\x7fR\xc5(\x85\xf9\xc7\x8b\xe0\x96-\xd3\xd9\x0e\x02@q\xca\x8f\x9e\x1f\xf2\x05ZJ\vg\'A\xa9=\xa6\xb0\xab\x002c-=}\"[\x86I\x85\xd6\x9c8p\xed\xba\xe0\xe4\xfe\xbd\'', 0x4)
fchown(r9, r3, r8)
open(&(0x7f0000000100)='.\x00', 0x0, 0x0)

285.943596ms ago: executing program 0 (id=1549):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000ac0)='./bus\x00', 0x0, &(0x7f0000020000)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1548f5e0b33006bd1049ca45bd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc96eb384dbb4268c50943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906bde2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75", @ANYRES64], 0x1, 0x5511, &(0x7f0000015b80)="$eJzs3E1rY9UfB/CTdjqdp//8i7hwNxcGoYVJmPRh0F3VGXzADsWHhStNkzRkJsktTZrWrly4FBe+Djei4Mql+BIEXbsTF4o7Qck9pzIdFdRmkqn9fOD2e+/JzS+/E0rLuQk3AGfWQvbzj6VwNVwMIcyGEK6EUOyX0lZYj/FUCOFaCGHmga2Uxn8fOB9CuBRCuDoqHmuW0kMf3RheX/vhlZ+++Hr+3OVPPv92erMGpu3pEEJ3J+7vd2PmrZj30nht2C6yuzpMGR/o3k/Hecz95lZRYb92dF6tyJVWPD/f2euPcrtTq4+y1d4uxnd68QX7w9ZRneIJ92q7xXGjuVVku58X2TqMfR0cxr9th/1BrNNI9d4tyofB4CjjePOgGeczf7/Iem+QxmPdvNE8GOUwZXq5UM87jaKPrZO804+3V9u9vYNs2Nztt/NetlapPlOp3ipXd/NGc9BcLde6jVur2WKrMzqtPGjWuuutPG91mpV63l3KFlv1erlazRZvN7fatV5WrVZWKjfLa0tp70b24t03s04jWxzl8+3e3qDd6Wfb+W4Wn7GULVdWnl3Krlez1zc2s83X7tzZ2Hzj7dtv3X1u4+UX0kl/aCtbXL65vFyu3iwvV5dO7/xH/+v/0fzfT02Pcf5wIqVpNwBw+lj/A5P28VcxT/P6P/yb9f+O9f/DrP/P9vzhRKz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOrO/mPn2p2FmIx5fT+P/S0BPpuBRCmAkh/PonZsP5YzVnU525vzh/7qEeviyFosLoNebTdimEsJ62X/7/qN8FAAAA+O/67L1rH8bVevyxMO2GmKR40WbmyjtjqlcKIcwtfD+GKiFdbApPnryraPT7fS4cjKlacQHrwpiKxUtu58ZV7W+ZPRYXHohSjJmJtgMAAEzE8ZXAZFchAAAATNIH026A6Sg+aU3fxU9f4J+PkT4QvHjsCAAAADiFStNuAAAAAHjkivX/43P/v2+Kfff/AwAAgPGK9/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiNnfvJSR2K4gB8Wuh7vD9GYpy7FWewDFdgHDo0LMBNsATcghtgDThzCQYMbYnWYKLhto3k+5K23Bvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCmp2Ixfbi7uD80Z705TJq7AQAAAPZZFYtp+WJcjf/V8yf11Fk9ziIij4h9vfsgfjUyB3VO8cn7iw81PEaUCdvP+F0ffyPisj5eTtv+FgAAAOB4LWfzSdWtV6dx3wXRpWrRJv9/lSgvi4hi/JwoLd+ezhOFlb/vYdwmSisXsEaJwqolt2GqtC8ZNC6jd5esuuSdlgMAAHSi2Ql024UAAADQpZu+C6AfWey2Mnd7weU/7982BP80RgAAAMAPlPVdAAAAANC6sv/3/D8AAAA4btXz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjTqlhMl7P5pDF5/f2c9eYw6e4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXtmfdxQIgTAIg73rO5O5/2GlQUNjkyoQPv7GYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4M3v/vJ/YmqcSeZeG0vPI8naqbF1auydG0d/GF+/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYn9eUiAEgiAK5oz/nfT9DysJegYRIqDhUUUtGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ot/98n9iapxJ5k4bS8cjydpVY+uqsfegcfRgvP0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYud+XuOo4gCAf3dnZ2urYoySQ0QUPOjFptva2qsHJXjwTxBCuq3RrT/aHGwpQi7eJOdeRI8ighJv/R96bqGXeuthDxU89VCZ2ZnkdS24WjqzST4fePO+Mwzzvm8SQr7zZhcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa+L29OCs2C5O4Wx27df/aetHfnuoLN7bvLBetiDtNJr0PPHgYr6b7naX2cgEAAODwyOr6PiLu5jurRd9dKOv/vD6nqPl/eH4S1/X8dN1f93XtX7Tff7v38u5AC5Nxioue3xgNT/wzld7Tm+V8e+Ffz+iVd7589pKVP5Duh1svjfPyfna+u3nz/X4ZHmkiWwDg/zhe91VQ/z9U9IM2EwPg0OglhXdd/2cL7eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0IT+Vjxbx52IWO7txYXb96+tl/3U/o3tO8t1O3P9+nZ6zeISeUSc3xgNTzQ1kX3g8pWrn62NRsNLzQevRUR7o1fBxzOcE9FmhoInDbrV7/q85LM/gpb/MAEAcODkVSvq+rv5zmpxrLMY8fDHR+v/N5M40vp/qk/r/3ufnLmVjpXW/4PGZjj/VjYvfrly+crVtzcurl0YXhh+/s7JwbuDU2dPnz67Uj4rWfHEBAAAgCfTr1pa/3cXI8ZT6//HkjhmrP+/+n7wTTpWpv5/rL1Fv7YzAQAAONxefP2vPzuPOd7p9+Prtc3NS4PJdnf/5GTbQqr/2ZGqpfV/tth2VgAAAEATxludR9b/zyVxzLj+/9xPr/ySXjOLiKPV+v/x9S9G55qbTksezHRWEx8nfupTBQAAYK4drVq6/p+X7/93d1956EbEW29M4uprAGeq/7MPvv05HSt9//9Uc1OcS92lyf0o+6WI3lLbGQEAAHCQPVO1otj/I99Z/fTXYx/1vf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0LS/AwAA//+xhkJ5")
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf9, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
write$binfmt_script(r0, &(0x7f00000003c0), 0xb)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r7 = dup3(r6, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f00000002c0)=[@acquire], 0x0, 0x0, 0x0})
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@metacopy_on}], [], 0x2c})
r8 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
fchmodat(r8, &(0x7f00000000c0)='./file1\x00', 0x0)
openat(r8, &(0x7f00000001c0)='./file1\x00', 0x5, 0x0)
r9 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800030090020000080004"], 0x44}, 0x1, 0xba01}, 0x0)
write$binfmt_script(r9, &(0x7f0000000340)={'#! ', './file0', [{0x20, '\\@&&\x00'}, {0x20, '#! '}], 0xa, "bdb69cfb93e7f0ac45f09a7e1fd1b2e3189c7f64ff721353fdcb0bd4bc6f0c2a405e097f27235ebffdf292993541f79f84e313249d968f67b27040e08c051fd1a7fa0ba39747e19bb2d4ed2bc7ead91dfac761e689815f3f4730927baa8686b965"}, 0x76)

78.684333ms ago: executing program 1 (id=1550):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000006380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000008dceba394fc9d73b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e7ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea2105600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8ffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000f87c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
dup3(r2, r0, 0x0)
r3 = eventfd(0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])

0s ago: executing program 4 (id=1551):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4f8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c956fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce7f506295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f33101db32f6ab137d943dd3c1e8db9f3e1263573dc721ae82fe0bc63598751a5092c9f7dbfc39d564834e3703492c2a651643d8ce5c36d97a4812cf73fc8ea0d68d7489cfcb0176"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0xb)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
r2 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r2, &(0x7f0000000700)={0x10, 0x0, 0x0, 0x800000}, 0xc)
sendmsg$nl_route(r2, 0x0, 0x0)

kernel console output (not intermixed with test programs):

 mode: writeback.
[  417.736292][ T9257] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038 (0x7fffffff)
[  417.809747][ T9263] loop4: detected capacity change from 0 to 2048
[  417.891548][ T9263] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  418.004022][ T9271] FAULT_INJECTION: forcing a failure.
[  418.004022][ T9271] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  418.073384][ T9271] CPU: 0 PID: 9271 Comm: syz.0.1196 Not tainted 5.15.164-syzkaller #0
[  418.081558][ T9271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  418.091626][ T9271] Call Trace:
[  418.094911][ T9271]  <TASK>
[  418.097844][ T9271]  dump_stack_lvl+0x1e3/0x2d0
[  418.102547][ T9271]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  418.108181][ T9271]  ? panic+0x860/0x860
[  418.112251][ T9271]  ? __lock_acquire+0x1ff0/0x1ff0
[  418.117288][ T9271]  should_fail+0x38a/0x4c0
[  418.121717][ T9271]  _copy_from_iter+0x243/0xe90
[  418.126597][ T9271]  ? copy_mc_pipe_to_iter+0x760/0x760
[  418.131979][ T9271]  ? __virt_addr_valid+0x3bb/0x460
[  418.137090][ T9271]  ? 0xffffffff81000000
[  418.141242][ T9271]  ? __check_object_size+0x300/0x410
[  418.146535][ T9271]  netlink_sendmsg+0x800/0xd60
[  418.151315][ T9271]  ? netlink_getsockopt+0x5b0/0x5b0
[  418.156520][ T9271]  ? aa_sock_msg_perm+0x91/0x150
[  418.161460][ T9271]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  418.166747][ T9271]  ? security_socket_sendmsg+0x7d/0xa0
[  418.172203][ T9271]  ? netlink_getsockopt+0x5b0/0x5b0
[  418.177405][ T9271]  ____sys_sendmsg+0x59e/0x8f0
[  418.182172][ T9271]  ? iovec_from_user+0x300/0x390
[  418.187129][ T9271]  ? __sys_sendmsg_sock+0x30/0x30
[  418.192170][ T9271]  ___sys_sendmsg+0x252/0x2e0
[  418.196857][ T9271]  ? __sys_sendmsg+0x260/0x260
[  418.201660][ T9271]  ? __fdget+0x191/0x220
[  418.205914][ T9271]  __se_sys_sendmsg+0x19a/0x260
[  418.210787][ T9271]  ? __x64_sys_sendmsg+0x80/0x80
[  418.215733][ T9271]  ? syscall_enter_from_user_mode+0x2e/0x240
[  418.221716][ T9271]  ? lockdep_hardirqs_on+0x94/0x130
[  418.226916][ T9271]  ? syscall_enter_from_user_mode+0x2e/0x240
[  418.232903][ T9271]  do_syscall_64+0x3b/0xb0
[  418.237337][ T9271]  ? clear_bhb_loop+0x15/0x70
[  418.242081][ T9271]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  418.247983][ T9271] RIP: 0033:0x7f6a127c43b9
[  418.252412][ T9271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  418.272271][ T9271] RSP: 002b:00007f6a10c43048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  418.280699][ T9271] RAX: ffffffffffffffda RBX: 00007f6a12952f80 RCX: 00007f6a127c43b9
[  418.288680][ T9271] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
[  418.296656][ T9271] RBP: 00007f6a10c430a0 R08: 0000000000000000 R09: 0000000000000000
[  418.304632][ T9271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  418.312621][ T9271] R13: 000000000000000b R14: 00007f6a12952f80 R15: 00007ffe79edb248
[  418.320609][ T9271]  </TASK>
[  418.374607][ T9277] loop1: detected capacity change from 0 to 16
[  418.454846][ T9277] erofs: (device loop1): mounted with root inode @ nid 36.
[  418.492528][ T9277] attempt to access beyond end of device
[  418.492528][ T9277] loop1: rw=0, want=24, limit=16
[  419.712671][ T9287] loop1: detected capacity change from 0 to 8192
[  420.479254][ T6246] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  420.543045][ T6246] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  420.760944][ T9287] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  420.770412][ T9287] REISERFS (device loop1): using ordered data mode
[  420.811256][ T9287] reiserfs: using flush barriers
[  420.926022][ T9287] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  421.267639][ T9287] REISERFS (device loop1): checking transaction log (loop1)
[  421.423122][ T6246] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  421.588256][ T9303] syz.0.1206 (9303) used obsolete PPPIOCDETACH ioctl
[  421.837854][ T9287] REISERFS (device loop1): Using tea hash to sort names
[  421.889581][ T9287] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  421.917914][ T9306] loop2: detected capacity change from 0 to 8192
[  422.011486][ T9311] loop3: detected capacity change from 0 to 16
[  422.076487][ T9306] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[  422.098866][ T9311] erofs: (device loop3): mounted with root inode @ nid 36.
[  422.150982][ T9306] REISERFS (device loop2): using ordered data mode
[  422.172059][ T9311] FAULT_INJECTION: forcing a failure.
[  422.172059][ T9311] name failslab, interval 1, probability 0, space 0, times 0
[  422.200876][ T9306] reiserfs: using flush barriers
[  422.220973][ T9311] CPU: 1 PID: 9311 Comm: syz.3.1208 Not tainted 5.15.164-syzkaller #0
[  422.229236][ T9311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  422.239297][ T9311] Call Trace:
[  422.242577][ T9311]  <TASK>
[  422.245517][ T9311]  dump_stack_lvl+0x1e3/0x2d0
[  422.250237][ T9311]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  422.255873][ T9311]  ? panic+0x860/0x860
[  422.259939][ T9311]  ? __might_sleep+0xc0/0xc0
[  422.264525][ T9311]  ? __lock_acquire+0x1295/0x1ff0
[  422.269551][ T9311]  should_fail+0x38a/0x4c0
[  422.273977][ T9311]  should_failslab+0x5/0x20
[  422.278475][ T9311]  slab_pre_alloc_hook+0x53/0xc0
[  422.283408][ T9311]  ? __d_alloc+0x2a/0x700
[  422.287735][ T9311]  kmem_cache_alloc+0x3f/0x280
[  422.292495][ T9311]  __d_alloc+0x2a/0x700
[  422.296644][ T9311]  ? rcu_lock_release+0x5/0x20
[  422.301405][ T9311]  d_alloc_parallel+0xca/0x1390
[  422.306255][ T9311]  ? __d_lookup+0x671/0x730
[  422.310749][ T9311]  ? d_hash_and_lookup+0x1b0/0x1b0
[  422.315858][ T9311]  path_openat+0x96f/0x2f20
[  422.320375][ T9311]  ? do_filp_open+0x460/0x460
[  422.325067][ T9311]  do_filp_open+0x21c/0x460
[  422.329572][ T9311]  ? vfs_tmpfile+0x2e0/0x2e0
[  422.334168][ T9311]  ? _raw_spin_unlock+0x24/0x40
[  422.339008][ T9311]  ? alloc_fd+0x598/0x630
[  422.343336][ T9311]  do_sys_openat2+0x13b/0x4f0
[  422.348010][ T9311]  ? do_sys_open+0x220/0x220
[  422.352599][ T9311]  __x64_sys_openat+0x243/0x290
[  422.357467][ T9311]  ? __ia32_sys_open+0x270/0x270
[  422.362405][ T9311]  ? syscall_enter_from_user_mode+0x2e/0x240
[  422.368390][ T9311]  ? lockdep_hardirqs_on+0x94/0x130
[  422.373582][ T9311]  ? syscall_enter_from_user_mode+0x2e/0x240
[  422.379559][ T9311]  do_syscall_64+0x3b/0xb0
[  422.383971][ T9311]  ? clear_bhb_loop+0x15/0x70
[  422.388643][ T9311]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  422.394534][ T9311] RIP: 0033:0x7f556460e3b9
[  422.398949][ T9311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  422.418627][ T9311] RSP: 002b:00007f5562a8d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  422.427037][ T9311] RAX: ffffffffffffffda RBX: 00007f556479cf80 RCX: 00007f556460e3b9
[  422.435003][ T9311] RDX: 000000000000275a RSI: 0000000020000040 RDI: ffffffffffffff9c
[  422.442984][ T9311] RBP: 00007f5562a8d0a0 R08: 0000000000000000 R09: 0000000000000000
[  422.450949][ T9311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  422.458912][ T9311] R13: 000000000000000b R14: 00007f556479cf80 R15: 00007fff532e9bb8
[  422.466886][ T9311]  </TASK>
[  422.472821][  T150] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  422.485695][ T9306] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  422.508439][ T9319] loop4: detected capacity change from 0 to 256
[  422.524681][ T9306] REISERFS (device loop2): checking transaction log (loop2)
[  422.541435][ T9319] exfat: Bad value for 'uid'
[  422.787899][ T9317] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1209'.
[  422.865500][ T9306] REISERFS (device loop2): Using tea hash to sort names
[  422.885529][ T9306] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  423.390890][ T3580] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  424.374442][ T9342] IPv6: NLM_F_CREATE should be specified when creating new route
[  424.390829][ T3580] usb 2-1: Using ep0 maxpacket: 8
[  424.396232][ T9342] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  424.403939][ T9342] IPv6: NLM_F_CREATE should be set when creating new route
[  424.518913][ T3580] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  424.538232][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  424.552177][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  425.402893][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  425.490958][ T3580] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  425.498630][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  425.530508][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  425.607905][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  425.710935][ T3580] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  425.731267][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  425.770898][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  425.820816][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  426.464020][ T3580] usb 2-1: string descriptor 0 read error: -71
[  426.470352][ T3580] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  426.518143][ T3580] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.610876][ T3580] usb 2-1: can't set config #168, error -71
[  426.645344][ T3580] usb 2-1: USB disconnect, device number 20
[  426.838399][ T9378] loop4: detected capacity change from 0 to 164
[  426.864503][  T150] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  426.976737][ T9380] loop3: detected capacity change from 0 to 8192
[  427.077607][ T9380] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
[  427.092976][ T9380] REISERFS (device loop3): using ordered data mode
[  427.107736][ T9380] reiserfs: using flush barriers
[  427.167709][ T9380] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  427.194144][ T9380] REISERFS (device loop3): checking transaction log (loop3)
[  427.251850][ T9388] loop1: detected capacity change from 0 to 256
[  427.458653][ T9398] FAULT_INJECTION: forcing a failure.
[  427.458653][ T9398] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  427.473176][ T9391] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1224'.
[  427.504873][ T3645] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  427.507809][  T150] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  427.549308][ T9380] REISERFS (device loop3): Using tea hash to sort names
[  427.560639][ T9380] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  427.560871][ T9398] CPU: 1 PID: 9398 Comm: syz.4.1226 Not tainted 5.15.164-syzkaller #0
[  427.577894][ T9398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  427.587956][ T9398] Call Trace:
[  427.591242][ T9398]  <TASK>
[  427.594182][ T9398]  dump_stack_lvl+0x1e3/0x2d0
[  427.598964][ T9398]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  427.604615][ T9398]  ? panic+0x860/0x860
[  427.608711][ T9398]  ? __lock_acquire+0x1ff0/0x1ff0
[  427.613750][ T9398]  should_fail+0x38a/0x4c0
[  427.618184][ T9398]  _copy_from_iter+0x243/0xe90
[  427.623057][ T9398]  ? copy_mc_pipe_to_iter+0x760/0x760
[  427.628446][ T9398]  ? __virt_addr_valid+0x3bb/0x460
[  427.633663][ T9398]  ? 0xffffffff81000000
[  427.637828][ T9398]  ? __check_object_size+0x300/0x410
[  427.643137][ T9398]  netlink_sendmsg+0x800/0xd60
[  427.647933][ T9398]  ? netlink_getsockopt+0x5b0/0x5b0
[  427.653149][ T9398]  ? aa_sock_msg_perm+0x91/0x150
[  427.658087][ T9398]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  427.663368][ T9398]  ? security_socket_sendmsg+0x7d/0xa0
[  427.668829][ T9398]  ? netlink_getsockopt+0x5b0/0x5b0
[  427.674023][ T9398]  ____sys_sendmsg+0x59e/0x8f0
[  427.678778][ T9398]  ? iovec_from_user+0x300/0x390
[  427.683732][ T9398]  ? __sys_sendmsg_sock+0x30/0x30
[  427.688763][ T9398]  ___sys_sendmsg+0x252/0x2e0
[  427.693439][ T9398]  ? __sys_sendmsg+0x260/0x260
[  427.698226][ T9398]  ? __fdget+0x191/0x220
[  427.702487][ T9398]  __se_sys_sendmsg+0x19a/0x260
[  427.707340][ T9398]  ? __x64_sys_sendmsg+0x80/0x80
[  427.712284][ T9398]  ? syscall_enter_from_user_mode+0x2e/0x240
[  427.718273][ T9398]  ? lockdep_hardirqs_on+0x94/0x130
[  427.723562][ T9398]  ? syscall_enter_from_user_mode+0x2e/0x240
[  427.729546][ T9398]  do_syscall_64+0x3b/0xb0
[  427.733958][ T9398]  ? clear_bhb_loop+0x15/0x70
[  427.738636][ T9398]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  427.744540][ T9398] RIP: 0033:0x7f352555f3b9
[  427.748958][ T9398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  427.768553][ T9398] RSP: 002b:00007f35239de048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  427.776962][ T9398] RAX: ffffffffffffffda RBX: 00007f35256edf80 RCX: 00007f352555f3b9
[  427.785015][ T9398] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[  427.792981][ T9398] RBP: 00007f35239de0a0 R08: 0000000000000000 R09: 0000000000000000
[  427.800941][ T9398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  427.808905][ T9398] R13: 000000000000000b R14: 00007f35256edf80 R15: 00007ffdac52bb28
[  427.816874][ T9398]  </TASK>
[  428.161699][ T9416] ufs: You didn't specify the type of your ufs filesystem
[  428.161699][ T9416] 
[  428.161699][ T9416] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  428.161699][ T9416] 
[  428.161699][ T9416] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  428.192463][ T9416] ufs: ufstype=old is supported read-only
[  428.198444][ T3645] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  428.206618][ T9416] ufs: ufs_fill_super(): bad magic number
[  428.470886][ T3645] usb 5-1: Using ep0 maxpacket: 8
[  428.600976][ T3645] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  428.610904][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  428.664775][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  428.686655][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  428.862714][ T3645] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  428.888253][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  428.937864][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  428.984772][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  429.078481][ T9432] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1234'.
[  429.090766][ T5893] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  429.172789][ T3645] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  429.186700][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  429.209296][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  429.223795][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  429.237378][ T7520] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  429.501626][ T3645] usb 5-1: string descriptor 0 read error: -22
[  429.508915][ T3645] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  429.530840][ T5893] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  429.545033][ T3645] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.656058][ T3645] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux1
[  429.810892][ T5893] usb 2-1: Using ep0 maxpacket: 16
[  429.824839][ T9441] loop2: detected capacity change from 0 to 512
[  429.865123][ T3645] usb 5-1: USB disconnect, device number 22
[  429.880699][ T9441] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.1237: casefold flag without casefold feature
[  429.897368][ T9441] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz.2.1237: missing EA_INODE flag
[  429.909588][ T9441] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.1237: error while reading EA inode 12 err=-117
[  429.922658][ T9441] EXT4-fs (loop2): 1 orphan inode deleted
[  429.928406][ T9441] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  429.941019][ T7520] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  429.958603][ T7520] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.970958][ T5893] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  429.972086][ T7520] usb 4-1: config 0 descriptor??
[  429.996307][ T5893] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  430.022707][ T7520] gspca_main: spca508-2.14.0 probing 8086:0110
[  430.076137][    T7] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  430.181085][ T5893] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  430.190824][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.198937][ T5893] usb 2-1: Product: syz
[  430.260854][ T5893] usb 2-1: Manufacturer: syz
[  430.267653][ T7520] gspca_spca508: reg_read err -32
[  430.286617][ T5893] usb 2-1: SerialNumber: syz
[  430.344712][ T9454] netlink: 'syz.0.1240': attribute type 1 has an invalid length.
[  430.419104][ T9457] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1240'.
[  430.516829][ T9423] udc-core: couldn't find an available UDC or it's busy
[  430.531139][ T9423] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  430.563471][ T9457] bond2 (unregistering): Released all slaves
[  430.586896][ T9454] device bond1 entered promiscuous mode
[  430.593566][ T9454] 8021q: adding VLAN 0 to HW filter on device bond1
[  430.604331][ T9423] loop3: detected capacity change from 0 to 1024
[  430.620347][ T9464] loop4: detected capacity change from 0 to 256
[  430.667672][ T5893] usb 2-1: 0:192 : does not exist
[  430.676652][ T9464] exfat: Bad value for 'uid'
[  430.736685][ T5893] usb 2-1: USB disconnect, device number 21
[  430.795639][ T9423] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.1232: Invalid block bitmap block 0 in block_group 0
[  430.830862][ T7520] gspca_spca508: reg_read err -110
[  430.850936][ T7520] gspca_spca508: reg_read err -32
[  430.870898][ T7520] gspca_spca508: reg_read err -32
[  430.907299][ T7520] gspca_spca508: reg write: error -32
[  430.914635][ T7520] spca508: probe of 4-1:0.0 failed with error -32
[  430.934162][ T9423] Quota error (device loop3): write_blk: dquota write failed
[  430.963625][ T9423] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  430.981431][ T3860] udevd[3860]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  430.991903][ T9423] EXT4-fs error (device loop3): ext4_acquire_dquot:6196: comm syz.3.1232: Failed to acquire dquot type 0
[  431.015629][ T9423] EXT4-fs error (device loop3): ext4_free_blocks:6226: comm syz.3.1232: Freeing blocks not in datazone - block = 0, count = 4096
[  431.069342][ T9423] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.1232: Invalid inode bitmap blk 0 in block_group 0
[  431.084420][ T9423] EXT4-fs error (device loop3) in ext4_free_inode:362: Corrupt filesystem
[  431.090273][    T9] Quota error (device loop3): remove_tree: Getting block too big (0 >= 9)
[  431.111184][ T9423] EXT4-fs (loop3): 1 orphan inode deleted
[  431.116937][ T9423] EXT4-fs (loop3): mounted filesystem without journal. Opts: €�; sysvgroups,stripe=0x0000000000000000,auto_da_alloc,quota,nogrpid,norecovery,bsddf,bsdgroups,,errors=continue. Quota mode: writeback.
[  431.130850][    T9] EXT4-fs error (device loop3): ext4_release_dquot:6219: comm kworker/u4:0: Failed to release dquot type 0
[  431.514007][ T3580] usb 4-1: USB disconnect, device number 17
[  431.683186][ T9482] fuse: Bad value for 'fd'
[  431.687576][ T9477] loop1: detected capacity change from 0 to 32768
[  431.771155][ T9477] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.1244 (9477)
[  431.800502][ T9484] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1246'.
[  431.828866][ T9477] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  431.841039][ T9477] BTRFS info (device loop1): using free space tree
[  431.847558][ T9477] BTRFS info (device loop1): has skinny extents
[  432.016954][ T9423] syz.3.1232 (9423) used greatest stack depth: 19392 bytes left
[  432.047919][ T9477] BTRFS info (device loop1): enabling ssd optimizations
[  432.059220][ T9508] FAULT_INJECTION: forcing a failure.
[  432.059220][ T9508] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  432.081102][ T9508] CPU: 0 PID: 9508 Comm: syz.2.1248 Not tainted 5.15.164-syzkaller #0
[  432.089272][ T9508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  432.099364][ T9508] Call Trace:
[  432.102650][ T9508]  <TASK>
[  432.105592][ T9508]  dump_stack_lvl+0x1e3/0x2d0
[  432.110280][ T9508]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  432.115916][ T9508]  ? panic+0x860/0x860
[  432.119995][ T9508]  ? snprintf+0xd6/0x120
[  432.124245][ T9508]  should_fail+0x38a/0x4c0
[  432.128686][ T9508]  _copy_to_user+0x2d/0x130
[  432.133199][ T9508]  simple_read_from_buffer+0xc6/0x150
[  432.138587][ T9508]  proc_fail_nth_read+0x1a3/0x210
[  432.143623][ T9508]  ? proc_fault_inject_write+0x390/0x390
[  432.149265][ T9508]  ? fsnotify_perm+0x442/0x590
[  432.154032][ T9508]  ? proc_fault_inject_write+0x390/0x390
[  432.159666][ T9508]  vfs_read+0x2fc/0xe10
[  432.160880][    T9] Quota error (device loop3): remove_tree: Getting block too big (0 >= 9)
[  432.163829][ T9508]  ? kernel_read+0x1f0/0x1f0
[  432.176885][ T9508]  ? __fget_files+0x413/0x480
[  432.181581][ T9508]  ? mutex_lock_nested+0x17/0x20
[  432.186524][ T9508]  ? __fdget_pos+0x2cb/0x380
[  432.191120][ T9508]  ? ksys_read+0x77/0x2c0
[  432.195468][ T9508]  ksys_read+0x1a2/0x2c0
[  432.199737][ T9508]  ? print_irqtrace_events+0x210/0x210
[  432.205210][ T9508]  ? vfs_write+0xe50/0xe50
[  432.209638][ T9508]  ? syscall_enter_from_user_mode+0x2e/0x240
[  432.215620][ T9508]  ? lockdep_hardirqs_on+0x94/0x130
[  432.217463][    T9] EXT4-fs error (device loop3): ext4_release_dquot:6219: comm kworker/u4:0: Failed to release dquot type 0
[  432.220823][ T9508]  ? syscall_enter_from_user_mode+0x2e/0x240
[  432.220850][ T9508]  do_syscall_64+0x3b/0xb0
[  432.220868][ T9508]  ? clear_bhb_loop+0x15/0x70
[  432.220891][ T9508]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  432.253131][ T9508] RIP: 0033:0x7fed098c6dfc
[  432.257559][ T9508] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  432.277172][ T9508] RSP: 002b:00007fed07d26040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  432.285604][ T9508] RAX: ffffffffffffffda RBX: 00007fed09a57058 RCX: 00007fed098c6dfc
[  432.293583][ T9508] RDX: 000000000000000f RSI: 00007fed07d260b0 RDI: 0000000000000006
[  432.301561][ T9508] RBP: 00007fed07d260a0 R08: 0000000000000000 R09: 0000000000000000
[  432.309536][ T9508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  432.317510][ T9508] R13: 000000000000006e R14: 00007fed09a57058 R15: 00007fff842b4868
[  432.325522][ T9508]  </TASK>
[  432.626856][  T150] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  432.696711][ T9519] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1252'.
[  432.767242][ T9519] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1252'.
[  432.894281][ T9535] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1254'.
[  433.130805][ T7520] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  433.202640][ T9538] loop4: detected capacity change from 0 to 32768
[  433.261098][    T9] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  433.306006][ T9538] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop4 scanned by syz.4.1254 (9538)
[  433.489612][ T9540] loop3: detected capacity change from 0 to 2048
[  433.496581][ T9538] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  433.500896][ T7520] usb 2-1: Using ep0 maxpacket: 8
[  433.527269][ T9538] BTRFS info (device loop4): using free space tree
[  433.543963][ T9540] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  433.581661][ T9538] BTRFS info (device loop4): has skinny extents
[  433.611165][ T9540] UDF-fs: error (device loop3): udf_read_inode: (ino 1329) failed !bh
[  433.656928][ T7520] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  433.676543][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  433.756868][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  433.770591][ T9552] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1258'.
[  433.797429][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  433.997075][ T9538] BTRFS info (device loop4): enabling ssd optimizations
[  434.020418][ T4183] BTRFS warning (device loop4): checksum verify failed on 5267456 wanted 0xd36f28683bcc071ebd9001b116f0a96c43b53005e93ac30efa4e4ee37cf90c76 found 0x760816d3414036959456d1dc15ead4b4635ccc0c15a841b0d042202459e42d17 level 0
[  434.029622][ T7520] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  434.050886][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  434.062195][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  434.073280][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  434.134115][ T9570] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1257'.
[  434.141018][ T9538] BTRFS warning (device loop4): failed to read fs tree: -5
[  434.171083][ T7520] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  434.178495][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  434.219461][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  434.251615][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  434.331528][ T9538] BTRFS error (device loop4): open_ctree failed
[  434.382045][ T9575] sctp: [Deprecated]: syz.3.1260 (pid 9575) Use of int in maxseg socket option.
[  434.382045][ T9575] Use struct sctp_assoc_value instead
[  434.423997][ T9574] FAULT_INJECTION: forcing a failure.
[  434.423997][ T9574] name failslab, interval 1, probability 0, space 0, times 0
[  434.440890][ T9574] CPU: 0 PID: 9574 Comm: syz.2.1261 Not tainted 5.15.164-syzkaller #0
[  434.449058][ T9574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  434.459112][ T9574] Call Trace:
[  434.462391][ T9574]  <TASK>
[  434.465327][ T9574]  dump_stack_lvl+0x1e3/0x2d0
[  434.470025][ T9574]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  434.475657][ T9574]  ? panic+0x860/0x860
[  434.479733][ T9574]  ? __might_sleep+0xc0/0xc0
[  434.484350][ T9574]  should_fail+0x38a/0x4c0
[  434.488785][ T9574]  should_failslab+0x5/0x20
[  434.493290][ T9574]  slab_pre_alloc_hook+0x53/0xc0
[  434.498235][ T9574]  __kmalloc_node_track_caller+0x6b/0x390
[  434.503963][ T9574]  ? inet6_netconf_notify_devconf+0xf8/0x1b0
[  434.509956][ T9574]  ? kmem_cache_alloc_node+0x154/0x2c0
[  434.511483][ T7520] usb 2-1: string descriptor 0 read error: -22
[  434.515422][ T9574]  ? __alloc_skb+0xdd/0x590
[  434.515468][ T9574]  ? inet6_netconf_notify_devconf+0xf8/0x1b0
[  434.528484][ T7520] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  434.532062][ T9574]  __alloc_skb+0x12c/0x590
[  434.532091][ T9574]  inet6_netconf_notify_devconf+0xf8/0x1b0
[  434.532117][ T9574]  addrconf_ifdown+0x1879/0x1bb0
[  434.532148][ T9574]  ? addrconf_cleanup+0x260/0x260
[  434.561350][ T9574]  ? tls_dev_event+0x832/0x1040
[  434.566216][ T9574]  ? clusterip_netdev_event+0x425/0x440
[  434.566663][ T7520] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.571781][ T9574]  addrconf_notify+0x432/0xf30
[  434.571805][ T9574]  ? ip6mr_device_event+0x1d1/0x1f0
[  434.571830][ T9574]  raw_notifier_call_chain+0xd0/0x170
[  434.595087][ T9574]  unregister_netdevice_many+0xf1b/0x18f0
[  434.600840][ T9574]  ? alloc_netdev_mqs+0xc10/0xc10
[  434.605887][ T9574]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  434.611887][ T9574]  ? print_irqtrace_events+0x210/0x210
[  434.617358][ T9574]  ? lockdep_hardirqs_off+0x70/0x100
[  434.622663][ T9574]  ? do_raw_spin_unlock+0x137/0x8b0
[  434.627879][ T9574]  unregister_netdevice_queue+0x2e6/0x350
[  434.633613][ T9574]  ? list_netdevice+0x450/0x450
[  434.635287][ T7520] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux1
[  434.638474][ T9574]  ? linkwatch_fire_event+0xb2/0x3c0
[  434.638502][ T9574]  ? netif_carrier_on+0xc1/0x130
[  434.656056][ T9574]  __tun_detach+0x6b6/0x1600
[  434.660671][ T9574]  tun_chr_close+0x104/0x1b0
[  434.665276][ T9574]  ? tun_chr_open+0x4d0/0x4d0
[  434.669975][ T9574]  __fput+0x3fe/0x8e0
[  434.673994][ T9574]  task_work_run+0x129/0x1a0
[  434.678611][ T9574]  exit_to_user_mode_loop+0x106/0x130
[  434.683998][ T9574]  exit_to_user_mode_prepare+0xb1/0x140
[  434.689560][ T9574]  syscall_exit_to_user_mode+0x5d/0x240
[  434.695127][ T9574]  do_syscall_64+0x47/0xb0
[  434.699556][ T9574]  ? clear_bhb_loop+0x15/0x70
[  434.704250][ T9574]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  434.710247][ T9574] RIP: 0033:0x7fed098c83b9
[  434.714674][ T9574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  434.734294][ T9574] RSP: 002b:00007fed07d47048 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  434.742742][ T9574] RAX: 0000000000000000 RBX: 00007fed09a56f80 RCX: 00007fed098c83b9
[  434.750726][ T9574] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  434.758706][ T9574] RBP: 00007fed07d470a0 R08: 0000000000000000 R09: 0000000000000000
[  434.766683][ T9574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  434.774661][ T9574] R13: 000000000000000b R14: 00007fed09a56f80 R15: 00007fff842b4868
[  434.782664][ T9574]  </TASK>
[  434.858291][ T5891] usb 2-1: USB disconnect, device number 22
[  434.982979][ T9576] loop3: detected capacity change from 0 to 4096
[  435.051125][ T9576] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512)
[  435.286158][ T9583] fuse: Bad value for 'fd'
[  435.316911][ T9583] 9pnet: Insufficient options for proto=fd
[  435.325402][ T9585] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1264'.
[  435.345621][ T9585] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1264'.
[  435.861797][ T9593] loop2: detected capacity change from 0 to 8192
[  435.959237][ T9593] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[  435.972252][ T9593] REISERFS (device loop2): using ordered data mode
[  435.980473][ T9593] reiserfs: using flush barriers
[  436.006420][ T9593] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  436.069086][ T9593] REISERFS (device loop2): checking transaction log (loop2)
[  436.340416][ T9593] REISERFS (device loop2): Using tea hash to sort names
[  436.353685][ T9611] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1270'.
[  436.355483][ T9593] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  436.722999][ T9619] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1272'.
[  436.755756][   T26] audit: type=1326 audit(1722543017.510:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9608 comm="syz.0.1269" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a127c43b9 code=0x0
[  436.899390][ T9622] loop4: detected capacity change from 0 to 512
[  436.911191][ T9624] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1274'.
[  437.129016][ T9635] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1277'.
[  437.173229][ T9635] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1277'.
[  437.324410][ T9638] fuse: Bad value for 'fd'
[  437.330932][ T5891] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  437.581844][ T5888] Bluetooth: hci2: command 0x0401 tx timeout
[  437.605292][ T9622] loop4: detected capacity change from 0 to 32768
[  437.658418][ T9622] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.1275 (9622)
[  437.681424][ T9624] loop3: detected capacity change from 0 to 32768
[  437.708268][ T9622] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  437.730808][ T5891] usb 2-1: Using ep0 maxpacket: 8
[  437.734555][ T9624] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 scanned by syz.3.1274 (9624)
[  437.740606][ T9622] BTRFS info (device loop4): using free space tree
[  437.790900][ T9622] BTRFS info (device loop4): has skinny extents
[  437.808845][ T9624] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  437.831553][ T9624] BTRFS info (device loop3): using free space tree
[  437.840451][ T9624] BTRFS info (device loop3): has skinny extents
[  437.870998][ T5891] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  437.878395][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  437.919680][ T9624] BTRFS info (device loop3): enabling ssd optimizations
[  437.935468][ T1187] BTRFS warning (device loop3): checksum verify failed on 5267456 wanted 0xd36f28683bcc071ebd9001b116f0a96c43b53005e93ac30efa4e4ee37cf90c76 found 0x760816d3414036959456d1dc15ead4b4635ccc0c15a841b0d042202459e42d17 level 0
[  437.943324][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  437.966976][ T9624] BTRFS warning (device loop3): failed to read fs tree: -5
[  438.079123][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  438.100007][ T9624] BTRFS error (device loop3): open_ctree failed
[  438.181076][ T5891] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  438.188539][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  438.205862][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  438.223324][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  438.231032][ T9622] BTRFS info (device loop4): enabling ssd optimizations
[  438.311101][ T5891] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  438.318651][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  438.370753][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  438.382833][ T1187] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  438.464774][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  438.794031][ T5891] usb 2-1: string descriptor 0 read error: -22
[  438.800860][ T5891] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  438.840438][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.858112][ T9687] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1282'.
[  438.952100][ T5891] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux1
[  439.022218][ T1187] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  439.182424][ T9522] usb 2-1: USB disconnect, device number 23
[  439.224536][ T9691] loop2: detected capacity change from 0 to 4096
[  439.336747][ T9691] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  439.682811][ T5891] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  439.732421][ T1390] ieee802154 phy0 wpan0: encryption failed: -22
[  439.732487][ T1390] ieee802154 phy1 wpan1: encryption failed: -22
[  440.188600][ T9707] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1287'.
[  440.225130][ T5891] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  440.381253][ T9711] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1288'.
[  440.399036][ T9711] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1288'.
[  440.448302][ T9709] loop3: detected capacity change from 0 to 4096
[  440.520224][ T9700] loop4: detected capacity change from 0 to 32768
[  440.580021][ T9709] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512)
[  440.629080][ T9700] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.1281 (9700)
[  440.648986][ T9709] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  440.712993][ T9720] fuse: Bad value for 'fd'
[  440.723229][ T9700] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  440.751949][ T9723] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1289'.
[  440.820792][ T9700] BTRFS info (device loop4): using free space tree
[  440.827423][ T9700] BTRFS info (device loop4): has skinny extents
[  441.332509][ T9741] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1294'.
[  441.765216][ T9700] BTRFS info (device loop4): enabling ssd optimizations
[  441.856541][ T9750] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1293'.
[  441.889065][ T9756] udc-core: couldn't find an available UDC or it's busy
[  441.895630][ T9754] loop1: detected capacity change from 0 to 256
[  441.936812][ T9756] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  441.985768][ T9754] exfat: Deprecated parameter 'namecase'
[  441.999850][ T9754] exfat: Deprecated parameter 'utf8'
[  442.086377][ T9754] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d)
[  442.535005][ T9758] loop3: detected capacity change from 0 to 32768
[  442.564664][ T9014] exFAT-fs (loop1): error, invalid access to FAT (entry 0x00000005) bogus content (0x61616161)
[  442.586202][ T9014] exFAT-fs (loop1): Filesystem has been set read-only
[  442.595692][ T9014] exFAT-fs (loop1): error, invalid access to FAT (entry 0x00000005) bogus content (0x61616161)
[  442.638043][ T9763] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1300'.
[  442.653502][ T9758] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 scanned by syz.3.1293 (9758)
[  442.694400][ T9763] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1300'.
[  442.752774][ T9758] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  442.787016][ T9758] BTRFS info (device loop3): using free space tree
[  442.828896][ T9758] BTRFS info (device loop3): has skinny extents
[  443.108164][ T9758] BTRFS info (device loop3): enabling ssd optimizations
[  443.118621][ T9093] BTRFS warning (device loop3): checksum verify failed on 5267456 wanted 0xd36f28683bcc071ebd9001b116f0a96c43b53005e93ac30efa4e4ee37cf90c76 found 0x760816d3414036959456d1dc15ead4b4635ccc0c15a841b0d042202459e42d17 level 0
[  443.178209][  T150] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.229362][ T9758] BTRFS warning (device loop3): failed to read fs tree: -5
[  443.266915][ T9766] loop2: detected capacity change from 0 to 40427
[  443.336205][ T9758] BTRFS error (device loop3): open_ctree failed
[  443.346251][ T9766] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  443.376063][ T9766] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  443.479306][  T150] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.537471][ T9766] F2FS-fs (loop2): Found nat_bits in checkpoint
[  443.588499][ T9798] fuse: Bad value for 'fd'
[  443.603802][  T150] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.667528][ T9766] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  443.695984][  T150] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.736370][ T9766] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  443.812702][ T9766] fscrypt (loop2, inode 3): Error -61 getting encryption context
[  444.186730][ T9093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  444.808149][ T9805] sched: RT throttling activated
[  444.842206][ T3810] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  446.240916][ T5888] Bluetooth: hci1: command 0x0409 tx timeout
[  446.264668][ T9813] loop3: detected capacity change from 0 to 2048
[  446.412835][ T9817] udc-core: couldn't find an available UDC or it's busy
[  446.419790][ T9817] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  446.526355][ T9813] EXT4-fs error (device loop3): ext4_fill_super:4840: inode #2: comm syz.3.1310: casefold flag without casefold feature
[  446.630268][ T9813] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  446.683285][ T9800] chnl_net:caif_netlink_parms(): no params data found
[  446.727309][ T9813] EXT4-fs (loop3): Errors on filesystem, clearing orphan list.
[  446.761915][ T9813] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  447.042069][ T9833] ufs: You didn't specify the type of your ufs filesystem
[  447.042069][ T9833] 
[  447.042069][ T9833] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  447.042069][ T9833] 
[  447.042069][ T9833] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  447.073197][ T9833] ufs: ufstype=old is supported read-only
[  447.079442][ T9833] ufs: ufs_fill_super(): bad magic number
[  447.154094][ T9813] overlayfs: conflicting lowerdir path
[  447.263337][ T9800] bridge0: port 1(bridge_slave_0) entered blocking state
[  447.308194][ T9800] bridge0: port 1(bridge_slave_0) entered disabled state
[  447.383995][ T9800] device bridge_slave_0 entered promiscuous mode
[  447.396046][ T9812] loop4: detected capacity change from 0 to 32768
[  447.402452][ T9839] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1312'.
[  447.419346][ T9839] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1312'.
[  447.455351][ T9800] bridge0: port 2(bridge_slave_1) entered blocking state
[  447.468197][ T9800] bridge0: port 2(bridge_slave_1) entered disabled state
[  447.474053][ T9812] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.1309 (9812)
[  447.523099][ T9812] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  447.525964][ T9800] device bridge_slave_1 entered promiscuous mode
[  447.537417][ T9812] BTRFS info (device loop4): using free space tree
[  447.581086][ T9812] BTRFS info (device loop4): has skinny extents
[  447.729646][ T9800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  447.901820][ T9800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  448.196881][ T9812] BTRFS info (device loop4): enabling ssd optimizations
[  448.301045][ T7516] Bluetooth: hci1: command 0x041b tx timeout
[  448.584103][ T9800] team0: Port device team_slave_0 added
[  448.623908][ T9800] team0: Port device team_slave_1 added
[  448.719774][ T9800] batman_adv: batadv0: Adding interface: batadv_slave_0
[  448.750098][ T9800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  448.816914][ T9800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  448.829258][ T9800] batman_adv: batadv0: Adding interface: batadv_slave_1
[  448.836276][ T9800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  448.936284][ T9800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  448.969934][ T9881] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1317'.
[  449.038327][ T9891] FAULT_INJECTION: forcing a failure.
[  449.038327][ T9891] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  449.066354][ T9891] CPU: 0 PID: 9891 Comm: syz.2.1318 Not tainted 5.15.164-syzkaller #0
[  449.074519][ T9891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  449.084570][ T9891] Call Trace:
[  449.087840][ T9891]  <TASK>
[  449.090758][ T9891]  dump_stack_lvl+0x1e3/0x2d0
[  449.095427][ T9891]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  449.101064][ T9891]  ? panic+0x860/0x860
[  449.105127][ T9891]  ? rcu_is_watching+0x11/0xa0
[  449.109887][ T9891]  ? kmem_cache_free+0x146/0x1f0
[  449.114818][ T9891]  should_fail+0x38a/0x4c0
[  449.119246][ T9891]  _copy_to_user+0x2d/0x130
[  449.123734][ T9891]  do_fcntl+0xc52/0x1600
[  449.127968][ T9891]  ? rcu_lock_release+0x20/0x20
[  449.132807][ T9891]  ? __fget_files+0x413/0x480
[  449.137471][ T9891]  ? tomoyo_file_fcntl+0x7c/0x200
[  449.142480][ T9891]  ? bpf_lsm_file_fcntl+0x5/0x10
[  449.147405][ T9891]  ? security_file_fcntl+0x7d/0xa0
[  449.152506][ T9891]  __se_sys_fcntl+0xd8/0x1b0
[  449.157085][ T9891]  do_syscall_64+0x3b/0xb0
[  449.161487][ T9891]  ? clear_bhb_loop+0x15/0x70
[  449.166155][ T9891]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  449.172033][ T9891] RIP: 0033:0x7fed098c83b9
[  449.176443][ T9891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  449.196033][ T9891] RSP: 002b:00007fed07d47048 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[  449.204434][ T9891] RAX: ffffffffffffffda RBX: 00007fed09a56f80 RCX: 00007fed098c83b9
[  449.212396][ T9891] RDX: 0000000020000200 RSI: 0000000000000005 RDI: 0000000000000005
[  449.220354][ T9891] RBP: 00007fed07d470a0 R08: 0000000000000000 R09: 0000000000000000
[  449.228315][ T9891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  449.236271][ T9891] R13: 000000000000000b R14: 00007fed09a56f80 R15: 00007fff842b4868
[  449.244240][ T9891]  </TASK>
[  449.254039][ T9800] device hsr_slave_0 entered promiscuous mode
[  449.261471][ T9800] device hsr_slave_1 entered promiscuous mode
[  449.263751][ T9526] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  449.278350][ T9800] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  449.289452][ T9800] Cannot create hsr debugfs directory
[  449.500527][ T9902] fuse: Bad value for 'fd'
[  449.619260][  T150] device hsr_slave_0 left promiscuous mode
[  449.639576][  T150] device hsr_slave_1 left promiscuous mode
[  449.674995][  T150] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  449.690767][  T150] batman_adv: batadv0: Removing interface: batadv_slave_0
[  449.701995][  T150] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  449.709503][  T150] batman_adv: batadv0: Removing interface: batadv_slave_1
[  449.721304][  T150] device bridge_slave_1 left promiscuous mode
[  449.750266][  T150] bridge0: port 2(bridge_slave_1) entered disabled state
[  449.787076][  T150] device bridge_slave_0 left promiscuous mode
[  449.818114][  T150] bridge0: port 1(bridge_slave_0) entered disabled state
[  449.860569][  T150] device veth1_macvtap left promiscuous mode
[  449.878997][  T150] device veth0_macvtap left promiscuous mode
[  449.898439][  T150] device veth1_vlan left promiscuous mode
[  449.909429][  T150] device veth0_vlan left promiscuous mode
[  450.702876][ T3638] Bluetooth: hci1: command 0x040f tx timeout
[  450.880015][  T150] team0 (unregistering): Port device team_slave_1 removed
[  450.922693][  T150] team0 (unregistering): Port device team_slave_0 removed
[  450.954299][  T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  450.969665][  T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  451.082298][ T5891] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  451.361042][ T5891] usb 4-1: Using ep0 maxpacket: 8
[  451.491437][ T5891] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  451.511130][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  451.686960][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  451.698577][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  451.757680][  T150] bond0 (unregistering): Released all slaves
[  451.790962][ T5891] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  451.801707][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  451.814327][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  451.821257][ T3666] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  451.827133][ T3649] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  451.855814][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  451.877813][ T9914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1323'.
[  451.887110][ T9914] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1323'.
[  451.970961][ T5891] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  451.987940][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  452.009889][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  452.050094][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  452.635047][ T5891] usb 4-1: string descriptor 0 read error: -22
[  452.722093][ T5891] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  452.732285][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.981393][ T5891] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux1
[  453.093290][ T5795] Bluetooth: hci1: command 0x0419 tx timeout
[  453.120001][ T5891] usb 4-1: USB disconnect, device number 18
[  453.266936][ T9940] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1328'.
[  453.428705][ T9953] fuse: Invalid rootmode
[  453.512596][ T9800] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  453.530364][ T9800] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  453.557406][ T9800] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  453.574649][ T9800] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  454.152791][ T9800] 8021q: adding VLAN 0 to HW filter on device bond0
[  454.552460][ T5795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  454.560280][ T5795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  454.601826][ T9800] 8021q: adding VLAN 0 to HW filter on device team0
[  454.661309][ T7519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  454.856382][ T7519] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  454.865578][ T7519] bridge0: port 1(bridge_slave_0) entered blocking state
[  454.872681][ T7519] bridge0: port 1(bridge_slave_0) entered forwarding state
[  454.891483][ T9971] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1335'.
[  454.901123][ T9971] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1335'.
[  454.931628][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  455.081029][ T5795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  455.243008][ T5795] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  455.447045][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state
[  455.454152][ T5795] bridge0: port 2(bridge_slave_1) entered forwarding state
[  455.781016][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  455.800476][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  455.828827][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  455.863301][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  455.892393][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  455.922212][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  455.939721][ T9955] loop2: detected capacity change from 0 to 32768
[  455.957915][ T3638] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  455.986433][ T5795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  456.015531][ T5795] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  456.049452][ T9955] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.1331 (9955)
[  456.070051][ T5795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  456.107409][ T5795] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  456.128373][ T9955] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  456.138806][ T9800] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  456.175937][ T9955] BTRFS info (device loop2): using free space tree
[  456.206781][ T9955] BTRFS info (device loop2): has skinny extents
[  456.689856][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  456.710141][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  456.751615][ T9800] 8021q: adding VLAN 0 to HW filter on device batadv0
[  456.824344][ T9981] loop4: detected capacity change from 0 to 32768
[  456.846823][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  456.861517][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  456.876710][ T9955] BTRFS error (device loop2): open_ctree failed
[  457.062410][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  457.070483][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  457.272140][ T9800] device veth0_vlan entered promiscuous mode
[  457.512632][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  457.520527][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  457.583562][ T3649] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  457.594840][ T3810] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  457.621188][ T9800] device veth1_vlan entered promiscuous mode
[  457.727569][ T9981] XFS (loop4): Mounting V5 Filesystem
[  457.769035][T10041] loop2: detected capacity change from 0 to 1024
[  457.777916][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  457.823667][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  457.827627][T10041] EXT4-fs (loop2): Ignoring removed nobh option
[  457.841570][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  457.850045][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  457.861771][ T9800] device veth0_macvtap entered promiscuous mode
[  457.883020][T10037] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1340'.
[  457.924955][ T9981] XFS (loop4): Ending clean mount
[  457.983736][T10041] EXT4-fs (loop2): mounted filesystem without journal. Opts: user_xattr,init_itable=0x0000000000000003,nobh,usrquota,inode_readahead_blks=0x0000000000010000,max_dir_size_kb=0x00000000000007b1,jqfmt=vfsv1,min_batch_time=0x000000000000088d,delalloc,discard,nojournal_checksum,,errors=continue. Quota mode: writeback.
[  458.017658][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  458.063181][ T9800] device veth1_macvtap entered promiscuous mode
[  458.100802][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  458.170741][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  458.211243][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  458.315937][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  458.389320][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  458.437976][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  458.474484][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  458.518161][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  458.564808][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  458.594999][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  458.631990][ T9800] batman_adv: batadv0: Interface activated: batadv_slave_0
[  458.653626][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  458.671641][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  458.718290][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  458.746311][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  458.775285][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  458.798414][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  458.817300][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  458.849935][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  458.871610][   T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  458.900585][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  458.921352][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  458.979270][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  459.008806][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  459.040583][ T9800] batman_adv: batadv0: Interface activated: batadv_slave_1
[  459.055766][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  459.066633][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  459.104244][ T9800] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  459.125275][ T9800] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  459.167171][ T9800] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  459.186113][ T9800] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  459.311131][ T5027] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  459.369937][ T3649] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  459.395465][ T3649] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  459.426130][ T3666] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  459.434970][ T3666] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  459.468025][T10041] overlayfs: failed to resolve '/per': -2
[  459.487518][ T5791] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  459.671734][ T5791] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  459.784295][ T8997] XFS (loop4): Unmounting Filesystem
[  459.871790][ T3615] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  459.891348][   T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  459.941043][ T5027] usb 4-1: Using ep0 maxpacket: 8
[  460.081106][ T5027] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  460.088729][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  460.125610][T10106] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1345'.
[  460.137404][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  460.155028][T10106] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1345'.
[  460.190937][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  460.320955][ T5027] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  460.328373][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  460.365134][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  460.380842][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  460.516378][ T5027] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  460.526399][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  460.557295][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  460.592733][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  460.726221][T10111] loop2: detected capacity change from 0 to 32768
[  460.951022][ T5027] usb 4-1: string descriptor 0 read error: -22
[  460.958005][ T5027] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  460.972228][T10111] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.1348 (10111)
[  461.136549][ T5027] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  461.193031][ T5027] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux1
[  461.615953][T10111] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  461.728933][T10111] BTRFS info (device loop2): using free space tree
[  461.979833][T10111] BTRFS info (device loop2): has skinny extents
[  462.061546][ T5895] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  462.112373][ T3580] usb 4-1: USB disconnect, device number 19
[  462.307698][T10138] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1351'.
[  462.758808][T10111] BTRFS info (device loop2): enabling ssd optimizations
[  463.142917][T10154] FAULT_INJECTION: forcing a failure.
[  463.142917][T10154] name failslab, interval 1, probability 0, space 0, times 0
[  463.202627][T10157] udc-core: couldn't find an available UDC or it's busy
[  463.229306][T10157] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  463.270805][T10154] CPU: 0 PID: 10154 Comm: syz.3.1354 Not tainted 5.15.164-syzkaller #0
[  463.279060][T10154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  463.289108][T10154] Call Trace:
[  463.292371][T10154]  <TASK>
[  463.295287][T10154]  dump_stack_lvl+0x1e3/0x2d0
[  463.299959][T10154]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  463.305591][T10154]  ? panic+0x860/0x860
[  463.309644][T10154]  ? __might_sleep+0xc0/0xc0
[  463.314246][T10154]  should_fail+0x38a/0x4c0
[  463.318652][T10154]  should_failslab+0x5/0x20
[  463.323140][T10154]  slab_pre_alloc_hook+0x53/0xc0
[  463.328063][T10154]  __kmalloc+0x6e/0x300
[  463.332200][T10154]  ? tomoyo_realpath_from_path+0xd8/0x5e0
[  463.337904][T10154]  tomoyo_realpath_from_path+0xd8/0x5e0
[  463.343471][T10154]  tomoyo_path_number_perm+0x225/0x810
[  463.348922][T10154]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  463.354407][T10154]  ? __fget_files+0x413/0x480
[  463.359080][T10154]  security_file_ioctl+0x6d/0xa0
[  463.364002][T10154]  __se_sys_ioctl+0x47/0x160
[  463.368577][T10154]  do_syscall_64+0x3b/0xb0
[  463.372980][T10154]  ? clear_bhb_loop+0x15/0x70
[  463.377661][T10154]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  463.383589][T10154] RIP: 0033:0x7f556460e3b9
[  463.387986][T10154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  463.407571][T10154] RSP: 002b:00007f5562a8d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  463.415970][T10154] RAX: ffffffffffffffda RBX: 00007f556479cf80 RCX: 00007f556460e3b9
[  463.423930][T10154] RDX: 0000000020000080 RSI: 00000000c008561b RDI: 0000000000000003
[  463.431888][T10154] RBP: 00007f5562a8d0a0 R08: 0000000000000000 R09: 0000000000000000
[  463.439847][T10154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  463.447801][T10154] R13: 000000000000000b R14: 00007f556479cf80 R15: 00007fff532e9bb8
[  463.455851][T10154]  </TASK>
[  463.479637][ T3649] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  463.491089][ T9093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  463.520020][T10154] ERROR: Out of memory at tomoyo_realpath_from_path.
[  463.636775][T10162] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  464.416963][T10177] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1358'.
[  464.448576][T10177] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1358'.
[  464.536393][T10171] loop1: detected capacity change from 0 to 32768
[  464.620794][T10171] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.1360 (10171)
[  464.860839][T10184] ufs: You didn't specify the type of your ufs filesystem
[  464.860839][T10184] 
[  464.860839][T10184] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  464.860839][T10184] 
[  464.860839][T10184] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  464.893646][T10184] ufs: ufstype=old is supported read-only
[  464.902442][T10184] ufs: ufs_fill_super(): bad magic number
[  464.919468][T10171] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  464.978575][T10171] BTRFS info (device loop1): force zlib compression, level 3
[  465.680870][T10171] BTRFS info (device loop1): setting nodatasum
[  465.687233][T10171] BTRFS info (device loop1): enabling auto defrag
[  465.721856][T10171] BTRFS info (device loop1): max_inline at 0
[  465.759448][T10171] BTRFS info (device loop1): using free space tree
[  465.773412][T10195] loop3: detected capacity change from 0 to 256
[  465.799906][T10171] BTRFS info (device loop1): has skinny extents
[  465.971371][T10195] exfat: Bad value for 'uid'
[  466.120806][ T3614] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  466.150856][T10171] BTRFS info (device loop1): enabling ssd optimizations
[  466.161111][T10215] loop2: detected capacity change from 0 to 4096
[  466.229780][T10215] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  466.360775][ T3614] usb 5-1: Using ep0 maxpacket: 8
[  466.481408][ T3614] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  467.213472][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  467.240787][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  467.252326][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  467.343904][ T3614] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  467.362942][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  467.390101][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  467.477833][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  467.580936][ T3614] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  467.595705][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  467.639668][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  467.688672][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  468.111425][ T3614] usb 5-1: string descriptor 0 read error: -22
[  468.123297][ T3614] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  468.225433][ T3614] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  468.630157][ T3614] usb 5-1: can't set config #168, error -71
[  468.642888][ T3614] usb 5-1: USB disconnect, device number 23
[  468.652280][ T6246] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  468.724106][T10246] loop1: detected capacity change from 0 to 4096
[  468.759959][T10252] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1373'.
[  468.769950][T10252] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1373'.
[  468.823140][T10246] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  468.875416][T10246] ntfs: (device loop1): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk.
[  468.886710][T10246] ntfs: (device loop1): ntfs_read_locked_inode(): $DATA attribute is missing.
[  468.914599][T10248] ufs: You didn't specify the type of your ufs filesystem
[  468.914599][T10248] 
[  468.914599][T10248] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  468.914599][T10248] 
[  468.914599][T10248] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  468.945424][T10248] ufs: ufstype=old is supported read-only
[  468.951876][T10248] ufs: ufs_fill_super(): bad magic number
[  469.031510][T10246] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[  469.453756][ T9093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  469.503743][T10246] ntfs: (device loop1): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  469.513978][ T3649] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  469.551998][T10254] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1376'.
[  469.658213][T10246] ntfs: volume version 3.1.
[  469.708716][T10246] ntfs: (device loop1): load_and_init_quota(): Failed to find inode number for $Quota.
[  469.739506][T10246] ntfs: (device loop1): load_system_files(): Failed to load $Quota.  Will not be able to remount read-write.  Run chkdsk.
[  470.086249][T10272] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1382'.
[  470.929509][T10280] loop3: detected capacity change from 0 to 4096
[  471.085239][T10280] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  471.953137][T10295] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1386'.
[  472.000873][T10295] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1386'.
[  472.470812][ T3614] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  472.672347][T10302] ufs: You didn't specify the type of your ufs filesystem
[  472.672347][T10302] 
[  472.672347][T10302] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  472.672347][T10302] 
[  472.672347][T10302] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  472.703223][T10302] ufs: ufstype=old is supported read-only
[  472.709463][T10302] ufs: ufs_fill_super(): bad magic number
[  472.720850][ T3614] usb 4-1: Using ep0 maxpacket: 8
[  472.840902][ T3614] usb 4-1: config 0 has an invalid descriptor of length 12, skipping remainder of the config
[  472.860897][ T3614] usb 4-1: config 0 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  472.899034][ T3614] usb 4-1: config 0 interface 0 has no altsetting 0
[  472.915189][ T3614] usb 4-1: New USB device found, idVendor=2247, idProduct=0001, bcdDevice= 0.00
[  472.933127][T10297] loop1: detected capacity change from 0 to 65536
[  472.934617][ T3614] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  472.967960][ T3614] usb 4-1: config 0 descriptor??
[  473.013219][ T3614] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  473.096792][T10297] XFS (loop1): Mounting V5 Filesystem
[  473.150064][T10297] XFS (loop1): Ending clean mount
[  473.460865][ T6246] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  473.497460][T10319] loop4: detected capacity change from 0 to 1024
[  473.568284][T10319] EXT4-fs (loop4): Ignoring removed nobh option
[  473.601874][T10319] EXT4-fs (loop4): mounted filesystem without journal. Opts: user_xattr,init_itable=0x0000000000000003,nobh,usrquota,inode_readahead_blks=0x0000000000010000,max_dir_size_kb=0x00000000000007b1,jqfmt=vfsv1,min_batch_time=0x000000000000088d,delalloc,discard,nojournal_checksum,,errors=continue. Quota mode: writeback.
[  473.946293][ T6246] usb 2-1: config 0 has an invalid interface number: 106 but max is 0
[  473.967396][ T6246] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  474.015328][ T6246] usb 2-1: config 0 has no interface number 0
[  474.039301][ T6246] usb 2-1: config 0 interface 106 altsetting 0 endpoint 0xF has invalid maxpacket 13600, setting to 64
[  474.091498][ T6246] usb 2-1: config 0 interface 106 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 77
[  474.128845][ T6246] usb 2-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  474.146251][ T6246] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  474.180827][ T6246] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.199522][T10329] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1394'.
[  474.225580][ T6246] usb 2-1: config 0 descriptor??
[  474.261164][T10297] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  474.303737][ T6246] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  474.382160][T10336] fuse: Bad value for 'rootmode'
[  474.450089][T10319] overlayfs: failed to resolve '/per': -2
[  474.861099][  T150] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  475.189754][ T3645] usb 2-1: USB disconnect, device number 24
[  475.225247][ T1187] usb 2-1: Failed to submit usb control message: -71
[  475.263706][ T1187] usb 2-1: unable to send the bmi data to the device: -71
[  475.341341][ T1187] usb 2-1: unable to get target info from device
[  475.347692][ T1187] usb 2-1: could not get target info (-71)
[  475.373698][ T1187] usb 2-1: could not probe fw (-71)
[  475.403762][ T3614] usb 4-1: USB disconnect, device number 20
[  475.459531][T10354] loop2: detected capacity change from 0 to 4096
[  475.511841][ T9093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  475.676859][T10354] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  475.871266][ T9800] XFS (loop1): Unmounting Filesystem
[  476.688106][T10373] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  477.473712][T10382] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1407'.
[  477.528612][T10385] FAULT_INJECTION: forcing a failure.
[  477.528612][T10385] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  477.543387][T10385] CPU: 0 PID: 10385 Comm: syz.3.1408 Not tainted 5.15.164-syzkaller #0
[  477.551643][T10385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  477.561711][T10385] Call Trace:
[  477.564992][T10385]  <TASK>
[  477.567930][T10385]  dump_stack_lvl+0x1e3/0x2d0
[  477.572618][T10385]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  477.578261][T10385]  ? panic+0x860/0x860
[  477.582339][T10385]  ? __lock_acquire+0x1ff0/0x1ff0
[  477.587378][T10385]  should_fail+0x38a/0x4c0
[  477.591811][T10385]  _copy_from_iter+0x243/0xe90
[  477.596593][T10385]  ? copy_mc_pipe_to_iter+0x760/0x760
[  477.601974][T10385]  ? __virt_addr_valid+0x3bb/0x460
[  477.607091][T10385]  ? 0xffffffff81000000
[  477.611247][T10385]  ? __check_object_size+0x300/0x410
[  477.616548][T10385]  netlink_sendmsg+0x800/0xd60
[  477.621330][T10385]  ? netlink_getsockopt+0x5b0/0x5b0
[  477.626538][T10385]  ? aa_sock_msg_perm+0x91/0x150
[  477.631486][T10385]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  477.636771][T10385]  ? security_socket_sendmsg+0x7d/0xa0
[  477.642239][T10385]  ? netlink_getsockopt+0x5b0/0x5b0
[  477.647442][T10385]  ____sys_sendmsg+0x59e/0x8f0
[  477.652213][T10385]  ? iovec_from_user+0x300/0x390
[  477.657165][T10385]  ? __sys_sendmsg_sock+0x30/0x30
[  477.662214][T10385]  ___sys_sendmsg+0x252/0x2e0
[  477.666906][T10385]  ? __sys_sendmsg+0x260/0x260
[  477.671712][T10385]  ? __fdget+0x191/0x220
[  477.675965][T10385]  __se_sys_sendmsg+0x19a/0x260
[  477.680824][T10385]  ? __x64_sys_sendmsg+0x80/0x80
[  477.685777][T10385]  ? syscall_enter_from_user_mode+0x2e/0x240
[  477.691763][T10385]  ? lockdep_hardirqs_on+0x94/0x130
[  477.696966][T10385]  ? syscall_enter_from_user_mode+0x2e/0x240
[  477.702953][T10385]  do_syscall_64+0x3b/0xb0
[  477.707371][T10385]  ? clear_bhb_loop+0x15/0x70
[  477.712062][T10385]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  477.717960][T10385] RIP: 0033:0x7f556460e3b9
[  477.722380][T10385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  477.741984][T10385] RSP: 002b:00007f5562a8d048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  477.750403][T10385] RAX: ffffffffffffffda RBX: 00007f556479cf80 RCX: 00007f556460e3b9
[  477.758382][T10385] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003
[  477.766355][T10385] RBP: 00007f5562a8d0a0 R08: 0000000000000000 R09: 0000000000000000
[  477.774364][T10385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  477.782349][T10385] R13: 000000000000000b R14: 00007f556479cf80 R15: 00007fff532e9bb8
[  477.790339][T10385]  </TASK>
[  477.822071][T10388] fuse: Bad value for 'rootmode'
[  477.950419][T10390] loop2: detected capacity change from 0 to 4096
[  478.067263][ T3645] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  478.103819][T10390] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  479.025993][T10401] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1412'.
[  479.088941][T10401] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1412'.
[  479.215101][T10392] loop3: detected capacity change from 0 to 32768
[  479.331580][T10392] ERROR: (device loop3): dbAlloc: the hint is outside the map
[  479.331580][T10392] 
[  479.342921][ T3645] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  479.507517][T10409] loop1: detected capacity change from 0 to 8192
[  479.531233][    T9] read_mapping_page failed!
[  479.540103][    T9] ERROR: (device loop3): txCommit: 
[  479.540103][    T9] 
[  479.580894][    T9] jfs_write_inode: jfs_commit_inode failed!
[  479.644126][T10409] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  479.658122][T10409] REISERFS (device loop1): using ordered data mode
[  479.681636][T10409] reiserfs: using flush barriers
[  479.708810][T10409] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  479.741066][T10409] REISERFS (device loop1): checking transaction log (loop1)
[  479.856429][T10409] REISERFS (device loop1): Using tea hash to sort names
[  479.876921][T10409] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  480.541595][ T3649] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  480.636075][    T9] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  480.754301][T10417] loop3: detected capacity change from 0 to 40427
[  480.770210][T10433] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1421'.
[  480.857723][T10417] F2FS-fs (loop3): Invalid log blocks per segment (4278190089)
[  480.868306][T10417] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  480.900595][T10417] F2FS-fs (loop3): invalid crc value
[  480.966559][T10442] fuse: Unknown parameter 'use00000000000000000000'
[  480.981145][T10417] F2FS-fs (loop3): Found nat_bits in checkpoint
[  481.116252][T10417] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  481.133663][T10417] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  481.171949][T10417] attempt to access beyond end of device
[  481.171949][T10417] loop3: rw=2049, want=45112, limit=40427
[  481.858267][T10453] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1426'.
[  481.925376][T10453] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1426'.
[  482.092152][T10458] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1427'.
[  482.120362][T10456] loop3: detected capacity change from 0 to 4096
[  482.171232][T10458] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1427'.
[  482.317407][T10466] capability: warning: `syz.2.1429' uses deprecated v2 capabilities in a way that may be insecure
[  482.350404][T10456] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  483.018640][ T3614] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  483.261046][ T3614] usb 2-1: Using ep0 maxpacket: 16
[  483.386968][ T3614] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  483.411854][ T3614] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  483.440842][ T3614] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  483.464143][ T3614] usb 2-1: New USB device found, idVendor=056a, idProduct=0022, bcdDevice= 0.00
[  483.489657][ T3614] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.524844][ T3614] usb 2-1: config 0 descriptor??
[  483.680113][T10495] fuse: Unknown parameter 'use00000000000000000000'
[  483.689727][T10496] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1437'.
[  483.705506][T10496] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1437'.
[  483.767928][T10469] loop1: detected capacity change from 0 to 256
[  483.839485][T10504] 9pnet: Insufficient options for proto=fd
[  483.903828][T10469] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  483.991544][   T26] audit: type=1800 audit(1722543064.750:47): pid=10469 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1430" name="file1" dev="loop1" ino=1048647 res=0 errno=0
[  484.127051][T10511] loop4: detected capacity change from 0 to 256
[  484.151304][T10511] exfat: Bad value for 'uid'
[  484.379512][T10469] exFAT-fs (loop1): error, exfat_alloc_cluster: invalid used clusters(t:15,u:4294930444)
[  484.379512][T10469] 
[  484.436149][T10469] exFAT-fs (loop1): Filesystem has been set read-only
[  484.463380][T10469] exFAT-fs (loop1): error, failed to bmap (inode : ffff8880652eb560 iblock : 32, err : -5)
[  484.537492][T10469] exFAT-fs (loop1): error, exfat_alloc_cluster: invalid used clusters(t:15,u:4294930444)
[  484.537492][T10469] 
[  484.564384][ T3614] wacom 0003:056A:0022.0012: Unknown device_type for 'HID 056a:0022'. Assuming pen.
[  484.575425][T10469] exFAT-fs (loop1): error, failed to bmap (inode : ffff8880652eb560 iblock : 32, err : -5)
[  484.611296][ T3614] wacom 0003:056A:0022.0012: hidraw0: USB HID v0.00 Device [HID 056a:0022] on usb-dummy_hcd.1-1/input0
[  484.688089][ T3614] input: Wacom Intuos 9x12 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0022.0012/input/input9
[  484.801176][ T3614] usb 2-1: USB disconnect, device number 25
[  485.363674][T10529] loop3: detected capacity change from 0 to 256
[  485.468805][T10531] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1448'.
[  485.479714][T10531] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1448'.
[  485.514443][T10520] udc-core: couldn't find an available UDC or it's busy
[  485.530933][ T3614] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  485.570214][T10520] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  485.673206][ T4209] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  485.690180][T10535] loop1: detected capacity change from 0 to 8192
[  485.717148][T10541] fuse: Unknown parameter 'use00000000000000000000'
[  485.746740][T10535] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  485.759037][T10535] REISERFS (device loop1): using ordered data mode
[  485.773360][T10535] reiserfs: using flush barriers
[  485.779436][T10535] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  485.798208][ T3614] usb 5-1: Using ep0 maxpacket: 8
[  485.802556][T10535] REISERFS (device loop1): checking transaction log (loop1)
[  485.870255][T10535] REISERFS (device loop1): Using tea hash to sort names
[  485.877610][T10535] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2)
[  485.892101][T10535] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  485.930949][ T3614] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  485.938507][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  485.950060][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  485.959701][T10535] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 6) not found (pos 2)
[  485.961826][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  485.994882][T10535] overlayfs: upper fs needs to support d_type.
[  486.002360][T10535] overlayfs: upper fs does not support tmpfile.
[  486.011646][T10535] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  486.024942][T10535] overlayfs: failed to resolve './file0': -2
[  486.061225][ T3614] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  486.076186][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  486.088464][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  486.103752][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  486.150929][T10545] 9pnet: Insufficient options for proto=fd
[  486.190963][ T3614] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  486.198904][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  486.230592][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  486.250803][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  486.451276][ T4184] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  486.543076][T10552] FAULT_INJECTION: forcing a failure.
[  486.543076][T10552] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  486.583201][T10552] CPU: 0 PID: 10552 Comm: syz.2.1458 Not tainted 5.15.164-syzkaller #0
[  486.591462][T10552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  486.601520][T10552] Call Trace:
[  486.604799][T10552]  <TASK>
[  486.605208][T10554] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1459'.
[  486.607729][T10552]  dump_stack_lvl+0x1e3/0x2d0
[  486.621300][T10552]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  486.626937][T10552]  ? panic+0x860/0x860
[  486.631013][T10552]  ? __lock_acquire+0x1ff0/0x1ff0
[  486.636050][T10552]  should_fail+0x38a/0x4c0
[  486.640478][T10552]  _copy_from_iter+0x243/0xe90
[  486.645264][T10552]  ? copy_mc_pipe_to_iter+0x760/0x760
[  486.650659][T10552]  ? __virt_addr_valid+0x3bb/0x460
[  486.650971][ T3614] usb 5-1: string descriptor 0 read error: -22
[  486.655770][T10552]  ? 0xffffffff81000000
[  486.666036][T10552]  ? __check_object_size+0x300/0x410
[  486.671332][T10552]  netlink_sendmsg+0x800/0xd60
[  486.675259][ T3614] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  486.676217][T10552]  ? netlink_getsockopt+0x5b0/0x5b0
[  486.690396][T10552]  ? aa_sock_msg_perm+0x91/0x150
[  486.695347][T10552]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  486.700646][T10552]  ? security_socket_sendmsg+0x7d/0xa0
[  486.701323][ T3614] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  486.706105][T10552]  ? netlink_getsockopt+0x5b0/0x5b0
[  486.719247][T10552]  ____sys_sendmsg+0x59e/0x8f0
[  486.724021][T10552]  ? iovec_from_user+0x300/0x390
[  486.728968][T10552]  ? __sys_sendmsg_sock+0x30/0x30
[  486.734008][T10552]  ___sys_sendmsg+0x252/0x2e0
[  486.738703][T10552]  ? __sys_sendmsg+0x260/0x260
[  486.743504][T10552]  ? __fdget+0x191/0x220
[  486.747762][T10552]  __se_sys_sendmsg+0x19a/0x260
[  486.752624][T10552]  ? __x64_sys_sendmsg+0x80/0x80
[  486.757584][T10552]  ? syscall_enter_from_user_mode+0x2e/0x240
[  486.763572][T10552]  ? lockdep_hardirqs_on+0x94/0x130
[  486.768775][T10552]  ? syscall_enter_from_user_mode+0x2e/0x240
[  486.770371][ T3614] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux1
[  486.774762][T10552]  do_syscall_64+0x3b/0xb0
[  486.774788][T10552]  ? clear_bhb_loop+0x15/0x70
[  486.774816][T10552]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  486.797098][T10552] RIP: 0033:0x7fed098c83b9
[  486.801513][T10552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  486.821126][T10552] RSP: 002b:00007fed07d47048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  486.829543][T10552] RAX: ffffffffffffffda RBX: 00007fed09a56f80 RCX: 00007fed098c83b9
[  486.837518][T10552] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003
[  486.845499][T10552] RBP: 00007fed07d470a0 R08: 0000000000000000 R09: 0000000000000000
[  486.853488][T10552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  486.861461][T10552] R13: 000000000000000b R14: 00007fed09a56f80 R15: 00007fff842b4868
[  486.869451][T10552]  </TASK>
[  487.084199][ T5895] usb 5-1: USB disconnect, device number 24
[  487.110925][T10562] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  487.172204][T10566] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  487.672408][ T5895] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  487.687391][T10569] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1462'.
[  487.718246][T10569] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1462'.
[  487.820817][T10244] Bluetooth: hci0: command 0x0406 tx timeout
[  487.877372][T10576] FAULT_INJECTION: forcing a failure.
[  487.877372][T10576] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  487.920946][T10576] CPU: 0 PID: 10576 Comm: syz.2.1465 Not tainted 5.15.164-syzkaller #0
[  487.929204][T10576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  487.939255][T10576] Call Trace:
[  487.942544][T10576]  <TASK>
[  487.945474][T10576]  dump_stack_lvl+0x1e3/0x2d0
[  487.950163][T10576]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  487.955905][T10576]  ? panic+0x860/0x860
[  487.959993][T10576]  ? snprintf+0xd6/0x120
[  487.964246][T10576]  should_fail+0x38a/0x4c0
[  487.968673][T10576]  _copy_to_user+0x2d/0x130
[  487.973185][T10576]  simple_read_from_buffer+0xc6/0x150
[  487.978564][T10576]  proc_fail_nth_read+0x1a3/0x210
[  487.983590][T10576]  ? proc_fault_inject_write+0x390/0x390
[  487.989224][T10576]  ? fsnotify_perm+0x442/0x590
[  487.993997][T10576]  ? proc_fault_inject_write+0x390/0x390
[  487.999636][T10576]  vfs_read+0x2fc/0xe10
[  488.003811][T10576]  ? kernel_read+0x1f0/0x1f0
[  488.008417][T10576]  ? __fget_files+0x413/0x480
[  488.013105][T10576]  ? mutex_lock_nested+0x17/0x20
[  488.018044][T10576]  ? __fdget_pos+0x2cb/0x380
[  488.022637][T10576]  ? ksys_read+0x77/0x2c0
[  488.026976][T10576]  ksys_read+0x1a2/0x2c0
[  488.031216][T10576]  ? print_irqtrace_events+0x210/0x210
[  488.036680][T10576]  ? vfs_write+0xe50/0xe50
[  488.041097][T10576]  ? syscall_enter_from_user_mode+0x2e/0x240
[  488.047081][T10576]  ? lockdep_hardirqs_on+0x94/0x130
[  488.052280][T10576]  ? syscall_enter_from_user_mode+0x2e/0x240
[  488.058266][T10576]  do_syscall_64+0x3b/0xb0
[  488.062687][T10576]  ? clear_bhb_loop+0x15/0x70
[  488.067367][T10576]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  488.073259][T10576] RIP: 0033:0x7fed098c6dfc
[  488.077677][T10576] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  488.097301][T10576] RSP: 002b:00007fed07d47040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  488.105742][T10576] RAX: ffffffffffffffda RBX: 00007fed09a56f80 RCX: 00007fed098c6dfc
[  488.113726][T10576] RDX: 000000000000000f RSI: 00007fed07d470b0 RDI: 0000000000000005
[  488.121700][T10576] RBP: 00007fed07d470a0 R08: 0000000000000000 R09: 0000000000000000
[  488.129676][T10576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  488.137648][T10576] R13: 000000000000000b R14: 00007fed09a56f80 R15: 00007fff842b4868
[  488.145641][T10576]  </TASK>
[  488.211831][T10579] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1466'.
[  488.334410][T10582] 9pnet: Insufficient options for proto=fd
[  488.617660][T10587] fuse: Unknown parameter 'user_i00000000000000000000'
[  488.714374][T10590] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1471'.
[  488.854603][T10593] sp0: Synchronizing with TNC
[  488.947993][T10599] loop4: detected capacity change from 0 to 64
[  488.990497][T10600] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  489.158485][T10583] udc-core: couldn't find an available UDC or it's busy
[  489.175302][T10583] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  489.221645][T10607] loop4: detected capacity change from 0 to 1024
[  489.310354][T10607] EXT4-fs (loop4): Test dummy encryption mode enabled
[  489.317776][T10607] EXT4-fs (loop4): Ignoring removed orlov option
[  489.331156][T10607] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback.
[  489.419879][T10607] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[  489.737888][T10626] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1479'.
[  490.113741][T10640] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1484'.
[  490.134024][T10641] loop3: detected capacity change from 0 to 1024
[  490.241506][T10641] hfsplus: unable to parse mount options
[  490.528269][T10654] fuse: Unknown parameter 'user_i00000000000000000000'
[  490.872370][ T4209] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  491.530303][T10668] loop3: detected capacity change from 0 to 4096
[  491.585493][   T26] audit: type=1107 audit(1722543072.340:48): pid=10672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  491.633344][T10668] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  491.809781][T10244] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[  492.020991][T10244] usb 2-1: device descriptor read/64, error -71
[  492.154588][ T1187] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  492.525491][T10681] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1496'.
[  492.604602][T10671] loop4: detected capacity change from 0 to 40427
[  492.659314][T10671] F2FS-fs (loop4): invalid crc value
[  492.660894][T10244] usb 2-1: new full-speed USB device number 27 using dummy_hcd
[  492.700556][T10671] F2FS-fs (loop4): Found nat_bits in checkpoint
[  492.824660][T10671] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  492.860951][T10244] usb 2-1: device descriptor read/64, error -71
[  493.045790][T10244] usb usb2-port1: attempt power cycle
[  493.514798][T10682] attempt to access beyond end of device
[  493.514798][T10682] loop4: rw=2049, want=45120, limit=40427
[  493.558056][T10677] udc-core: couldn't find an available UDC or it's busy
[  493.565391][T10677] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  493.574102][T10698] fuse: Unknown parameter 'user_i00000000000000000000'
[  493.715686][ T8997] attempt to access beyond end of device
[  493.715686][ T8997] loop4: rw=524288, want=45072, limit=40427
[  493.738578][ T8997] attempt to access beyond end of device
[  493.738578][ T8997] loop4: rw=0, want=45072, limit=40427
[  493.810792][T10244] usb 2-1: new full-speed USB device number 28 using dummy_hcd
[  493.907173][T10244] usb 2-1: device descriptor read/8, error -71
[  494.119257][ T3649] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  494.180882][T10244] usb 2-1: new full-speed USB device number 29 using dummy_hcd
[  494.196373][ T3649] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  494.285710][T10244] usb 2-1: device descriptor read/8, error -71
[  494.302681][ T3649] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  494.376661][ T3649] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  494.410966][T10244] usb usb2-port1: unable to enumerate USB device
[  494.483488][T10706] loop1: detected capacity change from 0 to 1024
[  494.614516][T10706] EXT4-fs (loop1): Ignoring removed orlov option
[  494.624532][T10706] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  494.728157][T10706] EXT4-fs (loop1): mounted filesystem without journal. Opts: discard,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  495.730143][T10708] loop2: detected capacity change from 0 to 32768
[  496.027241][T10708] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.1505 (10708)
[  496.164554][T10708] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  496.217741][T10708] BTRFS info (device loop2): setting nodatacow, compression disabled
[  496.263073][T10737] loop1: detected capacity change from 0 to 1764
[  496.269467][T10708] BTRFS info (device loop2): use zlib compression, level 3
[  496.298735][T10708] BTRFS info (device loop2): setting nodatasum
[  496.333895][T10708] BTRFS info (device loop2): turning on flush-on-commit
[  496.352280][T10708] BTRFS info (device loop2): max_inline at 8
[  496.393395][T10708] BTRFS info (device loop2): using free space tree
[  496.399920][T10708] BTRFS info (device loop2): has skinny extents
[  496.631190][ T3666] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  496.804216][T10730] chnl_net:caif_netlink_parms(): no params data found
[  496.817630][T10708] BTRFS info (device loop2): enabling ssd optimizations
[  497.473349][ T5895] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  497.585722][T10782] loop1: detected capacity change from 0 to 2048
[  497.673913][ T3649] device hsr_slave_0 left promiscuous mode
[  497.696352][T10782] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  497.728442][ T3649] device hsr_slave_1 left promiscuous mode
[  497.753628][T10782] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  497.779055][ T3649] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  497.810999][ T3649] batman_adv: batadv0: Removing interface: batadv_slave_0
[  497.931269][ T1187] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  498.665641][ T1203] Bluetooth: hci3: command 0x0409 tx timeout
[  498.701773][ T3649] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  498.709200][ T3649] batman_adv: batadv0: Removing interface: batadv_slave_1
[  498.728534][ T1203] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  498.761666][T10795] fuse: Unknown parameter 'user_id00000000000000000000'
[  498.812924][ T3649] device bridge_slave_1 left promiscuous mode
[  498.819177][ T3649] bridge0: port 2(bridge_slave_1) entered disabled state
[  498.836950][ T3649] device bridge_slave_0 left promiscuous mode
[  498.845804][ T3649] bridge0: port 1(bridge_slave_0) entered disabled state
[  498.881713][ T3649] device veth1_macvtap left promiscuous mode
[  499.010411][ T3649] device veth0_macvtap left promiscuous mode
[  499.020553][ T3649] device veth1_vlan left promiscuous mode
[  499.054353][ T3649] device veth0_vlan left promiscuous mode
[  499.810479][T10803] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1518'.
[  500.133899][ T3649] team0 (unregistering): Port device team_slave_1 removed
[  500.163545][ T3649] team0 (unregistering): Port device team_slave_0 removed
[  500.190310][ T3649] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  500.216684][ T3649] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  500.347357][ T3649] bond0 (unregistering): Released all slaves
[  500.376968][   T26] audit: type=1326 audit(1722543081.130:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000
[  500.400238][   T26] audit: type=1326 audit(1722543081.130:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000
[  500.423993][   T26] audit: type=1326 audit(1722543081.130:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000
[  500.492801][T10809] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  500.560232][   T26] audit: type=1326 audit(1722543081.150:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000
[  500.584078][   T26] audit: type=1326 audit(1722543081.150:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000
[  500.621195][   T26] audit: type=1326 audit(1722543081.150:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000
[  500.664521][   T26] audit: type=1326 audit(1722543081.150:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000
[  500.735059][   T26] audit: type=1326 audit(1722543081.150:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000
[  500.768761][ T1203] Bluetooth: hci3: command 0x041b tx timeout
[  500.977372][   T26] audit: type=1326 audit(1722543081.150:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000
[  501.016270][T10730] bridge0: port 1(bridge_slave_0) entered blocking state
[  501.031699][T10730] bridge0: port 1(bridge_slave_0) entered disabled state
[  501.039798][T10730] device bridge_slave_0 entered promiscuous mode
[  501.057585][T10730] bridge0: port 2(bridge_slave_1) entered blocking state
[  501.076502][T10730] bridge0: port 2(bridge_slave_1) entered disabled state
[  501.084704][T10730] device bridge_slave_1 entered promiscuous mode
[  501.102350][ T1390] ieee802154 phy0 wpan0: encryption failed: -22
[  501.108811][ T1390] ieee802154 phy1 wpan1: encryption failed: -22
[  501.157037][T10730] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  501.178791][T10730] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  501.318937][T10730] team0: Port device team_slave_0 added
[  501.352996][T10730] team0: Port device team_slave_1 added
[  501.412035][T10730] batman_adv: batadv0: Adding interface: batadv_slave_0
[  501.432621][T10730] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  501.499339][T10730] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  501.545297][T10730] batman_adv: batadv0: Adding interface: batadv_slave_1
[  501.584840][T10730] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  501.635124][T10730] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  501.796763][T10844] loop3: detected capacity change from 0 to 2048
[  501.886743][T10730] device hsr_slave_0 entered promiscuous mode
[  501.906593][T10730] device hsr_slave_1 entered promiscuous mode
[  501.906771][T10849] fuse: Unknown parameter 'user_id00000000000000000000'
[  501.928801][T10844] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  501.959579][T10730] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  501.975059][T10730] Cannot create hsr debugfs directory
[  501.981077][T10844] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  502.485302][ T9093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  502.964967][   T13] Bluetooth: hci3: command 0x040f tx timeout
[  503.671675][ T9093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  504.098686][T10730] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  504.132632][T10730] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  504.165691][T10730] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  504.202255][T10730] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  504.447732][T10730] 8021q: adding VLAN 0 to HW filter on device bond0
[  504.515113][ T3580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  504.541536][ T3580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  504.567590][T10730] 8021q: adding VLAN 0 to HW filter on device team0
[  504.610641][ T3580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  504.629980][ T3580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  504.670289][ T3580] bridge0: port 1(bridge_slave_0) entered blocking state
[  504.677386][ T3580] bridge0: port 1(bridge_slave_0) entered forwarding state
[  504.758759][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  504.771288][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  504.808941][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  504.845207][T10244] bridge0: port 2(bridge_slave_1) entered blocking state
[  504.852333][T10244] bridge0: port 2(bridge_slave_1) entered forwarding state
[  504.897708][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  504.948153][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  505.015663][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  505.030896][ T1203] Bluetooth: hci3: command 0x0419 tx timeout
[  505.039743][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  505.085261][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  505.128946][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  505.306640][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  505.315484][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  505.324309][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  505.332789][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  505.343383][T10730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  505.388088][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  505.762270][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  505.769825][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  505.799499][T10922] FAULT_INJECTION: forcing a failure.
[  505.799499][T10922] name failslab, interval 1, probability 0, space 0, times 0
[  505.813376][T10730] 8021q: adding VLAN 0 to HW filter on device batadv0
[  505.877451][T10922] CPU: 1 PID: 10922 Comm: syz.3.1536 Not tainted 5.15.164-syzkaller #0
[  505.885728][T10922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  505.895800][T10922] Call Trace:
[  505.899076][T10922]  <TASK>
[  505.902007][T10922]  dump_stack_lvl+0x1e3/0x2d0
[  505.906698][T10922]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  505.912340][T10922]  ? panic+0x860/0x860
[  505.916421][T10922]  ? __might_sleep+0xc0/0xc0
[  505.921028][T10922]  should_fail+0x38a/0x4c0
[  505.925462][T10922]  should_failslab+0x5/0x20
[  505.929977][T10922]  slab_pre_alloc_hook+0x53/0xc0
[  505.934939][T10922]  __kmalloc+0x6e/0x300
[  505.939111][T10922]  ? tomoyo_realpath_from_path+0xd8/0x5e0
[  505.944846][T10922]  tomoyo_realpath_from_path+0xd8/0x5e0
[  505.950421][T10922]  tomoyo_path_number_perm+0x225/0x810
[  505.955897][T10922]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  505.961373][T10922]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  505.967394][T10922]  ? d_alloc_parallel+0x125d/0x1390
[  505.972601][T10922]  tomoyo_path_mknod+0x172/0x1b0
[  505.977540][T10922]  ? tomoyo_path_symlink+0x110/0x110
[  505.982825][T10922]  ? d_hash_and_lookup+0x1b0/0x1b0
[  505.987938][T10922]  security_path_mknod+0xf1/0x150
[  505.991213][T10928] loop1: detected capacity change from 0 to 1024
[  505.992964][T10922]  path_openat+0xc78/0x2f20
[  506.004215][T10922]  ? do_filp_open+0x460/0x460
[  506.008933][T10922]  do_filp_open+0x21c/0x460
[  506.013457][T10922]  ? vfs_tmpfile+0x2e0/0x2e0
[  506.018074][T10922]  ? _raw_spin_unlock+0x24/0x40
[  506.022928][T10922]  ? alloc_fd+0x598/0x630
[  506.027270][T10922]  do_sys_openat2+0x13b/0x4f0
[  506.030910][T10919] loop2: detected capacity change from 0 to 8192
[  506.031946][T10922]  ? do_sys_open+0x220/0x220
[  506.042822][T10922]  __x64_sys_openat+0x243/0x290
[  506.047674][T10922]  ? __ia32_sys_open+0x270/0x270
[  506.052610][T10922]  ? syscall_enter_from_user_mode+0x2e/0x240
[  506.058583][T10922]  ? lockdep_hardirqs_on+0x94/0x130
[  506.063773][T10922]  ? syscall_enter_from_user_mode+0x2e/0x240
[  506.069742][T10922]  do_syscall_64+0x3b/0xb0
[  506.074146][T10922]  ? clear_bhb_loop+0x15/0x70
[  506.078812][T10922]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  506.084696][T10922] RIP: 0033:0x7f556460e3b9
[  506.089106][T10922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  506.108700][T10922] RSP: 002b:00007f5562a8d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  506.117105][T10922] RAX: ffffffffffffffda RBX: 00007f556479cf80 RCX: 00007f556460e3b9
[  506.125077][T10922] RDX: 000000000000275a RSI: 0000000020000280 RDI: ffffffffffffff9c
[  506.133047][T10922] RBP: 00007f5562a8d0a0 R08: 0000000000000000 R09: 0000000000000000
[  506.141006][T10922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  506.148964][T10922] R13: 000000000000000b R14: 00007f556479cf80 R15: 00007fff532e9bb8
[  506.156940][T10922]  </TASK>
[  506.253146][T10928] EXT4-fs (loop1): Ignoring removed orlov option
[  506.269724][T10928] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  506.311451][T10919] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[  506.345478][T10919] REISERFS (device loop2): using ordered data mode
[  506.352302][T10922] ERROR: Out of memory at tomoyo_realpath_from_path.
[  506.419796][T10919] reiserfs: using flush barriers
[  506.471610][T10919] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  506.541791][T10938] fuse: Unknown parameter 'user_id00000000000000000000'
[  507.021497][T10919] REISERFS (device loop2): checking transaction log (loop2)
[  507.270894][ T1203] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  507.311578][T10928] EXT4-fs (loop1): mounted filesystem without journal. Opts: discard,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  507.384371][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  507.486501][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  507.573751][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  507.594076][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  507.602369][T10919] REISERFS (device loop2): Using tea hash to sort names
[  507.619776][T10919] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  507.635267][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  507.653251][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  507.827274][T10730] device veth0_vlan entered promiscuous mode
[  507.854156][T10730] device veth1_vlan entered promiscuous mode
[  507.878191][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  507.899946][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  507.911529][ T9093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  507.926747][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  507.955440][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  507.971392][T10969] ufs: You didn't specify the type of your ufs filesystem
[  507.971392][T10969] 
[  507.971392][T10969] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  507.971392][T10969] 
[  507.971392][T10969] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  508.028176][T10730] device veth0_macvtap entered promiscuous mode
[  508.066509][T10730] device veth1_macvtap entered promiscuous mode
[  508.165291][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  508.217154][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  508.258049][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  508.282810][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  508.307367][T10969] ufs: ufstype=old is supported read-only
[  508.310498][ T1203] Bluetooth: hci4: command 0x0406 tx timeout
[  508.323101][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  508.340967][T10969] ufs: ufs_fill_super(): bad magic number
[  508.351147][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  508.390823][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  508.420785][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  508.440825][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  508.472570][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  508.492027][T10730] batman_adv: batadv0: Interface activated: batadv_slave_0
[  508.521704][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  508.529758][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  508.593394][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  508.611539][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  508.632339][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  508.670781][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  508.680589][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  508.740728][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  508.750547][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  508.812317][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  508.852190][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  508.870765][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  508.892736][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  508.919776][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  508.957459][T10730] batman_adv: batadv0: Interface activated: batadv_slave_1
[  509.010187][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  509.024255][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  509.062245][T10730] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  509.081674][T10730] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  509.099097][T10730] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  509.131136][T10730] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  509.147183][T10992] loop2: detected capacity change from 0 to 4096
[  509.219458][T10992] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  509.293718][ T3649] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  509.340967][ T3649] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  509.430793][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  509.442008][ T3666] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  509.453738][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  509.695626][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  509.939320][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  510.283882][T11007] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1509'.
[  510.780238][T11025] FAULT_INJECTION: forcing a failure.
[  510.780238][T11025] name failslab, interval 1, probability 0, space 0, times 0
[  510.830872][T11025] CPU: 1 PID: 11025 Comm: syz.3.1547 Not tainted 5.15.164-syzkaller #0
[  510.839139][T11025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  510.849203][T11025] Call Trace:
[  510.852497][T11025]  <TASK>
[  510.855443][T11025]  dump_stack_lvl+0x1e3/0x2d0
[  510.860144][T11025]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  510.865805][T11025]  ? panic+0x860/0x860
[  510.869895][T11025]  ? __might_sleep+0xc0/0xc0
[  510.874499][T11025]  ? netlink_insert+0xcac/0x1280
[  510.879454][T11025]  should_fail+0x38a/0x4c0
[  510.883906][T11025]  should_failslab+0x5/0x20
[  510.888413][T11025]  slab_pre_alloc_hook+0x53/0xc0
[  510.893364][T11025]  kmem_cache_alloc_node+0x49/0x2c0
[  510.898569][T11025]  ? __alloc_skb+0xdd/0x590
[  510.903085][T11025]  __alloc_skb+0xdd/0x590
[  510.907436][T11025]  netlink_sendmsg+0x6f8/0xd60
[  510.912223][T11025]  ? netlink_getsockopt+0x5b0/0x5b0
[  510.917429][T11025]  ? aa_sock_msg_perm+0x91/0x150
[  510.922417][T11025]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  510.927708][T11025]  ? security_socket_sendmsg+0x7d/0xa0
[  510.933267][T11025]  ? netlink_getsockopt+0x5b0/0x5b0
[  510.938485][T11025]  sock_write_iter+0x39b/0x530
[  510.943258][T11025]  ? sock_read_iter+0x480/0x480
[  510.948117][T11025]  ? common_file_perm+0x17d/0x1d0
[  510.953149][T11025]  ? iov_iter_init+0x4a/0x170
[  510.957836][T11025]  vfs_write+0xacd/0xe50
[  510.962089][T11025]  ? file_end_write+0x250/0x250
[  510.966946][T11025]  ? __fget_files+0x413/0x480
[  510.971631][T11025]  ? __fdget_pos+0x1e9/0x380
[  510.976220][T11025]  ? ksys_write+0x77/0x2c0
[  510.980641][T11025]  ksys_write+0x1a2/0x2c0
[  510.984976][T11025]  ? print_irqtrace_events+0x210/0x210
[  510.990447][T11025]  ? __ia32_sys_read+0x80/0x80
[  510.995222][T11025]  ? syscall_enter_from_user_mode+0x2e/0x240
[  511.001211][T11025]  ? lockdep_hardirqs_on+0x94/0x130
[  511.006412][T11025]  ? syscall_enter_from_user_mode+0x2e/0x240
[  511.012395][T11025]  do_syscall_64+0x3b/0xb0
[  511.016808][T11025]  ? clear_bhb_loop+0x15/0x70
[  511.021490][T11025]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  511.027396][T11025] RIP: 0033:0x7f556460e3b9
[  511.031810][T11025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  511.051412][T11025] RSP: 002b:00007f5562a8d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  511.059832][T11025] RAX: ffffffffffffffda RBX: 00007f556479cf80 RCX: 00007f556460e3b9
[  511.067805][T11025] RDX: 0000000000000140 RSI: 00000000200000c0 RDI: 0000000000000004
[  511.075779][T11025] RBP: 00007f5562a8d0a0 R08: 0000000000000000 R09: 0000000000000000
[  511.083751][T11025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  511.091724][T11025] R13: 000000000000000b R14: 00007f556479cf80 R15: 00007fff532e9bb8
[  511.099722][T11025]  </TASK>
[  511.167147][T11032] loop4: detected capacity change from 0 to 1764
[  511.362017][T11040] fuse: Bad value for 'fd'
[  511.362653][   T27] INFO: task syz.0.1009:8382 blocked for more than 143 seconds.
[  511.383297][   T27]       Not tainted 5.15.164-syzkaller #0
[  511.389241][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  511.403111][   T27] task:syz.0.1009      state:D stack:22424 pid: 8382 ppid:  6639 flags:0x00004004
[  511.420839][   T27] Call Trace:
[  511.432425][   T27]  <TASK>
[  511.435679][   T27]  __schedule+0x12c4/0x45b0
[  511.440224][   T27]  ? release_firmware_map_entry+0x190/0x190
[  511.464935][   T27]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  511.471145][   T27]  ? print_irqtrace_events+0x210/0x210
[  511.476620][   T27]  ? _raw_spin_lock_irq+0xdb/0x110
[  511.481920][   T27]  schedule+0x11b/0x1f0
[  511.486137][   T27]  io_schedule+0x88/0x100
[  511.490475][   T27]  wait_on_page_bit_common+0xa13/0x1180
[  511.496242][   T27]  ? wait_on_page_bit+0x50/0x50
[  511.501302][   T27]  ? rcu_lock_release+0x20/0x20
[  511.506413][   T27]  ? jfs_error+0x2b3/0x2e0
[  511.511199][   T27]  ? workingset_activation+0x601/0x750
[  511.516806][   T27]  ? __get_metapage+0xa88/0x1070
[  511.523155][   T27]  release_metapage+0x120/0xe00
[  511.528154][   T27]  __get_metapage+0xc07/0x1070
[  511.533258][   T27]  dtSplitPage+0x8e3/0x3ec0
[  511.537811][   T27]  ? up_write+0x19d/0x580
[  511.542930][   T27]  ? clear_nonspinnable+0x60/0x60
[  511.547981][   T27]  ? __up_read+0x690/0x690
[  511.552895][   T27]  ? dtSplitRoot+0x1920/0x1920
[  511.557689][   T27]  ? dbNextAG+0x630/0x630
[  511.562419][   T27]  ? dtInsert+0x881/0x6b00
[  511.573488][   T27]  dtInsert+0x14fc/0x6b00
[  511.577967][   T27]  ? kfree+0xf1/0x270
[  511.586014][   T27]  ? mark_lock+0x98/0x340
[  511.590547][   T27]  ? UniStrupr+0x2c0/0x2c0
[  511.599079][   T27]  ? read_lock_is_recursive+0x10/0x10
[  511.608470][   T27]  ? txLock+0x235/0x1b30
[  511.616660][   T27]  ? do_raw_spin_lock+0x14a/0x370
[  511.625676][   T27]  ? txLock+0xf29/0x1b30
[  511.630101][   T27]  jfs_create+0x7b2/0xbb0
[  511.639390][   T27]  ? jfs_lookup+0x400/0x400
[  511.648159][   T27]  ? jfs_get_parent+0xa0/0xa0
[  511.666383][   T27]  ? make_kgid+0x6f0/0x6f0
[  511.680756][   T27]  ? generic_permission+0x21c/0x4f0
[  511.686106][   T27]  ? inode_permission+0xf7/0x450
[  511.700722][   T27]  ? bpf_lsm_inode_create+0x5/0x10
[  511.705855][   T27]  ? security_inode_create+0xb4/0x100
[  511.720738][   T27]  ? jfs_lookup+0x400/0x400
[  511.725263][   T27]  path_openat+0x130a/0x2f20
[  511.729899][   T27]  ? do_filp_open+0x460/0x460
[  511.751843][   T27]  do_filp_open+0x21c/0x460
[  511.756484][   T27]  ? vfs_tmpfile+0x2e0/0x2e0
[  511.761397][   T27]  ? _raw_spin_unlock+0x24/0x40
[  511.766258][   T27]  ? alloc_fd+0x598/0x630
[  511.770602][   T27]  do_sys_openat2+0x13b/0x4f0
[  511.790787][   T27]  ? do_sys_open+0x220/0x220
[  511.800959][   T27]  __x64_sys_openat+0x243/0x290
[  511.805829][   T27]  ? __ia32_sys_open+0x270/0x270
[  511.820773][   T27]  ? syscall_enter_from_user_mode+0x2e/0x240
[  511.826769][   T27]  ? lockdep_hardirqs_on+0x94/0x130
[  511.843751][   T27]  ? syscall_enter_from_user_mode+0x2e/0x240
[  511.849916][   T27]  do_syscall_64+0x3b/0xb0
[  511.860789][   T27]  ? clear_bhb_loop+0x15/0x70
[  511.865679][   T27]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  511.875900][   T27] RIP: 0033:0x7f198c5993b9
[  511.880572][   T27] RSP: 002b:00007f198aa18048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  511.889640][   T27] RAX: ffffffffffffffda RBX: 00007f198c727f80 RCX: 00007f198c5993b9
[  511.912640][   T27] RDX: 000000000000275a RSI: 0000000020000100 RDI: ffffffffffffff9c
[  511.935704][   T27] RBP: 00007f198c6068e6 R08: 0000000000000000 R09: 0000000000000000
[  511.944164][   T27] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  511.953056][   T27] R13: 000000000000000b R14: 00007f198c727f80 R15: 00007ffdc73d3518
[  511.961609][   T27]  </TASK>
[  511.966797][   T27] 
[  511.966797][   T27] Showing all locks held in the system:
[  511.976229][   T27] 1 lock held by khungtaskd/27:
[  511.983288][   T27]  #0: ffffffff8c91fb20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
[  511.996029][   T27] 4 locks held by kworker/u4:3/155:
[  512.001575][   T27]  #0: ffff88814074c138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  512.012595][   T27]  #1: ffffc90001ee7d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  512.031946][   T27]  #2: ffff888076a520e0 (&type->s_umount_key#109){++++}-{3:3}, at: trylock_super+0x1b/0xf0
[  512.050797][   T27]  #3: ffff8880580e3008 (&jfs_ip->commit_mutex){+.+.}-{3:3}, at: jfs_commit_inode+0x242/0x580
[  512.073758][   T27] 3 locks held by kworker/0:2/1203:
[  512.085905][   T27] 1 lock held by udevd/3027:
[  512.103804][   T27]  #0: ffff8880b9a3a358 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140
[  512.135993][   T27] 2 locks held by getty/3325:
[  512.146666][   T27]  #0: ffff88814a8fd098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70
[  512.211404][   T27]  #1: ffffc9000209b2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0
[  512.233126][   T27] 3 locks held by kworker/1:4/3580:
[  512.254194][   T27]  #0: ffff888011c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  512.285566][   T27]  #1: ffffc90002ec7d20 (binder_deferred_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  512.320978][   T27]  #2: ffffffff8c9240e8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x350/0x740
[  512.332223][   T27] 4 locks held by syz.0.1009/8382:
[  512.337407][   T27]  #0: ffff888076a52460 (sb_writers#28){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80
[  512.349022][   T27]  #1: ffff8880580e33c0 (&type->i_mutex_dir_key#21){++++}-{3:3}, at: path_openat+0x824/0x2f20
[  512.360779][   T27]  #2: ffff8880580e3008 (&jfs_ip->commit_mutex){+.+.}-{3:3}, at: jfs_create+0x22d/0xbb0
[  512.371970][   T27]  #3: ffff8880580e5508 (&jfs_ip->commit_mutex/1){+.+.}-{3:3}, at: jfs_create+0x248/0xbb0
[  512.382644][   T27] 2 locks held by kworker/1:20/10244:
[  512.389597][   T27]  #0: ffff888011c72138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  512.544204][   T27]  #1: ffffc90003ae7d20 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  512.562208][   T27] 2 locks held by syz-executor/10730:
[  512.568624][   T27]  #0: ffff88801bca5118 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xfb/0x790
[  512.584033][   T27]  #1: ffff88814725b468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xa9/0xbe0
[  512.594550][   T27] 2 locks held by syz.2.1546/11019:
[  512.600211][   T27]  #0: ffff8880580c5010 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x98/0x230
[  512.610524][   T27]  #1: ffffffff8c9240e8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x280/0x740
[  512.621885][   T27] 
[  512.624439][   T27] =============================================
[  512.624439][   T27] 
[  513.119832][   T27] NMI backtrace for cpu 1
[  513.124187][   T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.164-syzkaller #0
[  513.132266][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  513.142327][   T27] Call Trace:
[  513.145623][   T27]  <TASK>
[  513.148550][   T27]  dump_stack_lvl+0x1e3/0x2d0
[  513.153228][   T27]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  513.158857][   T27]  ? panic+0x860/0x860
[  513.162927][   T27]  ? nmi_cpu_backtrace+0x23b/0x4a0
[  513.168044][   T27]  nmi_cpu_backtrace+0x46a/0x4a0
[  513.172984][   T27]  ? __wake_up_klogd+0xd5/0x100
[  513.177836][   T27]  ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0
[  513.183985][   T27]  ? _printk+0xd1/0x120
[  513.188137][   T27]  ? panic+0x860/0x860
[  513.192208][   T27]  ? __wake_up_klogd+0xcc/0x100
[  513.197055][   T27]  ? panic+0x860/0x860
[  513.201123][   T27]  ? __rcu_read_unlock+0x92/0x100
[  513.206145][   T27]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  513.212209][   T27]  nmi_trigger_cpumask_backtrace+0x181/0x2a0
[  513.218190][   T27]  watchdog+0xe72/0xeb0
[  513.222353][   T27]  kthread+0x3f6/0x4f0
[  513.226426][   T27]  ? hungtask_pm_notify+0x50/0x50
[  513.231464][   T27]  ? kthread_blkcg+0xd0/0xd0
[  513.236064][   T27]  ret_from_fork+0x1f/0x30
[  513.240498][   T27]  </TASK>
[  513.244148][   T27] Sending NMI from CPU 1 to CPUs 0:
[  513.250125][    C0] NMI backtrace for cpu 0
[  513.250135][    C0] CPU: 0 PID: 144 Comm: kworker/u4:1 Not tainted 5.15.164-syzkaller #0
[  513.250150][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  513.250159][    C0] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
[  513.250182][    C0] RIP: 0010:__lock_acquire+0x553/0x1ff0
[  513.250197][    C0] Code: 41 8b 1f 81 e3 ff 1f 00 00 89 d8 c1 e8 06 48 8d 3c c5 c0 00 c7 8f be 08 00 00 00 e8 17 7f 67 00 48 0f a3 1d ff 48 64 0e 73 1f <48> 8d 04 5b 48 c1 e0 06 48 8d 98 c0 5f 96 8f 48 ba 00 00 00 00 00
[  513.250210][    C0] RSP: 0018:ffffc900010df800 EFLAGS: 00000057
[  513.250221][    C0] RAX: 0000000000000001 RBX: 0000000000000015 RCX: ffffffff8162b7b9
[  513.250232][    C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8fc700c0
[  513.250241][    C0] RBP: 000000000000000f R08: dffffc0000000000 R09: fffffbfff1f8e019
[  513.250252][    C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000003
[  513.250261][    C0] R13: ffff8880135a28a8 R14: 0000000000000002 R15: ffff8880135a2948
[  513.250272][    C0] FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[  513.250285][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  513.250295][    C0] CR2: fffffffffffffffd CR3: 000000006256d000 CR4: 00000000003506f0
[  513.250308][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  513.250317][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  513.250325][    C0] Call Trace:
[  513.250330][    C0]  <NMI>
[  513.250335][    C0]  ? nmi_cpu_backtrace+0x39f/0x4a0
[  513.250351][    C0]  ? read_lock_is_recursive+0x10/0x10
[  513.250366][    C0]  ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0
[  513.250388][    C0]  ? nmi_cpu_backtrace_handler+0x8/0x10
[  513.250403][    C0]  ? nmi_handle+0xf7/0x370
[  513.250419][    C0]  ? __lock_acquire+0x553/0x1ff0
[  513.250432][    C0]  ? default_do_nmi+0x62/0x150
[  513.250447][    C0]  ? exc_nmi+0xa8/0x100
[  513.250460][    C0]  ? end_repeat_nmi+0x16/0x31
[  513.250479][    C0]  ? __lock_acquire+0x549/0x1ff0
[  513.250492][    C0]  ? __lock_acquire+0x553/0x1ff0
[  513.250506][    C0]  ? __lock_acquire+0x553/0x1ff0
[  513.250519][    C0]  ? __lock_acquire+0x553/0x1ff0
[  513.250538][    C0]  </NMI>
[  513.250542][    C0]  <TASK>
[  513.250553][    C0]  lock_acquire+0x1db/0x4f0
[  513.250566][    C0]  ? rcu_lock_acquire+0x5/0x30
[  513.250583][    C0]  ? read_lock_is_recursive+0x10/0x10
[  513.250596][    C0]  ? _local_bh_enable+0xa0/0xa0
[  513.250610][    C0]  ? rcu_lock_release+0x5/0x20
[  513.250624][    C0]  ? __lock_acquire+0x1ff0/0x1ff0
[  513.250640][    C0]  ? batadv_tvlv_container_ogm_append+0x456/0x4c0
[  513.250659][    C0]  rcu_lock_acquire+0x2a/0x30
[  513.250673][    C0]  ? rcu_lock_acquire+0x5/0x30
[  513.250689][    C0]  batadv_iv_ogm_schedule+0x429/0x1000
[  513.250709][    C0]  ? skb_push+0x93/0x100
[  513.250727][    C0]  ? batadv_iv_send_outstanding_bat_ogm_packet+0x800/0x800
[  513.250745][    C0]  ? batadv_send_skb_packet+0x3bc/0x5f0
[  513.250765][    C0]  batadv_iv_send_outstanding_bat_ogm_packet+0x6fa/0x800
[  513.250788][    C0]  process_one_work+0x8a1/0x10c0
[  513.250810][    C0]  ? worker_detach_from_pool+0x260/0x260
[  513.250827][    C0]  ? _raw_spin_lock_irqsave+0x120/0x120
[  513.250842][    C0]  ? kthread_data+0x4e/0xc0
[  513.250856][    C0]  ? wq_worker_running+0x97/0x170
[  513.250871][    C0]  worker_thread+0xaca/0x1280
[  513.250895][    C0]  kthread+0x3f6/0x4f0
[  513.250908][    C0]  ? rcu_lock_release+0x20/0x20
[  513.250922][    C0]  ? kthread_blkcg+0xd0/0xd0
[  513.250936][    C0]  ret_from_fork+0x1f/0x30
[  513.250956][    C0]  </TASK>
[  513.595300][ T9093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  513.631573][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[  513.638430][   T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.164-syzkaller #0
[  513.646405][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  513.656458][   T27] Call Trace:
[  513.659730][   T27]  <TASK>
[  513.662654][   T27]  dump_stack_lvl+0x1e3/0x2d0
[  513.667334][   T27]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  513.673066][   T27]  ? panic+0x860/0x860
[  513.677160][   T27]  panic+0x318/0x860
[  513.681052][   T27]  ? schedule_preempt_disabled+0x20/0x20
[  513.686681][   T27]  ? nmi_trigger_cpumask_backtrace+0x221/0x2a0
[  513.692831][   T27]  ? fb_is_primary_device+0xd0/0xd0
[  513.698027][   T27]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  513.699352][ T1203] Bluetooth: hci5: command 0x0406 tx timeout
[  513.704097][   T27]  ? nmi_trigger_cpumask_backtrace+0x221/0x2a0
[  513.704122][   T27]  ? nmi_trigger_cpumask_backtrace+0x281/0x2a0
[  513.722336][   T27]  ? nmi_trigger_cpumask_backtrace+0x286/0x2a0
[  513.728499][   T27]  watchdog+0xeb0/0xeb0
[  513.732670][   T27]  kthread+0x3f6/0x4f0
[  513.736742][   T27]  ? hungtask_pm_notify+0x50/0x50
[  513.741776][   T27]  ? kthread_blkcg+0xd0/0xd0
[  513.746371][   T27]  ret_from_fork+0x1f/0x30
[  513.750805][   T27]  </TASK>
[  513.754081][   T27] Kernel Offset: disabled
[  513.758404][   T27] Rebooting in 86400 seconds..