last executing test programs:

3m56.792829155s ago: executing program 1 (id=456):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000001c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, "9eebf9", 0x14, 0x6, 0xff, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0xfffd, 0x0, 0xffd}}}}}}}, 0x0)

3m56.558493122s ago: executing program 1 (id=461):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x8, 0x7}, {}, {0xa}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x5}, @TCA_BPF_OPS={{0x6}, {0x4}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)

3m56.395327437s ago: executing program 1 (id=463):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x81000004, 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x1}]}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x100000b3, 0x4)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
bind$inet6(r0, &(0x7f0000000200)={0xa, 0x4e20, 0x1, @ipv4={'\x00', '\xff\xff', @empty}, 0x8}, 0x1c)

3m56.29544712s ago: executing program 1 (id=465):
mkdir(&(0x7f0000001a80)='./file0\x00', 0x1cb)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000200)='.\x00', 0x0, 0x8b7840, 0x0)
mkdir(&(0x7f0000000140)='./file0/../file0\x00', 0x190)
mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x2042, 0x0)

3m56.222973313s ago: executing program 1 (id=466):
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4ea3, 0x0, @loopback, 0x3}, 0x1c)
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
write$binfmt_script(r1, &(0x7f0000000080)={'#! ', './file1', [{}]}, 0x2)
write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0x1cb)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

3m56.049527278s ago: executing program 1 (id=467):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000480)={0x3, 0x0, 0x0, 'queue0\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000040)={0x0, 0x0, {0x3, 0x0, 0x4, 0x0, 0x7}, 0x76e0})
close(0x3)

3m55.618311392s ago: executing program 32 (id=467):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000480)={0x3, 0x0, 0x0, 'queue0\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000040)={0x0, 0x0, {0x3, 0x0, 0x4, 0x0, 0x7}, 0x76e0})
close(0x3)

3m10.268834065s ago: executing program 4 (id=827):
syz_mount_image$exfat(&(0x7f0000000100), &(0x7f00000000c0)='./file0\x00', 0x10000, &(0x7f0000000040)=ANY=[], 0x2, 0x1518, &(0x7f0000000280)="$eJzs3Au4TtXWOPAx5pxLm8Sb5D7HHIs3uUySJJeERJIkR5J7QpIkSUhscktCEnJPcg/JLST3+y33JDmSJAkJSeb/0anPOadzTuf8z/k+3/Pt8Xue9ew59nrHeMfa4332u9baz36/7jCoct0qFWszM/xb8E9fUgEgBQD6AkBmAIgAoESWElkAh0J6jan/3pOI/6wHp17pDsSVJPNP22T+aZvMP22T+adtMv+0Teaftsn80zaZvxBp2dZpOa+VLe1u/8r9/wz/aOfv3v8Huf//v468//8fcrjI6M/XF7m+47+QIvNP22T+aZvMP22T+adtMv+0Teb/f1wEUOEf7Jb5p20yfyHSsit9/1m2K7td6defEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQoi04Vy4zADAr+sr3ZcQQgghhBBCCCH+c8JVfx6lu3KNCCGEEEIIIYQQ4r8RggINBiJIB1dBCqSHDHA1ZIRrIBNkhgRcC1ngOsgK10M2yA45ICfkgtyQBywQOGCIIS/kgyTcAPnhRigABaEQFAYPRaAo3ATF4GYoDrdACbgVSsJtUApKQxkoC7dDObgDykMFqAh3QiW4CypDFbgbqsI9UA3uhepwH9SA+6EmPAC14A9QGx6EOvAQ1IWHoR7UhwbQEBpBY2jy/5X/PHSBF6ArdINU6A494EXoCb2gN/SBvvAS9IOXoT+8AgNgIAyCV2EwvAZD4HUYCsNgOLwBI2AkjILRMAbGwjh4E8bDWzAB3oaJMAkmwxSYCtNgOrwDM2AmzIJ3YTa8B3NgLsyD+bAA3oeFsAgWwwewBD6EpbAMlsMKWAmrYDWsgbWwDtbDBtgIm2AzbIGt8BFsg+2wA3bCLtgNe+Bj2AufwD74FPbDZ3+dn/kf55/9q/yOCAioUKFBg+kwHaZgCmbADJgRM2ImzIQJTGAWzIJZMStmw2yYA3NgLsyFeTAPEhIyMubFvJjEJObH/FgAC2AhLIQePRbFolgMb8biWBxLYAksiSWxFJbG0lgWy2I5LIflsTxWxIpYCSthZayMd+PdeA9Ww2pYHatjDayBNbEm1sJaWBtrYx2sg3WxLtbDetgAG2AjbIRNsAk2xabYDJthC2yBLbEltsJW2BpbYxtsg20RsR22w/bYHjtgB+yInbATPo/P4wv4AnbDSqo79sAe2BN7Ym/sg33wJeyHL+PL+AoOwIE4CF/FV/E1HIJncCgOw+E4HMupkTgKRyOrsTgOx+F4HI8TcAJOxEk4CafgVJyG03E6zsCZOBPfxdn4Hr6Hc3EuzscFuAAX4iJcjItxCZ7FpbgMl+MKXImrcCWuwbW4BtfjBlyPm3ATbsEt+BF+hNtxO+7Enbgbd+PH+DF+gp/gANyP+/EAHsCDeBAP4SE8jIfxCB7Bo3gUj+ExPI7H8QSexFN4Ek/jaTyDZ/EcnsPzeB4v4LO5vqyzu+C6AaAuMcqodCqdSlEpKoPKoDKqjCqTyqQSKqGyqCwqq8qqsqlsKofKoXKpXCqPyqNIkWIVq7wqr0qqpMqv8qsCqoAqpAopr7wqqoqqYqqYKq6KqxLqVlVS3aZKqdKquS+ryqpyqoUvryqoiqqiqqTuUpVVFVVFVVVVVTVVTVVX1VUNVUPVVA+oWqo79sYH1aXJ1FUDsZ4ahA1UQ9VINVav4SOqqRqCzVRz1UI9pobhUGylmvrW6knVRo3CtuppNRqfUe3VWOygnlMdVSfVWT2vuqhmvuuvtzvVFOypeqneqo+agXepSxOrrF5RA9RANUi9qubja2qIel0NVcPUcPWGGqFGqlFqtBqjxqpx6k01Xr2lJqi31UQ1SU1WU9RUNU1NV++oGWqmmqXeVbPVe2qOmqvmqflqgXpfLVSL1GL1gVqiPlRL1TK1XK1QK9UqtVqtUWvVOrVebVAb1Sa1WW1RW9VHapvarnaonWqX2q32qI/VXvWJ2qc+VfvVZ+qA+qM6qD5Xh9QX6rD6Uh1RX6mj6mt1TH2jjqtv1Ql1Up1S36nT6vvEGXVWnVM/qPPqR3VB/aQuqqBAo1Zaa6MjnU5fpVN0ep1BX61BX6Mz6cw6oa/VWfR1Oqu+XmfT2XUOnVPn0rl1Hm01aadZxzqvzqeT+gadX9+oC+iCupAurL0uoovqm3QxfbMurm/RJfStuqS+TZfSpXUZXVbfrsvpO3R5XUFX1HfqSvouXVlX0XfrqvoeXU3fq6vr+3QNfb+uqR/QtfQfdG39oK6jH9J19cO6nq6vG+iGupFurJvoR3RT/ahuppvrFvox3VI/rlvpJ3Rr/aRuo5/SbfXTup1+RrfXz+oO+jndUXfSnfVP+qIOuqvuplN1d91Dv6h76l66t+6j++qXdD/9su6vX9ED9EA9SL+qB+vX9BD9uh6qh+nh+g09Qo/Uo/RoPUaP1eP0m3q8fktP0G/riXqSnqyn6Kl6mu79S6VZ/0T+W38jv//Pz75Fb9Uf6W16u96hd+pderfeo/fovXqv3qf36f16vz6gD+iD+qA+pA/pw/qwPqKP6KP6qD6mj+nj+rg+oU/qH/R3+rT+Xp/RZ/VZ/YM+r8/rC7/8DMCgUUYbYyKTzlxlUkx6k8FcbTKaa0wmk9kkzLUmi7nOZDXXm2wmu8lhcppcJrfJY6wh4wyb2OQ1+UzS3GDymxtNAVPQFDKFjTdFTFFz07+d/3v9NTFNTFPT1DQzzUwL08K0NC1NK9PKtDatTRvTxrQ1bU070860N+1NB9PBdDQdTWfT2XQxXUxX09WkmlTTw7xoeppeprfpY/qal0w/08/0N/3NADPADDKDzGAz2AwxQ8xQM9QMN8PNCDPCjDKjzBgzxowz48x4M95MMBPMRDPRTDaTzVQz1Uw3080MM8PMMrPMbDPbzDFzzDwzzywwC8xCs9AsNovNErPELDXLzDKzwqwwq8wqs8asMevMOrPBbDCbzCaz1Gw1W802s83sMDvMLrPL7DF7zF6z1+wz+8x+s98cMAfMQXPQHDKHzGFz2BwxR8xRc9QcM8fMcXPcnDAnzClzypw2p80Zc8acM+fMeXPeXDAXzEVz8dJpX6QiFZnIROmidFFKlBJliDJEGaOMUaYoU5SIElGWKEuUNbo+yhZlj3JEOaNcUe4oFWxEkYs4iqO8Ub4oGd0Q5Y9ujApEBaNCUeHIR0WiotFNUbHo5qh4dEtUIro1KhndFpWKSkdlorLR7VG56I6ofFQhqhjdGVWK7ooqR1Wiu6Oq0T1RtejeqHp0X1Qjuj+qGT0Q1Yr+ENWOHozqRA9FdaOHo3pR/ahB1DBqFDWOmvxH64dwJvujvqvtZlNtd9vDvmh72l62t+1j+9qXbD/7su1vX7ED7EA7yL5qB9vX7BD7uh1qh9nh9g07wo60o+xoO8aOtePsm3a8fctOsG/biXaSnWyn2Kl2mp1u37Ez7Ew7y75rZ9v37Bw7186z8+0C+75daBfZxfYDu8R+aJfaZXa5XWFX2lV2tV1j19p1dr3dYDfaTXaz3WK32o/sNrvd7rA77S672+6xH9u99hO7z35q99vP7AH7R3vQfm4P2S/sYfulPWK/skft1/aY/cYet9/aE/akPWW/s6ft9/aMPWvP2R/sefujvWB/shdtuHRyf+ntnQwZSkfpKIVSKANloIyUkTJRJkpQgrJQFspKWSkbZaMclINyUS7KQ3noEiamvJSXkpSk/JSfClABKkSFyJOnolSUilExKk7FqQSVoJJUkkpRKSpDZeh2up3uoDuoAlWgO+lOuovuoipUhapSVapG1ag6VacaVINqUk2qRbWoNtWmOlSH6lJdqkf1qAE1oEbUiJpQE2pKTakZNaMW1IJaUktqRa2oNbWmNtSG2lJbakftqD21pw7UgTpSR+pMnakLdaGu1JVSKZV6UA/qST2pN/WmvtSX+lE/6k/9aQANoEE0iAbTYBpCQ2goDaPh9AaNoJE0ikbTGBpL42gcjafxNIEm0ESaSJNpMk2lqTSdptMMmkGzaBbNptk0h+bQPJpHC2gBLaSFtJgW0xJaQktpKS2n5bSSVtJqWk1raS2tp/W0kTbSZtpMW2krbaNttIN20C7aRXtoD+2lvbSP9tF+2k8H6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifoBJ2iU3SaTtMZOkPn6Bydpx/pAv1EFylQilOQwV3tMrprXCaX2aW49O5SHAHApTiHy+lyudwuj7Mum8v+FzE55wq4gq6QK+y8K+KKupt+E5dypV0ZV9bd7sq5O1z538RV3T2umrvXVXf3uSru7r+Ia7j7XU33sKvl6rvarqGr4xq7utHDrp6r7xq4hq6Ra+xausddK/eEa+2edG3cU7+JF7pFbq1b59a7DW6v+8Sdcz+4o+5rd9796Lq6bq6ve8n1cy+7/u4VN8AN/E083L3hRriRbpQb7ca4sb+JJ7spbqqb5qa7d9wMN/M38QL3vpvtFrs5bq6b5+b/HF/qabH7wC1xH7qlbplb7la4lW6VW+3W/FevK9wmt9ltcXvcx26b2+52uJ1hl9v9c3zpOPa5T91+95k74r5yB93n7pA75g67L3+OLx3fMfeNO+6+dSfcSXfKfedOu+/dGXf25+O/dOzfuZ/cRRccMLJizYYjTsdXcQqn5wx8NWfkazgTZ+YEX8tZ+LrMmfl6zsbZOQfn5Fycm/OwZWLHzDHn5Xyc5Bs4P9/IBbggF+LC7LkIF+WbuBjfzMX5Fi7Bt3JJvo1LcWkuw2X5dq4fQijPFbgi38mVQuDKXIXv5qp8D1fje7k638c1+H6uyQ9wLf4D1+YHuQ4/xHX5Ya7H9bkBN+RG3Jib8CPclB/lZtycW/Bj3JIf51b8BLfmJ7kNP8Vt+Wlux89we36WO/Bz3JE7cWd+nrvwC9yVu3Eqd+ce/CL35F7cm/twX36J+/HL3J9f4QE8kAfxqzyYX+Mh/DoP5WE8nN/gETySR/FoHsNjeRy/yeP5LZ7Ab/NEnsSTeQpP5Wk8nd/hGTyTZ/G7PJvf4zk8l+fxfF7A7/NCXsSL+QNewh/yUl7Gy3kFr+RVvJrX8Fpex+t5A2/kTbyZt/BW/oi38XbewTt5F+/mPfwx7+VPeB9/yvv5Mz7Af+SD/Dkf4i/4MH/JR/grPspf8zH+ho/zt3yCT/Ip/o5P8/d8hs/yOf6Bz/OPfIF/4oscGGKMVaxjE0dxuviqOCVOH2eIr44zxtfEmeLMcSK+Ns4SXxdnja+Ps8XZ4xxxzjhXnDvOE9uYYhdzHMd543xxMr4hzh/fGBeIC8aF4sKxj4vEReOb4mLxzXHx+Ja4RHxrXDK+LYbU0vHD95WNb4/LxXfE5eMKccX4zrhSfFdcOa4S3x1Xje+Jq8X3xtXj++Li8f1xzfiBuFb8h7h2/GBcJ34orhs/HNeL68cN4oZxo7hx3CR+JG4aPxo3i5vHLeLH4pbx43Gr+Im4dfxk3CZ+6nf3p8bd4x7xi/GLcQj3ql+uE5MLk4uSi5MfJJckP0wuTS5LLk+uSK5MrkquTq5Jrk2uS65PbkhuTG5Kbk5uSYZQ5Srw6JXX3vjIp/NX+RSf3mfwV/uM/hqfyWf2CX+tz+Kv81n99T6bz+5z+Jw+l8/t83jryTvPPvZ5fT6f9Df4/P5GX8AX9IV8Ye99EV/UN/ZNfBPf1D/qm/nmvoV/zD/mH/eP+yf8E/5J38Y/5dv6p307/4xv75/1z/rnfEffyXf2z/su/gXf1XfzqT7V9/A9fE/f0/f2vX1f39f38/18f9/fD/AD/CA/yA/2g/0QP8QP9UP9cD/cj/Aj/Cg/yo/xY/w4P86P9+P9BD/BT/QT/WQ/2U/1U/10P93P8DP8LD/Lzy4w28/xc/w8P88v8Av8Qr/QL/aL/RK/xC/1S/1yv9yv9Cv9ar/ar/Vr/Xq/3m/0G/1mv9lv9Vv9Nr/N7/A7/C6/y+/xe/xev9fv8/v8fr/fH/AH/EF/0B/yX/jD/kt/xH/lj/qv/TH/jT/uv/Un/El/yn/nT/vv/Rl/1p/zP/jz/kd/wf/kL/rgxyXeTIxPvJWYkHg7MTExKTE5MSUxNTEtMT3xTmJGYmZiVuLdxOzEe4k5ibmJeYn5iQWJ9xMLE4sSixMfJJYkPkwsTSxLLE+sSKxMrEqEkHtbHPKGfCEZbgj5w42hQCgYCoXCwYcioWi4KRQLN4fi4ZZQItwaSobbQqlQOpQJ9UOD0DA0Co1Dk/BIaBoeDc1C89AiPBZahsdDq/BEaB2eDG3CU6FteDq0C8+E9uHZ0CE8FzqGTqFzeD50CS+ErqFbSA3dQ4/wYugZeoXeoU/oG14K/cLLoX94JQwIA8Og8GoYHF4LQ8LrYWgYFoaHN8KIMDKMCqPDmDA2jAtvhvHhrTAhvB0mhklhcpgSpoZpYXp4J8wIM8Os8G6YHd4Lc8LcMC/MDwvC+2FhWBQWhw/CkvBhWBqWheVhRVgZVoXVYU1YG9aF9WFD2Bg2hc1hS9gaPgrbwvawI+wMu8LusCd8HPaGT8K+8GnYHz4LB8Ifw8HweTgUvgiHw5fhSPgqHA1fh2Phm3A8fBtOhJPhVPgunA7fhzPhbDgXfgjnw4/hQvgpXJT/WRNCCCGE+Kfo39nf/W98Lx0A/HpJ1AMArtme8/Bf19yY7U/rXipXywQAPNmtw4O/bpUqpaam/vLYpRqifHMBIPGX9X+Nl0ELeBxaQ3Mo9jf766U6neffqZ+8FSDDz9GfThFT4Nf4z+vf/HfqP/LY8IUl43NZ/kH9uQAF8l3OSQ+X48v1i/+d+tmb/k7/6T8fB9Dsz3IywuX4cv2i8Cg8Ba3/4pFCCCGEEEIIIcSf9FJl2v3960/9X9fnuczlnKvgcvx71+dCCCGEEEIIIYS48p7p1PmJR1q3bt7un1vgL3+X/tey/u4i5Zcu/t06spDF/9gifdp40V6p30hCCCGEEEKI/y6XT/qvdCdCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIUTa9T/xcWJX+hiFEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEKIK+3/BQAA//++0jN5")
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
open(&(0x7f0000000040)='./bus\x00', 0x400141042, 0x2a)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x205c91, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffff59f, 0x0, 0x0, 0x14, 0xd, "ef359f413bb9386ff7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e7376b7a5ff537ed73ac58818d78c660e677df8dc905b90242b7c528a076d2f6a00400", "036c5bc6780820d1cbf7966d61fdcf335263bd9b0abdc2542ded71038259ca171ce1a311ef545032d71e14ef3dc177e9b48b001d00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]})
open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0xdc)

3m10.053735312s ago: executing program 4 (id=828):
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x1a}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6a}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x4, 0x8, 0x79}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xcd, 0x12d5f, 0x3}}, 0x44)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000580)={{0x84, @broadcast, 0x4e23, 0x3, 'lc\x00', 0x2, 0x4, 0x7b}, {@private=0xa010102, 0x4e22, 0x2, 0xc8, 0x80012d58, 0x12d5c}}, 0x44)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)

3m9.835735559s ago: executing program 4 (id=834):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r1=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000140)={r1, 0x1, 0x4, @local}, 0x10)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000002c0)={r1, 0x11, 0x6, @random="08d32bfb45c9"}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00', <r3=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r3, 0x1, 0x6}, 0x10)

3m9.646777585s ago: executing program 4 (id=839):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000b80)='./file0\x00', 0x1008002, &(0x7f0000000d00)={[{@grpjquota}]}, 0x3, 0x5ee, &(0x7f0000000280)="$eJzs3c1vVFUbAPDnTj9oKXk7kDcqLqSJMZAoLS1gGuMCtoY0+BE3urDSgkiBhtZo0YSS4MbEuDHGxJUL8b9QIltWunLhxpUhIWpYmjjmztxbOu1Mv2jnEu7vlwxz7zlze86lfeace+acOwGU1lD6TyVif0TMJhGDyeJSXndkmUON193/+5Mz6SOJWu31P5NIsrT89Un2PJAd3BcRP/+UxL6u1eXOLVy9MDkzM30l2x+Zvzg7Mrdw9fD5i5Pnps9NXxp7cWz8+LHj46NHtnRe11qknbrx/oeDn0289d03/ySj3/82kcSJeCV74fLz2C5DMVT/P0lWZw2Mb3dhBenK/k5qtVotT0u6i60TG5f//noi4skYjK548MsbjE9fLbRywI6qJY33bqCMEvEPJZX3A/Jr+5XXwZVCeiVAJ9w72RgAWB3/3Y2xweirjw3svp/E8mGdJCK2NjLXbE9E3Lk9cePs7YkbsUPjcEBri9cj4qlW8Z/U478afVGtx3+lKf7TfsHp7DlNf22L5a8cKhb/0DmN+O9bM/6jTfy/kz5fa8Twu1ssv/pg873+pvjv3+opAQAAAAAAQGndOhkRL7T6/L+yNP8nWsz/GYiIE9tQ/tCK/dWf/1fubkMxQAv3Tka83HL+byWf/VvtWraEtRo9ydnzM9NHIuJ/EXEoenal+6NrlHH4831ft8sbyub/5Y+0/DvZXMCsHne7dzUfMzU5P/kQpwxk7l2PeLrl/N9kqf1PWrT/6TvD7AbL2PfczdPt8taPf2Cn1L6NONiy/X9w14pk7ftzjNT7AyN5r2C1Zz7+4od25W81/t1iAh5e2v7vXjv+q8ny+/XMbb6MowvdtXZ5W+3/9yZv1O8q1JulfTQ5P39lNKI3OdWVpjalj22+zvA4yuMhj5c0/g89u/b4X6v+f39ELK742clfzWuKc0/8O/B7u/ro/0Nx0vif2lT7v/mNsZvVH9uVv7H2/1i9rT+UpRj/g4av8jDtbU5vEY7drbI6XV8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBxUImJPJJXhpe1KZXg4YiAi/h+7KzOX5+afP3v5g0tTaV79+/8r+Tf9Djb2k/z7/6vL9sdW7B+NiL0R8WVXf31/+MzlmamiTx4AAAAAAAAAAAAAAAAAAAAeEQNt1v+n/ugqunbAjusuugJAYVrE/y9F1APoPO0/lJf4h/IS/1Be4h/KS/xDea0d/2+Pd6wiQMdp/6G8xD8AAAAAADxW9h649WsSEYsv9dcfqd4sr6fQmgE7rVJ0BYDCuMUPlJepP1BervGBZJ38vrYHrXfkWmbPPMTBAAAAAAAAAAAAAFA6B/db/w9lZf0/lJf1/1Be+fr/AwXXA+g81/hArLOSv+X6/3WPAgAAAAAAAAAAAAC209zC1QuTMzPTV2y8+WhUo5MbtVrtWvpX8KjUZ/s3kmyGekcKzafCd/5Mezdygvlav4395OLekwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGb/BQAA//8wviV5")
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$binfmt_register(r0, &(0x7f00000001c0)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x1, 0x3a, 'usrjquota=', 0x3a, '\x00\x03!\f\xee\x998r~\b\x13\x89\xae\xf1\x06hz\xcc\xd6\xbb\xb8\x19\x90\x9e\xdb\xa2F\xfa_F(\x05\b\x13\x82\x12\xad\x0f^\xdc\xf2\xb5', 0x3a, './file2', 0x3a, [0x46]}, 0x5c)
r1 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)

3m9.337648255s ago: executing program 4 (id=843):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000180)="a1", 0x1}], 0x1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$char_usb(r0, &(0x7f00000001c0)="64e9", 0x2)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000700)=[0x2], 0x0, 0x0, 0x200000000000022f}}, 0x40)

3m9.207377209s ago: executing program 4 (id=845):
r0 = fsopen(&(0x7f0000000140)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x9)
fchdir(r1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f0000000080)=""/49, 0x31)
getdents(r2, 0xfffffffffffffffd, 0x58)

3m8.993396836s ago: executing program 33 (id=845):
r0 = fsopen(&(0x7f0000000140)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x9)
fchdir(r1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f0000000080)=""/49, 0x31)
getdents(r2, 0xfffffffffffffffd, 0x58)

1m48.698853468s ago: executing program 5 (id=1299):
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000300)=[@in6={0xa, 0x4e22, 0x81, @private1}]}, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f00005a4000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00005a4000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x840)
r0 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
r1 = io_uring_setup(0x28fe, &(0x7f0000000080)={0x0, 0x0, 0x1000})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r1, 0x11, &(0x7f00000002c0), 0x2)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

1m48.293898811s ago: executing program 5 (id=1301):
socket$alg(0x26, 0x5, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
socket$netlink(0x10, 0x3, 0x14)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b00)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000}, 0x1, r2}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)

1m48.025923089s ago: executing program 5 (id=1303):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c4400000000000e0fe1709850000000e00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000003c0)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)
sendmsg(r0, &(0x7f0000002400)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001200)="c1", 0x1}], 0x1}, 0x24004000)

1m47.539049725s ago: executing program 5 (id=1307):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000000440)={[{@nobarrier}, {@nomblk_io_submit}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x10}}, {@inlinecrypt}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x5)
open(&(0x7f0000000040)='./bus\x00', 0x400141042, 0x2a)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0xd, "ef359f413bb9386ff7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e7376b7a5ff537ed73ac58818d78c660e677df8dc905b90242b7c528a076d2f6a00400", "036c5bc6780820d1cbf7966d61fdcf335263bd9b0abdc2542ded71038259ca171ce1a311ef545032d71e14ef3dc177e9b48b001d00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]})
fallocate(r0, 0x8, 0x4000, 0x4000)

1m46.518449728s ago: executing program 5 (id=1315):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0)
ioctl$DRM_IOCTL_AGP_FREE(0xffffffffffffffff, 0x40206435, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r1 = socket$inet6(0xa, 0x1, 0x6)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000040)={{{@in=@loopback, @in=@broadcast, 0x4e22, 0x0, 0x4, 0x8, 0x2}, {}, {0x0, 0x0, 0x0, 0x200000000000000}, 0x0, 0x0, 0x1}, {{@in=@empty, 0xfffffffb, 0x32}, 0x2, @in=@local, 0xfffffffd, 0x4, 0x0, 0x0, 0x3, 0xfffffffd}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)

1m41.842107547s ago: executing program 5 (id=1352):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x1000, 0x10000, 0x9, 0x9, 0xfb, 0xe2, 0x40, 0xba, 0x0, 0x2b, 0x16, 0x8}, {0x200000, 0x10000, 0x3, 0x0, 0x40, 0x5, 0x7d, 0x6, 0x5, 0x6, 0x1, 0xb5}, {0xc000, 0xf000, 0xf, 0x5, 0x3, 0x7, 0xfc, 0x8, 0x1, 0xac, 0x7, 0x4}, {0x80a0000, 0xeeee0000, 0x9, 0x6, 0x4, 0x42, 0xb, 0xff, 0x8, 0x7, 0x6, 0xfe}, {0x10000, 0x2000, 0x2, 0x7, 0x3, 0x2, 0xab, 0x5f, 0x7, 0x2, 0xdb, 0x2}, {0x1000, 0x100000, 0xc, 0x7, 0xb1, 0x8, 0x21, 0x81, 0xfc, 0x0, 0x1}, {0x3000, 0x8000000, 0x4, 0x1, 0x2, 0x5, 0x7, 0x3, 0x5, 0x81, 0x1, 0x70}, {0x100000, 0x60000, 0x9, 0x5, 0xf, 0x7, 0xc, 0x3, 0x6, 0x0, 0xb2, 0x9}, {0x10000, 0x1000}, {0x54000, 0x5}, 0x80000031, 0x0, 0x8000000, 0x2220, 0x400003, 0x500, 0xdddd1000, [0xf90000000000, 0x4, 0x84, 0xfff]})
prlimit64(0x0, 0x7, &(0x7f0000000040)={0x0, 0x100}, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, 0x0}], 0x1, 0x8, &(0x7f0000000300), 0x0)

1m39.313140868s ago: executing program 34 (id=1352):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x1000, 0x10000, 0x9, 0x9, 0xfb, 0xe2, 0x40, 0xba, 0x0, 0x2b, 0x16, 0x8}, {0x200000, 0x10000, 0x3, 0x0, 0x40, 0x5, 0x7d, 0x6, 0x5, 0x6, 0x1, 0xb5}, {0xc000, 0xf000, 0xf, 0x5, 0x3, 0x7, 0xfc, 0x8, 0x1, 0xac, 0x7, 0x4}, {0x80a0000, 0xeeee0000, 0x9, 0x6, 0x4, 0x42, 0xb, 0xff, 0x8, 0x7, 0x6, 0xfe}, {0x10000, 0x2000, 0x2, 0x7, 0x3, 0x2, 0xab, 0x5f, 0x7, 0x2, 0xdb, 0x2}, {0x1000, 0x100000, 0xc, 0x7, 0xb1, 0x8, 0x21, 0x81, 0xfc, 0x0, 0x1}, {0x3000, 0x8000000, 0x4, 0x1, 0x2, 0x5, 0x7, 0x3, 0x5, 0x81, 0x1, 0x70}, {0x100000, 0x60000, 0x9, 0x5, 0xf, 0x7, 0xc, 0x3, 0x6, 0x0, 0xb2, 0x9}, {0x10000, 0x1000}, {0x54000, 0x5}, 0x80000031, 0x0, 0x8000000, 0x2220, 0x400003, 0x500, 0xdddd1000, [0xf90000000000, 0x4, 0x84, 0xfff]})
prlimit64(0x0, 0x7, &(0x7f0000000040)={0x0, 0x100}, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, 0x0}], 0x1, 0x8, &(0x7f0000000300), 0x0)

1m6.313650245s ago: executing program 6 (id=1569):
syz_mount_image$nilfs2(&(0x7f0000000380), &(0x7f0000000a40)='./file0\x00', 0x0, &(0x7f0000000a80), 0xf, 0xa02, &(0x7f0000001ec0)="$eJzs3U9sXEcdAOB5a68d16mzhgKmoYmBAqmgTrCtKrmkMZRrpN7KsQppiHBTlHBpVakpUsUNRap67IGqh1wQFeLSA1JEVUQvQZQ7CoVKVVGgFQipoNYo9sx6d+zH/rG99vp9n/Tz+L2ZfTPPu943fp6dCUBl1Va/Li7OFCG89PqLj/zkD698twghHG2WaLSUW9uqhxCKtsevuxUzPv7w2XObpUWYX/2atsPZ283HToYQrobZcCM0wsL7j829ubT08vWbj16efuH02zt0+gAAUCln3/jH7x94761vTP/nF0fOhPHm/tQ/b8TtydjvPxH793n/v2hJi5btZCwrNxIj//thJCs3mtUzWlJfPTtOvaTcWIf6Rlr2bXaeALAfrN/XK2pzbdu12tzc2nX/jlvjY8XcpYvLT1zZpYYCANvmXw+HEM4IIYQQokqxcmi3eyAAQNXl44U3uJqPLNia5tEOdFf/7aXa5o+HbTDo17/6h6v+V5/3jsP22a+vpnRe6fcojWPIxxGOZI/r9fe/lh1ntMd2lo0rHJbxhmXtzH+ue1VZ+3t9HndLWfvz8bB7VVn783G6e1VZ+8cH3I5+lbX/wIDb0a+y9k80v9uvV7jtcd/q1/V3iyNZfuv1M39PH5b3eACg3UfG/wkhhBCVi+d2uwMCAOw5+fw4K1HKz+fjyfPzeXjy/HxeoDx/vEP+gQ75AMBGC7+68PNrxfr/+bc6Hi6Nu7grppM9ticfrdFr/Vsd97TV+odl3BIA1fbUTxe/89aZpZG1+X/Xr2WfZPP/prl6r8XtNO7yYLbdnPt3tr2eWkm5gztxUgDA/5Wuv2Xz/94dt2dCvXji4vL5E3F7Kqa/G6+P39n/zQG3GwDoX7fz/8+E9vn/Dzb312ut/YJD6/uL1n5BI9s/X7J/IW5Px/T74xOr++fOPbX8ve0+eQCoqDe+dfC1D357Kazd/1///3e6/59u4zfiWLsPYoHUT0j3Bzbc/z/WXs9UWbkT7eUOlZU72V6ukZWrx8jn3cjHB05kj0vjFNK4h9TfSeMap8vak02QMZaVG41xd9aeqaw9G873RHt78nloUv2NbH8+7iGVmw4AsNGVp5/5wePLy+cv+8Y3vqngN8+FEDbL2u13JmCnHf/Rkz88fuXpZx68+OTjF85fOH9pYXH+1KmHFucXHzq+el//eOvdfQBgP1jv9O92SwAAAAAAAAAAAAAAgDKD+KTxbp8jANDu7w+HEM6ILEb2QBuEECk+2gNtEGKfxcpKvuIvAMBg9bre/lY1jxbn80/rHqT04IN/nL4Tqdjtpfb+kvWL2U6Dfv2rf7jqf/X57a2/ub5I1+9/tfYDzPZX761fnjzZWv+9o13Wn5//sf7q/3NW/9dCd/Wv/Cyrv8+pcd/J6r+ry/o3nP/J/ur/S6z/nrh97Mvd1t/+/Kf1dtJyOBPZ+UyW1P/Xevv5p7X9ej7/Az2cdIt34/kDQBXVdrsBOyT1ElI/OvVDWtfnCy3r7IWsfLf9/1p2nHy9vn6l46Z+0BfjdurupHUD8/UOe21/Wp9wKjtu0WW/tuz1Myz/VSpr/3Y9jzutrP35epB7VVn7xwbcjn6VtT//vdyrytrf559VA1fW/okBt2NYHY5p2fUwXX+mYl7abmTbk5s8F/u1bwEAw+7bp2/ef+3rozfy9fnTdT39GTgZ/6a+npXL+wsTWd+xyMp/KaY/jukrMf1NTN/Jjrez/20DgGp6z+f/hBBCiMpF1T//5/4CVVb113/Vz7/a7/6e/07S6yO/j5+Mdsivt+SPbJI/1uHx41l+/nwd6JB/T3bclSjlf6ZD/mc75H+uQ/5Mh/xDHfLv7ZB/uEP+FzrkH+mQf7RDPgDD6fMx9f4OANWRj/tz/QeA/S9NrOP6DwDV8amYll3/7+uQDwAMn0/H1PUdACqk2Hymx63O2wMMjzS/dPo9j8uBhPtj+pWYfjWmab2UPpdfAfaA//7713+7VqzP93c4y+92Pvmi1v7Ju3z9nwe6bE/++b1e57NvdFnPTtU/vcX6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABis2urXxcWZIoSXXn/xkX+e+tO7RQjhaLNEo6Xc2la9ZXu27TghvFaspR9/+Oy51vSTmBZhPhShaO4PZ283a5oMIVwNs+FGaISF9x+be3Np6eXrNx+9PP3C6bd38EcAAAAA+97/AgAA//87+jkE")
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$FUSE_DIRENTPLUS(r0, &(0x7f0000000580)={0x10}, 0xfdef)
ftruncate(r0, 0x1)
write$FUSE_DIRENT(r0, &(0x7f0000000140)={0x10}, 0x10)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x42082, 0x0)
write$FUSE_IOCTL(r1, &(0x7f0000000100)={0x20}, 0xfdef)

1m5.746700944s ago: executing program 6 (id=1574):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x2, @empty}, 0x1c)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m5.149868843s ago: executing program 6 (id=1584):
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x800005, 0x32, 0xffffffffffffffff, 0x852ac000)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf42, 0x4)
r2 = socket$packet(0x11, 0xa, 0x300)
sendto$packet(r0, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)
recvmmsg(r2, &(0x7f0000004480)=[{{0x0, 0x0, &(0x7f0000003e40)=[{&(0x7f0000000c00)=""/4096, 0x1000}], 0x1}, 0x4}], 0x1, 0x2, 0x0)

1m4.950761279s ago: executing program 6 (id=1586):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file0\x00', 0x8c0, &(0x7f0000000080)=ANY=[@ANYBLOB='acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noacl,\x00'/119], 0x5, 0x445a, &(0x7f0000004480)="$eJzs3T9sFNkdAOA3YyfYBIhNKIgUKSsFJVESWTYViZFijMHY4BCRQJFmWdsLOFl7kb2OUlA4SoOUKlKKKAW6k65zhdxdxTUnXXnNlVyNdFdcc9JJiD3t7qy9M+vFe9wuPtD3SXh23n/8m3n7phi/OFG5t7KRW9nIFdZy5aU7G2dzfy+XNleLIc76sC2lJ7run0PVjziJ/eG5fvHyn26dDeGD5U+eVavVaqgZDPuaaPn85RcPllqPTXHryb8a7e7fWq/8JYRwqm1cNQMhhKHk84XkOJ0ch0MIJ0IIUQjh1oN/3871aDSPnxbP558vPNyZPDO//Win8/89CuH/pR//5u7qZz8bmPz0Vz3qHgAAAAAAAAAAAAAAAACAN9zsjes3/zg+EZ5EYXA7an9fdzY5dno/ttozP+04xl69mwsAAAAAAAAAAAAAAAAAAADfVXvv/+eik/u8/z+THKc61K/+vrt+fv4tx0l/zP3h+syl8Ylk//eoLf9ckvT5hYEw2txf/aPO+79fyNTff//39n5eVXN8zX5HQhSPpc7jeGwshHeTjd9PR0fjUnmj8us75c215Z4N442Vjn9j9/5UdJIN/VPxf8n+/9OZ9vu///+P2q6m2vnt3l1ib7V0/Ac6lnvvn9FL4v/93XIXM/VeR/x5den4D9bThlsLTDUmgFr8/zN48P0/k2m/X/E/EULIRbWx5lIzQG0NU0vvtF4hLR3/79XTUlNn8ovsdP9/lYn/pUz7hzX/b2W/iNhXOv6NeXwoVWLv/h+ND77/L2faP4z418a/5fu/K+n4H2kkDqaK1H+T3c7/s5n2s/F/Ua1WezHum3EyzhNR6grYjhrp/mZcd9LxH2rL33v+i7ta/1/J1H9dz3/NfpvPf83p/5dR4/mP/e3Gfyc8q1aHO5br9v6fy9Tr9/w/VV//tTl3qp+dvkXS9//Relp67TxS/9kp/tVM/Ocz7b9C/N/v/BS6p74qGWrGf28+eXGkkf6O9V9X0vH/QSMxbi2xVf9ZX/9FB6//r2baP4z1X238W3F/e31bpON/rGO5Wvw/7uL7/1qmXv/jH8J48wJoX75wgHT8j3csV7//hw6O/0KmXr/j/4t+Ng4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwBphOjiMhisdS53E8NhbCxeT8dDgaLRaW84ul8tLfNkKYSdJz4WR0t1ReLJTyK2vl5WK+UCqVl0K4lOSfCkPRRqlcya8W7l/ebWs4ulcsrFcWi4VKCGE2Sf9JON5sa3Glslq4H0K4spv3w7i8fv9eYS2/vLL+u/Hx8fEwtzuG0aj4j0pxrdLovZEbwvxu3ZGoZXD17Ku7YzkW/bW8ub5WKNXTr7XUKZWXCqWWOgtJ3n/DaFRZ31xbKlSK+VL5brO/wzSVHGfmbvz5xrWJtvzbUeM4/XqHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA39GTyt/8LIQw2zuIQQi5KPkTJv5THT4vn888XHu5MnpnffrTzbL8yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX7MDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFXTpGiRiIwgD8ZlJo6TGsQtLZRhTRwojgCfQYHkaP4iW8g4WFrcWysDuBkGwgzW71fc2D+Zl5D+YBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsN7dc//y1LQRKc43ZxFfb98/4/yh1I/rw/erE8zI8dw/9je3TVv+Pc3yq3L02+Vd+v/3/lqVGqM6+JzsyXSf9uZ9ppb2bWm+oe9FpFxHRFfyy5RzXa97CwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC07cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZR9G0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL8CAAD//4VrJTc=")
open(&(0x7f0000000040)='./bus\x00', 0x400141042, 0x2a)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x14, 0xd, "ef359f413bb9386ff7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e7376b7a5ff537ed73ac58818d78c660e677df8dc905b90242b7c528a076d2f6a00400", "036c5bc6780820d1cbf7966d61fdcf335263bd9b0abdc2542ded71038259ca171ce1a311ef545032d71e14ef3dc177e9b48b001d00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]})
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x103042, 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)

1m3.323620291s ago: executing program 6 (id=1594):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
r2 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2200020, 0x0)

1m1.962230785s ago: executing program 6 (id=1601):
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0x100c404, &(0x7f0000001980)={[{@fat=@umask={'umask', 0x3d, 0x7}}, {@fat=@usefree}, {@dots}, {@fat=@uid={'uid', 0x3d, 0xee00}}, {@dots}, {@fat=@check_strict}, {@fat=@nfs}, {@nodots}, {@dots}, {@dots}, {@nodots}, {@nodots}, {@nodots}, {@fat=@debug}, {@fat=@debug}, {@nodots}, {@nodots}, {@dots}, {@fat=@flush}, {@dots}, {@dots}, {@dots}, {@fat=@showexec}, {@fat=@debug}, {@nodots}, {}]}, 0x1, 0x1f5, &(0x7f0000000600)="$eJzs3cFqE1EUANCbmCYTcdGdIAgjLnRV1C+oSAUxIFSy0J2gK7NqN6mb9jP8Bf/LD5CuspEncSadmKYxBDKj7Tmb3pn7Xt+7M2SSTW5SFL7f/RpZ1or2fuzHpBW70Y6ZswAArpNJSvEjFZreCwBQjzXe/3/WvCUAYMvevnv/+vlgcHCY51nE+dl4OB4Wf4v8y1eDgyf5b7vVrPPxeHjrIv80X/zsMM3vxO0y/6yYn1+kuxEx7Mbjh0V+mnvxZpD/Ob8XH7dcOwAAAAAAAAAAAAAAAAAAAAAANOV+5DNL+/vs7S3m+2W+OJrrD7TQv6cT9zrlYdUeKJ3WURQAAAAAAAAAAAAAAAAAAAD8Z45Pvnz+MBp9OqqCXkTMn+ksGXN10Cr/8VqDmw/asdn0flnmBou2yku03QL7y2/uOkF0/pW7s2mQ17BWf+XlTWkaLH8VzNpiXDm9GxGrV390uOnmJyml0bcHR8cnkVYOrp4RvVqfSAAAAAAAAAAAAAAAAAAAcHPNfev7kqyJDQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAA6rf/58Gl8+sDE4j4k78dfBsrZ3IGq0VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA6+tXAAAA//85ziI4")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
ftruncate(r0, 0x4a8e)

1m1.391065203s ago: executing program 35 (id=1601):
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0x100c404, &(0x7f0000001980)={[{@fat=@umask={'umask', 0x3d, 0x7}}, {@fat=@usefree}, {@dots}, {@fat=@uid={'uid', 0x3d, 0xee00}}, {@dots}, {@fat=@check_strict}, {@fat=@nfs}, {@nodots}, {@dots}, {@dots}, {@nodots}, {@nodots}, {@nodots}, {@fat=@debug}, {@fat=@debug}, {@nodots}, {@nodots}, {@dots}, {@fat=@flush}, {@dots}, {@dots}, {@dots}, {@fat=@showexec}, {@fat=@debug}, {@nodots}, {}]}, 0x1, 0x1f5, &(0x7f0000000600)="$eJzs3cFqE1EUANCbmCYTcdGdIAgjLnRV1C+oSAUxIFSy0J2gK7NqN6mb9jP8Bf/LD5CuspEncSadmKYxBDKj7Tmb3pn7Xt+7M2SSTW5SFL7f/RpZ1or2fuzHpBW70Y6ZswAArpNJSvEjFZreCwBQjzXe/3/WvCUAYMvevnv/+vlgcHCY51nE+dl4OB4Wf4v8y1eDgyf5b7vVrPPxeHjrIv80X/zsMM3vxO0y/6yYn1+kuxEx7Mbjh0V+mnvxZpD/Ob8XH7dcOwAAAAAAAAAAAAAAAAAAAAAANOV+5DNL+/vs7S3m+2W+OJrrD7TQv6cT9zrlYdUeKJ3WURQAAAAAAAAAAAAAAAAAAAD8Z45Pvnz+MBp9OqqCXkTMn+ksGXN10Cr/8VqDmw/asdn0flnmBou2yku03QL7y2/uOkF0/pW7s2mQ17BWf+XlTWkaLH8VzNpiXDm9GxGrV390uOnmJyml0bcHR8cnkVYOrp4RvVqfSAAAAAAAAAAAAAAAAAAAcHPNfev7kqyJDQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAA6rf/58Gl8+sDE4j4k78dfBsrZ3IGq0VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA6+tXAAAA//85ziI4")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
ftruncate(r0, 0x4a8e)

3.656129285s ago: executing program 2 (id=2129):
r0 = syz_io_uring_setup(0x259a, &(0x7f0000000000)={0x0, 0xa550, 0x800, 0x1, 0x153}, &(0x7f0000000300)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=<r4=>0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, &(0x7f0000000600)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r4, 0x0}])
syz_io_uring_submit(r1, r2, r3, &(0x7f0000001b00)=@IORING_OP_TIMEOUT={0xb, 0x1a, 0x0, 0x0, 0x4, 0x0})
io_uring_enter(r0, 0x42be, 0xafb2, 0x8, 0x0, 0x0)

3.628405056s ago: executing program 7 (id=2131):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235222bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856a24cedd963c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75474939c664ff1849f8fbc403959f9c2de4b235261aba126be33a1762054cf2fad7dfc679c611c046f5764cfd3b84268cf21e9b8cd374866e2d55c4bfdd180a43e4fae7f5ddab3469cda8da12808566a285524ac700c24595dcd5c7784b30a4baafe80e10cecfe2393ecc927520408071c6901003dd15417429bfa90a54f501dd193865ebbb27e85c50605c45115595b04c410c2b2d6ef11e53872cba8091c88311d00c175bcf0a780265fe60228a640a746847d0138dc9f673fac8658d57ebaab4212bdcb1625a73bbda3c4a6e4282480077305b6afa3ebbcd525e588bf55760e556f1211a02cfe2e533ce915d86d62374332773744fcc8fdaf51812edd747c93b23bbe70d"], 0x1, 0x553a, &(0x7f0000006040)="$eJzs3EtvG1UUAODrpOmbEiEW7DpShZRItVWnSQW7AK14iFQRjwUr6tiO5db2RLHjhKxYsEQs+CcIJFYs+Q0sWLNDLEDskIo89wY1PCpQHJsk3ydNz8yd6zPnjqpEZyZyAM6s+ezXn0vhWrgUQpgNIVwNodgvpa2wGsMLIYTrIYSZJ7ZSGv9j4HwI4XII4dooecxZSqc+vzm8sfLTW798892Fc1e++Pr76a0amLYXQwjdrbi/240xb8X4MI3Xhu0idpeHKcYT3UfpOI9xt7lRZNitHcyrFfF2K87Pt3b6o7jZqdVHsdXeLMa3evGC/WHrIE/xgYe17eK40dwoYrufF7G1H+va248/2/b7g5inkfJ9VKQPg8FBjOPNvWZcz9ajItZ7gzQe8+aN5t4oDlNMlwv1vNMo6tg4yp3+f3u73dvZy4bN7X4772UrlepLleqdcnU7bzQHzeVyrdu4s5wttDqjaeVBs9ZdbeV5q9Os1PPuYrbQqtfL1Wq2cLe50a71smq1crtyq7yymPZuZq/ffz/rNLKFUXy13dsZtDv9bDPfzuInFrOlyu2XF7Mb1ezdtfVs/Z1799bW3/vw7gf3X1l787U06S9lZQtLt5aWytVb5aXq4sld/+h3/X9a/yep6DGuH46k9LSTDyZXB8AJov8HpmGi/f9cGHv/H/T/Y6H/P7Prf5wc7QZytj21/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DT7Ye7LN4qd+Xh8JY0/k4aeS8elEMJMCOHx35gN5w/lnE155v5h/tyfavi2FIoMo2tcSNvlEMJq2n579rjvAgAAAJxeX318/bPYrcd/5qddEJMUH9rMXH0wpnylEMLc/I9jyBLSw6bw/NGrikb/v8+FvTFlKx5gXRxTsvjI7dy4sv0rs4fCxSdCKYaZg5nnJ1oXAABwnA53ApPtQgAAAJikT6ddANNRvGlNf4ufXvNdiCG9ELx06AgAAAA4gUrTLgAAAAA4dkX/7/v/AAAA4HSL3/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+zcze5aQNRAICfDS609AdV3bdH6Q6O0SN02WXFVTgCvUL3FWegu267iyDCnkQhMiHExoTo+yR7MmPr5RnB4o1HAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACc0t9iMf318/OwaZz1ppl2ngYAAACosyoW0/KPcdUfpfF3aehj6mcRkUdEXe3ei1c7MXspTrHn/uJeDr8jygjb/zFIx5uI+JqOqw+n/hQAAADg5VrO5pOqWq9O43MnRJeqSZv87beW4mURUYz/tRQt354+PerWzeH5oe33ux8/9lzNjkutnNiKxktmbpRTbv22oh3WSz/322Z4p8mqJu8uHQAAoCu7lUCHVQgAAAAd+37uBDiP8q1nWoufFvAPqia9EHy90wMAAAAu0LGrngEAAIDnaPTg1bL+v4D9/97/t/8fAAAAPFm1/x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACntCoW0+VsPmkaZ72p8edLRN14jXaeBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArtmfdxSGYTAIg5tEeXVCF/D9b2kW7NatmxkQfPxbCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK48jpfnGa/GTLbR60zy7nkl+XRqfDs1fp0b/yRj3f0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY2Z+XFAiBIIiCOeN/J33/w0qCnkGECGh4VFGLBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCLfvfL/4mpcSaZO20sHY8ka1eNravG3oPG0YPx9m8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC42Ll/37ipOADgX5/vrrSACAFlCEJUYoCFptfS0pUBFDHwJyBF6bUErvxoM9CqAmVhQ5m7IBgRQgKFrf9D51bqUrYONxSJqQPIPrt5PYo4qGJfk89Hen5fW47f9zlRlK+fcwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQG389m6cF5uFSdypjt28d3W96G9N9YXr27eXi1bE2T9c/6u9Snz+vZzuZEvtJQIAAMDBkdf1fUQ/ejurRdBZKOv/Xn1OUfN/9+wkruv56bq/7uvav2i//nL3xQcDLUzGKS56bmM0PP73VLr5Hs5znj33r2d0yztfPnvJy29I572tF8a98n5m39y48U6/DA81kS0A8H8cq/sqqP8eKvpBm4kBcGB0q1a4U9X/+UK7OQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0ob8VT9dxFhHL3d24cOve1fWyn9q/vn17uW6nr13bTq9ZXKIXEec2RsPjTU3kCXDp8pWP10aj4cXmg1cior3Rq+CDGc6JaDNDweMGnepnfbavOhoR7efcftDyLyYAAPadXtWKuv5Ob2e1OJYtRvz5/cP1/2tJHGn9P9Wn9f/dD0/fTMdK6/9BYzOcfyubFz5buXT5yhsbF9bOD88PP3nzxOCtwckzp06dWSmflax4YgIAAMDj6Vctrf87ixHjqfX/I0kcM9b/n387+DIdK1f/P9Luol/bmQAAABxszx/94/fsEcezfj++WNvcvDiYbLP71f6JybaFVP+zQ1VL6/98se2sAAAAgCaMt7KH1v/PJnHMuP7/zA8v/ZReM4+Iw9X6/7H1T0dnm5tOS+7PdFYT/06851MFAABgrh2uWrr+3yvf/+88eOWhExGvvzqJq48BnKn+z9/9+sd0rPT9/5PNTXEudZYm96PslyK6S21nBAAAwH72VNWKYv+33s7qRz8feb/v/X8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACApv0VAAD//+NPQpo=")
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x101042, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a)
lseek(r0, 0x1, 0x3)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)

3.258704477s ago: executing program 2 (id=2134):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x9}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r1, &(0x7f0000000480)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0xfffffff5}, 0x1c, &(0x7f0000000300)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000009c0)=ANY=[@ANYBLOB="12e01b3989dd", @ANYRES32=r0], 0x1000f)

2.634063077s ago: executing program 0 (id=2139):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(ecb-aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="10797fcd6cd957d2b903c6bf46b4abf3629ff075475e4bd6e43be1712bf8b4dc", 0x20)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
sendmsg$TIPC_NL_KEY_FLUSH(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000003c0)=ANY=[], 0x19c}}, 0x4004c16)
recvmsg(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000007c0)=""/67, 0x43}, {&(0x7f00000003c0)=""/139, 0x8b}, {&(0x7f0000000480)=""/88, 0x58}, {&(0x7f0000000640)=""/181, 0xb5}], 0x4}, 0x2000)
sendmmsg$alg(r1, &(0x7f0000000e80)=[{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="8c3371918b1475730009fcac9d6e7dd64b", 0x11}], 0x1, 0x0, 0x0, 0x50}], 0x1, 0x50)

2.515542001s ago: executing program 7 (id=2140):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x81}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000340)={0x0, 0x0, 0x1000, 0x40002, 0x1e5}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_ublk_add_dev(0xffffffffffffffff, r1, r2, r3, &(0x7f0000000180)={0x2e, 0x0, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, <r4=>0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f00000000c0)=@new_dev={0x3, 0xf14, 0x0, 0x0, 0x1000, 0xffffffff, 0x0, 0x0, 0x124}}}, &(0x7f0000000280)=<r5=>0x0)
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="37031c00", 0x4, 0x4000800, 0x0, 0x47)
syz_ublk_setup_queues(r0, r5, &(0x7f0000000200)={0x0, 0x1463, 0x80, 0x2, 0xb2}, &(0x7f0000000d40)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0x4485, 0x10002, 0x401, 0x31c, 0x0, r0}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x7682, 0x4000, 0x1, 0x2000008, 0x0, r0}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x1, 0x10, 0x1, 0x902c4, 0x0, r0}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x3a0b, 0x20, 0x2, 0x40021a, 0x0, r0}}], 0x4, &(0x7f0000001540)={0x2e, 0x6, 0x0, 0xffffffffffffffff, 0xc0107520, 0x0, 0x0, 0x0, 0x72ccfb459c83c565, {0x6}, 0x0, r4, '\x00', {0x3, 0x48b, 0x0, 0x0}}, 0x0)
syz_clone(0x1064400, 0x0, 0x0, 0x0, 0x0, 0x0)

2.269495988s ago: executing program 2 (id=2142):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0xfffffffffffffffc, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ptrace$getregset(0x4205, r0, 0x200, &(0x7f0000000080)={0x0})

1.658805938s ago: executing program 0 (id=2146):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0xc8, 0x4)
writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)
shutdown(r0, 0x1)

1.400265576s ago: executing program 0 (id=2149):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha12\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000740)=[{0x0, 0x0, 0x0}], 0x1, 0x2004001)
io_setup(0xff, &(0x7f0000000380)=<r2=>0x0)
io_submit(r2, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000340), 0x41}])

1.237592321s ago: executing program 2 (id=2150):
sendmmsg(0xffffffffffffffff, &(0x7f0000005c40)=[{{0x0, 0x0, &(0x7f0000002880)=[{&(0x7f0000000440)="4b817ec69726bbf402343f8812035e72d85c7ebb54c7d36184592d6371955d17dbc620a121fd94ca2942b1828b4fbd07c265b128a50f87890bb39d4669c93868a54c32ccaa8f5dfb4c338bcc69280af9e67c7f35b28fc464d9b29482d11041b224dc28c4457663003b3e2fbaa82974dbb443c387d2fe0efcb24ac27ab9c2fbb6b131bf008b9f555099e5d32267b7cfd9ca94e4415c2a1dd0b2593eaf0bca37189ace6436c1e7d087660bd128cd07382bc4bbebae10a97cf63b915f810e3e2658f7d7256d81a1cb94a020a9d519096f2068c300cca6d804555c643267a7c9a27a1d49bb463b176700e2c32c13400b86dc9f91b6811d03fd621fe61791ae8ca1d9bcd31ce1e014c7714b5ec6aa507a08e1e2cac3d61be8d5018daae401563fb391f1809a50c06cd2bbefe45fd253282499b752fbdc4228c8509d7ae5e764c7e21e404ba71c48aeb68fcb7fcd5b052b2a765e36383ac01c530d9ccdc00dcea60219be3b5b67ec9890966fe751f017d2d49bd376bc8f2ede9633c4de8c289e4934e6f4f709c78e73c824fdbc7c50b352e4a6ed048f37a320c71f788dcf422185e5d25eee40a8346239ab25bc364969ac96f04d32a405b7db6957400e49f9937ebfc0309a00630df1f573ece697ca0f5135d7c6846fad268b815a6e550df780989dcb9e9fad92681cf175088b0c3b0f0ce987a3c48ef7a74b4065078901d4b9490f8068acb314aeb825cccbc92ce3bfb14f9d0bdfa03f493cad50831e597c21da60ef3e8b5e98738c29a8e925a4101e9f62d0c68495f6a45071ea74e8de1cb74131503140397f434a9aa9ac4095f5e491445d68cf044b9d6fb9a50af68832bb9dc675f7ddfcd0607b115642db55d2102d18da763df6b02ebffa14ef9d4bc28674e9af61f317de8cc3a8bf76766018785b50f64ba620aed716fcd4d79a03e619ebba89f31fd039c7011c13520359386b2c7ecc4fde24f337f8c7135dba3f0859aa5fbbcd75f6ea7b1adba49570c8f122085a7304f321d2621beea7beaf60508c0a08e7088584fb4c7bdb1b40417874af5072675f82e00abc86eda4ce463b17064624845607fb50df77d3a670d9b1cfdbf274d43b535bc4bd2aae615e2b4b3a22e5094675304d22e114d14e712df4738590fbc9b33f58057077e2860d1c8c4cdac11a801981cad00e0b5153ada0fb1e273d1ed1e2e7c1568240acba90c3d24482856a003084b0e46064e10403d1a1d9acc37ea840bab318b8367d9e0026dcac12c4bf0a5a108eb71c017ae9f94e6f9eebab0da1025ccf5906551346395b5dc4df5a799041f3c2695c8da5c853a5f60811446119c02b5a90561a0fb9e1121128df6d453d07ab45108cc88f36faafaa56da2d4532318a0525c9114ea0822299663b56ee4e6b0dbbb0462a3feb643a0013a270b1f5eb98bd281b139a53a80f849af99423d156a02a156df63112600590a4c49d3772b7fb0cb32b48cf14b5bad2444d9ab2a56e3bb768b5b39e9b47f5f55a8c58bdcfcae5dd73ad626f3fa47e24750c225b9a6861d1c02162edeb1119589c58c449bd45a879721c4e7058dcaf75b56837bd867e95fc700fa80d7884bda691f5d12375e0d1c3fa210db564235c4ec3b40db3bd349e5326a4e2df66c3a537fb4c7595868ef00632078deceed2d76b26df1cfc3ee23bdc13a3a1ffbf86cf51425524b7e260453e5fd81532b0bfdcd8b1a5d8b959f7bdfcba0c6771519437e52255f748bb7bfd5b74cf86dc7ed3457131cac4dda726486892e872d1c416e33a11c18b4d3af58bbc92c642ff178668211aff5df9a515bbd184293827ed570248efc6776073af7a93620e34098fcc9f0de94f245805e7ade588cd07ec64847dabf54da70eb698900e1984a45b5d4ba8468265953fc5554fe029ef887eaf811df3d3c57e8abb1d496b8e460e06bc314c305fe37d49a0c541f858eaeff5e1318d7e50a7dd0cf9dad959b99bbd096ba3cff8c976fe1799a62ef3a40ff25c2791", 0x589}], 0x1}}], 0x1, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x9}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000480)=[{{&(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback, 0x80020}, 0x1c, &(0x7f0000000300)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000009c0)=ANY=[], 0x1000f)

1.226362851s ago: executing program 3 (id=2158):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="02000000040000000814000001"], 0x50)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000540)={0x0, 0x1, 0x9, 0x0, 0x6})
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1e00000000"], 0x50)
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, 0x0, &(0x7f0000000180)}, 0x4f)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, 0x0}, 0x20)

1.166062744s ago: executing program 7 (id=2151):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89fe, &(0x7f0000000340)={'bridge0\x00', &(0x7f0000000000)=@ethtool_coalesce={0xf, 0x0, 0x200, 0x2, 0x7, 0x9, 0x3, 0x47e, 0x9, 0x2, 0xca1, 0x8, 0x1, 0x6, 0xff, 0x9, 0x3, 0x7, 0x7, 0xb, 0x64, 0x1000, 0xc}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x100, 0x3, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}}}, 0x24}}, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='-', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

1.070565807s ago: executing program 0 (id=2152):
setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b1a, &(0x7f0000000000)={'wlan1\x00'})
ioctl$SIOCSIFHWADDR(r0, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="01000000008d"})

1.070280137s ago: executing program 3 (id=2153):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = syz_open_dev$media(&(0x7f0000000100), 0x1, 0x40580)
close(0x3)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, 0x0)
r1 = syz_io_uring_setup(0xf00, &(0x7f0000000400)={0x0, 0x595f, 0x10000, 0x0, 0x51}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_io_uring_submit(r2, r3, r4, &(0x7f0000000280)=@IORING_OP_READV=@use_registered_buffer={0x1, 0xc, 0x4004, @fd_index=0x3, 0x5, 0x0, 0x0, 0x10})
io_uring_enter(r1, 0x2000, 0xfffffffd, 0x9, 0x0, 0x0)

1.030777268s ago: executing program 7 (id=2154):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
bind$can_raw(r0, &(0x7f00000001c0)={0x1d, r1}, 0x10)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000040)=0x1, 0x4)
ioctl$SIOCGSTAMP(r0, 0x8906, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000340)=""/76, 0x4c}], 0x1)
sendmsg$can_raw(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@can={{0x2, 0x0, 0x1, 0x1}, 0x8}, 0x10}}, 0xd209f6d81482fb57)

943.29121ms ago: executing program 3 (id=2155):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x41100, 0x50, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x13141, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000440), 0x10, 0xfffffffd}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000440)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x0, 0xc9}}}, 0x7)
close(r0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r0, 0x4010744d, &(0x7f0000000180))

936.884021ms ago: executing program 0 (id=2156):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = syz_open_procfs(r0, &(0x7f0000000040)='statm\x00')
syz_usb_disconnect(0xffffffffffffffff)
readv(r2, &(0x7f0000000800)=[{&(0x7f00000001c0)=""/238, 0xee}], 0x1)

870.264743ms ago: executing program 7 (id=2157):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x11, r1, 0x49450000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xbf0fe000)
close(0x4)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)

801.620925ms ago: executing program 3 (id=2159):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xd}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x1, 0x2, 0x3, 0xfffffff9, 0x9, 0x101, 0x2, 0xffff}}}}]}, 0x58}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001540)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2d, 0x4, {0x0, 0x0, 0x0, r1, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_fw={{0x7}, {0x18, 0x2, [@TCA_FW_INDEV={0x14}]}}]}, 0x44}}, 0x4000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

732.478777ms ago: executing program 3 (id=2160):
r0 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x24008818, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
fcntl$setstatus(r0, 0x4, 0x2400)
splice(r0, 0x0, r1, 0x0, 0x7ffff000, 0x0)
shutdown(r0, 0x1)

566.073992ms ago: executing program 3 (id=2161):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x81}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000340)={0x0, 0x0, 0x1000, 0x40002, 0x1e5}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_ublk_add_dev(0xffffffffffffffff, r1, r2, r3, &(0x7f0000000180)={0x2e, 0x0, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, <r4=>0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f00000000c0)=@new_dev={0x3, 0xf14, 0x0, 0x0, 0x1000, 0xffffffff, 0x0, 0x0, 0x124}}}, &(0x7f0000000280)=<r5=>0x0)
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="37031c00", 0x4, 0x4000800, 0x0, 0x47)
syz_ublk_setup_queues(r0, r5, &(0x7f0000000200)={0x0, 0x1463, 0x80, 0x2, 0xb2}, &(0x7f0000000d40)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0x4485, 0x10002, 0x401, 0x31c, 0x0, r0}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x7682, 0x4000, 0x1, 0x2000008, 0x0, r0}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x1, 0x10, 0x1, 0x902c4, 0x0, r0}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x3a0b, 0x20, 0x2, 0x40021a, 0x0, r0}}], 0x4, &(0x7f0000001540)={0x2e, 0x6, 0x0, 0xffffffffffffffff, 0xc0107520, 0x0, 0x0, 0x0, 0x72ccfb459c83c565, {0x6}, 0x0, r4, '\x00', {0x3, 0x48b, 0x0, 0x0}}, 0x0)
syz_clone(0x1064400, 0x0, 0x0, 0x0, 0x0, 0x0)

205.583254ms ago: executing program 7 (id=2162):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xffe0, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x11}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24008040}, 0x24000000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

205.277474ms ago: executing program 2 (id=2163):
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0208000004"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0xfffffffd}, {0x2, 0x0, 0xffffeffc, 0x8}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x10, &(0x7f0000000000)=r3, 0xc)

31.28703ms ago: executing program 0 (id=2164):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@assoc={0x18, 0x117, 0x4, 0xe0}], 0x18}, 0x44)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001680)=ANY=[], 0x12f4}, 0x1, 0x0, 0x0, 0x20008885}, 0x0)
recvmsg$can_raw(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000002c0)=""/194, 0xe0}, {&(0x7f00000003c0)=""/110, 0x6e}, {&(0x7f0000000040)=""/35, 0x23}], 0x3}, 0x40002140)

0s ago: executing program 2 (id=2165):
setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b1a, &(0x7f0000000000)={'wlan1\x00'})
ioctl$SIOCSIFHWADDR(r0, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="01000000008d"})

kernel console output (not intermixed with test programs):

got 45)
[   89.573015][ T2176] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   89.583000][ T2176] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   89.601341][ T2176] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   89.613374][ T2176] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   89.630690][ T2176] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   89.642691][ T2176] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   89.897379][ T2176] usb 1-1: usb_control_msg returned -32
[   89.903474][ T2176] usbtmc 1-1:16.0: can't read capabilities
[   90.261479][ T6279] usbtmc 1-1:16.0: usb_control_msg returned -71
[   90.263783][ T1199] usb 1-1: USB disconnect, device number 3
[   90.283137][ T6295] usbtmc 1-1:16.0: send_request_dev_dep_msg_in returned -19
[   91.539801][ T6316] batadv0: entered promiscuous mode
[   91.565883][ T6316] dummy0: entered promiscuous mode
[   91.602286][ T6316] hsr1: entered promiscuous mode
[   91.616394][ T6317] loop2: detected capacity change from 0 to 2048
[   91.631246][ T6316] hsr1: entered allmulticast mode
[   91.645427][ T6316] batadv0: entered allmulticast mode
[   91.672497][ T6316] dummy0: entered allmulticast mode
[   91.725515][ T6317] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   92.461363][   T27] kauditd_printk_skb: 1354 callbacks suppressed
[   92.461378][   T27] audit: type=1326 audit(1780667869.772:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6333 comm="syz.2.174" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef879ce59 code=0x7fc00000
[   93.024035][   T27] audit: type=1326 audit(1780667870.332:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6333 comm="syz.2.174" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0ef873e1d9 code=0x7fc00000
[   93.182217][ T6351] bridge0: port 3(vlan2) entered blocking state
[   93.197584][ T6351] bridge0: port 3(vlan2) entered disabled state
[   93.204366][ T6351] vlan2: entered allmulticast mode
[   93.210295][ T6351] geneve0: entered allmulticast mode
[   93.233599][ T6351] vlan2: entered promiscuous mode
[   93.243989][ T6351] geneve0: entered promiscuous mode
[   94.223424][ T6384] netlink: 8 bytes leftover after parsing attributes in process `syz.3.189'.
[   94.258629][ T6384] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.266996][ T6384] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.123399][ T6395] netlink: 'syz.1.193': attribute type 11 has an invalid length.
[   95.131610][ T6395] netlink: 12 bytes leftover after parsing attributes in process `syz.1.193'.
[   95.475994][ T6405] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   96.101217][ T6429] loop3: detected capacity change from 0 to 128
[   96.155994][   T27] audit: type=1800 audit(1780667873.462:1370): pid=6429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.208" name="bus" dev="loop3" ino=1048592 res=0 errno=0
[   96.233181][ T5774] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF
[   96.243702][ T5774] FAT-fs (loop3): Filesystem has been set read-only
[   96.539521][   T27] audit: type=1800 audit(1780667873.852:1371): pid=6440 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.213" name="bus" dev="overlay" ino=275 res=0 errno=0
[   96.622649][ T6434] loop3: detected capacity change from 0 to 32768
[   96.667951][ T6434]  loop3: p1 p3 < >
[   96.889922][ T6448] xt_hashlimit: size too large, truncated to 1048576
[   96.949990][ T5762] udevd[5762]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[   96.959861][ T5764] udevd[5764]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[   97.085632][ T6377] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   97.725721][ T6465] netlink: 7 bytes leftover after parsing attributes in process `syz.1.224'.
[   98.761632][ T6492] netlink: 8 bytes leftover after parsing attributes in process `syz.0.230'.
[   98.795682][ T6492] netlink: 4 bytes leftover after parsing attributes in process `syz.0.230'.
[   98.883591][ T6492] netlink: 8 bytes leftover after parsing attributes in process `syz.0.230'.
[   98.902986][ T6492] netlink: 4 bytes leftover after parsing attributes in process `syz.0.230'.
[  101.265198][    C1] sched: RT throttling activated
[  101.340468][ T6538] loop0: detected capacity change from 0 to 131072
[  101.370122][ T6538] F2FS-fs (loop0): invalid crc value
[  101.398909][ T6538] F2FS-fs (loop0): Found nat_bits in checkpoint
[  101.455392][ T6538] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  101.548764][   T27] audit: type=1800 audit(1780667878.862:1372): pid=6538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.248" name="file1" dev="loop0" ino=7 res=0 errno=0
[  102.006105][ T6568] loop3: detected capacity change from 0 to 1024
[  102.062702][ T6568] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  102.154356][ T6568] ext4 filesystem being mounted at /76/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  102.295491][ T6568] EXT4-fs error (device loop3): ext4_map_blocks:720: inode #15: block 3: comm syz.3.260: lblock 3 mapped to illegal pblock 3 (length 3)
[  102.383924][ T6568] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  102.405726][ T6568] EXT4-fs (loop3): This should not happen!! Data will be lost
[  102.405726][ T6568] 
[  102.456209][ T6577] EXT4-fs error (device loop3): ext4_map_blocks:610: inode #15: block 3: comm syz.3.260: lblock 3 mapped to illegal pblock 3 (length 1)
[  102.500298][ T6577] EXT4-fs error (device loop3): ext4_map_blocks:610: inode #15: block 3: comm syz.3.260: lblock 3 mapped to illegal pblock 3 (length 1)
[  102.706187][ T6260] EXT4-fs error (device loop3): ext4_map_blocks:720: inode #15: block 8: comm kworker/u4:15: lblock 8 mapped to illegal pblock 8 (length 8)
[  102.790079][ T6260] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  102.819089][ T6260] EXT4-fs (loop3): This should not happen!! Data will be lost
[  102.819089][ T6260] 
[  102.847287][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  103.159679][ T6586] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  103.862375][   T27] audit: type=1326 audit(1780667881.172:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6614 comm="syz.3.278" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43ecb9ce59 code=0x7ffc0000
[  103.924335][   T27] audit: type=1326 audit(1780667881.172:1374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6614 comm="syz.3.278" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43ecb9ce59 code=0x7ffc0000
[  103.985256][   T27] audit: type=1326 audit(1780667881.182:1375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6614 comm="syz.3.278" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f43ecb9ce59 code=0x7ffc0000
[  104.031425][   T27] audit: type=1326 audit(1780667881.182:1376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6614 comm="syz.3.278" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43ecb9ce59 code=0x7ffc0000
[  104.068600][   T27] audit: type=1326 audit(1780667881.182:1377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6614 comm="syz.3.278" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43ecb9ce59 code=0x7ffc0000
[  104.093144][   T27] audit: type=1326 audit(1780667881.182:1378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6614 comm="syz.3.278" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f43ecb9ce59 code=0x7ffc0000
[  104.138113][   T27] audit: type=1326 audit(1780667881.182:1379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6614 comm="syz.3.278" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43ecb9ce59 code=0x7ffc0000
[  104.185658][   T27] audit: type=1326 audit(1780667881.182:1380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6614 comm="syz.3.278" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f43ecb9ce59 code=0x7ffc0000
[  104.201480][ T6625] Bluetooth: MGMT ver 1.22
[  104.226164][   T27] audit: type=1326 audit(1780667881.182:1381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6614 comm="syz.3.278" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43ecb9ce59 code=0x7ffc0000
[  104.573979][ T5838] IPVS: starting estimator thread 0...
[  104.677776][ T6632] IPVS: using max 18 ests per chain, 43200 per kthread
[  105.143392][ T6656] netlink: 20 bytes leftover after parsing attributes in process `syz.3.294'.
[  105.161491][ T6656] netlink: 20 bytes leftover after parsing attributes in process `syz.3.294'.
[  105.346398][ T6659] loop3: detected capacity change from 0 to 2048
[  105.371563][ T6659] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.662188][ T6260] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  105.685101][ T6260] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 232 with error 28
[  105.701718][ T6260] EXT4-fs (loop3): This should not happen!! Data will be lost
[  105.701718][ T6260] 
[  105.722949][ T6260] EXT4-fs (loop3): Total free blocks count 0
[  105.730135][ T6260] EXT4-fs (loop3): Free/Dirty block details
[  105.736219][ T6260] EXT4-fs (loop3): free_blocks=2415919504
[  105.742232][ T6260] EXT4-fs (loop3): dirty_blocks=240
[  105.747570][ T6260] EXT4-fs (loop3): Block reservation details
[  105.753727][ T6260] EXT4-fs (loop3): i_reserved_data_blocks=15
[  105.787230][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.021140][ T6678] loop1: detected capacity change from 0 to 1024
[  106.793686][ T6678] hfsplus: xattr searching failed
[  106.972453][ T6262] hfsplus: bad catalog file entry
[  106.993145][ T6262] hfsplus: b-tree write err: -5, ino 3
[  107.268092][ T6695] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82
[  107.370361][ T6680] loop3: detected capacity change from 0 to 40427
[  107.380431][ T6680] F2FS-fs (loop3): Small segment_count (9 < 1 * 24)
[  107.400202][ T6680] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  107.424069][ T6680] F2FS-fs (loop3): invalid crc value
[  107.442810][ T6699] loop1: detected capacity change from 0 to 2048
[  107.488073][ T6680] F2FS-fs (loop3): Found nat_bits in checkpoint
[  107.496072][ T6699] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found!
[  107.543905][ T6705] netlink: 12 bytes leftover after parsing attributes in process `syz.2.314'.
[  107.566044][ T6699] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  107.594446][ T6705] netlink: 16 bytes leftover after parsing attributes in process `syz.2.314'.
[  107.673832][ T6680] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  107.696955][ T6680] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  107.977630][ T6714] loop0: detected capacity change from 0 to 16
[  108.016460][ T6714] erofs: (device loop0): mounted with root inode @ nid 36.
[  108.189813][ T6721] netlink: 'syz.0.320': attribute type 1 has an invalid length.
[  108.367631][ T6723] gretap1: entered allmulticast mode
[  108.468343][ T6723] bond1: (slave gretap1): making interface the new active one
[  108.523191][ T6723] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  109.044975][ T6737] loop0: detected capacity change from 0 to 1024
[  109.100974][ T6737] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802c028, mo2=0002]
[  109.125319][ T6737] System zones: 0-1, 3-8
[  109.141000][ T6737] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  109.155802][ T6737] ext4 filesystem being mounted at /69/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  109.196196][ T5774] syz-executor: attempt to access beyond end of device
[  109.196196][ T5774] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  109.253978][ T5774] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  109.273553][   T27] kauditd_printk_skb: 8 callbacks suppressed
[  109.273566][   T27] audit: type=1800 audit(1780667886.582:1390): pid=6737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.326" name="file1" dev="loop0" ino=15 res=0 errno=0
[  109.308243][ T6737] EXT4-fs error (device loop0): ext4_map_blocks:720: inode #15: comm syz.0.326: lblock 0 mapped to illegal pblock 0 (length 1)
[  109.331039][ T6737] EXT4-fs (loop0): Remounting filesystem read-only
[  109.375641][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  109.908147][ T6757] tipc: Started in network mode
[  109.913215][ T6757] tipc: Node identity 4, cluster identity 4711
[  109.945605][ T6757] tipc: Node number set to 4
[  110.386174][ T6772] netlink: 28 bytes leftover after parsing attributes in process `syz.0.342'.
[  111.180375][   T42] IPVS: starting estimator thread 0...
[  111.285658][ T6809] IPVS: using max 21 ests per chain, 50400 per kthread
[  111.595303][    T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  111.668566][ T1199] IPVS: starting estimator thread 0...
[  111.755322][ T6828] IPVS: using max 21 ests per chain, 50400 per kthread
[  111.795302][    T9] usb 4-1: Using ep0 maxpacket: 8
[  111.807333][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  111.851079][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  111.873368][    T9] usb 4-1: config 1 has no interface number 0
[  111.883465][    T9] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  111.899125][    T9] usb 4-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40
[  111.915242][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.933484][    T9] usb 4-1: Product: syz
[  111.943600][    T9] usb 4-1: Manufacturer: syz
[  111.951465][    T9] usb 4-1: SerialNumber: syz
[  112.562606][ T6861] loop1: detected capacity change from 0 to 512
[  112.596212][ T6861] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.624662][ T6861] xt_hashlimit: size too large, truncated to 1048576
[  112.681845][ T6863] netlink: 28 bytes leftover after parsing attributes in process `syz.2.376'.
[  112.867011][ T1199] usb 4-1: USB disconnect, device number 2
[  113.956863][ T6899] all: renamed from bridge_slave_1 (while UP)
[  114.760063][ T6907] netlink: 5 bytes leftover after parsing attributes in process `syz.0.392'.
[  114.778219][ T6907] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  115.294220][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.474929][ T6927] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  116.575424][ T6974] loop0: detected capacity change from 0 to 512
[  116.594594][ T6974] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 0
[  116.949822][ T6987] netlink: 12 bytes leftover after parsing attributes in process `syz.3.426'.
[  116.970709][ T6987] netlink: 12 bytes leftover after parsing attributes in process `syz.3.426'.
[  118.277637][ T6999] loop3: detected capacity change from 0 to 40427
[  118.345842][ T6999] F2FS-fs (loop3): invalid crc value
[  118.354214][ T6999] F2FS-fs (loop3): Found nat_bits in checkpoint
[  118.454569][ T6999] F2FS-fs (loop3): Start checkpoint disabled!
[  118.511087][ T6999] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  118.762961][ T7029] loop1: detected capacity change from 0 to 1024
[  118.933582][ T6262] kworker/u4:16: attempt to access beyond end of device
[  118.933582][ T6262] loop3: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  118.982207][ T6262] kworker/u4:16: attempt to access beyond end of device
[  118.982207][ T6262] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  119.028766][ T6262] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  119.040534][ T6262] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  119.052185][ T6262] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  119.079234][ T2970] hfsplus: b-tree write err: -5, ino 25
[  119.085002][ T2970] hfsplus: b-tree write err: -5, ino 4
[  119.091220][ T2970] hfsplus: b-tree write err: -5, ino 2
[  119.406437][ T7034] loop1: detected capacity change from 0 to 8192
[  119.466297][ T7034] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  119.535352][ T7034] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  119.544778][ T7034] REISERFS (device loop1): using ordered data mode
[  119.551488][ T7034] reiserfs: using flush barriers
[  119.565085][ T7034] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  119.582667][ T7034] REISERFS (device loop1): checking transaction log (loop1)
[  119.619184][ T7034] REISERFS (device loop1): Using r5 hash to sort names
[  119.645766][ T7034] REISERFS (device loop1): using 3.5.x disk format
[  119.674134][ T7034] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  120.502063][ T7074] netlink: 132 bytes leftover after parsing attributes in process `syz.0.459'.
[  120.772282][ T7088] block nbd0: shutting down sockets
[  121.014291][ T6262] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.171465][ T6262] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.336136][ T6262] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.460033][ T6262] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.960395][ T7100] relay: one or more items not logged [item size (56) > sub-buffer size (14)]
[  122.213357][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  122.225426][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  122.237804][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  122.250595][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  122.261569][   T52] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  122.272562][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  122.378116][ T7113] netlink: 'syz.2.475': attribute type 1 has an invalid length.
[  122.467779][ T7113] 8021q: adding VLAN 0 to HW filter on device bond1
[  122.564853][ T7116] bond1: (slave syz_tun): Enslaving as a backup interface with an up link
[  123.710816][ T7146] netlink: 'syz.2.481': attribute type 10 has an invalid length.
[  123.754665][ T7146] 8021q: adding VLAN 0 to HW filter on device team0
[  123.775920][ T7146] bond0: (slave team0): Enslaving as an active interface with an up link
[  124.155004][ T6262] hsr_slave_0: left promiscuous mode
[  124.192226][ T6262] hsr_slave_1: left promiscuous mode
[  124.209558][ T6262] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  124.219732][ T6262] batman_adv: batadv0: Removing interface: batadv_slave_0
[  124.245702][ T6262] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  124.266551][ T6262] batman_adv: batadv0: Removing interface: batadv_slave_1
[  124.301001][ T6262] bridge_slave_1: left allmulticast mode
[  124.317626][ T6262] bridge_slave_1: left promiscuous mode
[  124.328626][ T5088] Bluetooth: hci0: command tx timeout
[  124.351331][ T6262] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.485592][ T6262] bridge_slave_0: left allmulticast mode
[  124.496822][ T6262] bridge_slave_0: left promiscuous mode
[  124.502601][ T6262] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.557792][ T6262] veth1_macvtap: left promiscuous mode
[  124.567409][ T6262] veth0_macvtap: left promiscuous mode
[  124.582346][ T6262] veth1_vlan: left promiscuous mode
[  124.595898][ T6262] veth0_vlan: left promiscuous mode
[  124.986202][ T6262] pim6reg (unregistering): left allmulticast mode
[  125.262060][ T7180] vcan0: tx drop: invalid da for name 0x0000000000000001
[  125.411127][ T7184] tipc: Failed to remove unknown binding: 66,1,1/4:4033705228/4033705230
[  125.451254][ T7184] tipc: Failed to remove unknown binding: 66,1,1/4:4033705228/4033705230
[  125.570838][ T7189] loop0: detected capacity change from 0 to 64
[  125.882640][ T6262] team0 (unregistering): Port device team_slave_1 removed
[  125.951466][ T6262] team0 (unregistering): Port device team_slave_0 removed
[  126.002946][ T6262] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  126.070055][ T6262] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  126.398151][ T6262] bond0 (unregistering): Released all slaves
[  126.407001][ T5088] Bluetooth: hci0: command tx timeout
[  126.519471][ T7186] netlink: 4 bytes leftover after parsing attributes in process `syz.3.493'.
[  126.552593][ T7186] erspan0: entered promiscuous mode
[  126.560733][ T7186] macvtap1: entered promiscuous mode
[  126.570834][ T7186] macvtap1: entered allmulticast mode
[  126.578614][ T7186] erspan0: entered allmulticast mode
[  126.584993][ T7187] netlink: 4 bytes leftover after parsing attributes in process `syz.3.493'.
[  126.594756][ T7187] erspan0: left allmulticast mode
[  126.600225][ T7187] erspan0: left promiscuous mode
[  126.605665][ T7187] macvtap1: left promiscuous mode
[  126.611347][ T7187] macvtap1: left allmulticast mode
[  126.656192][ T7108] chnl_net:caif_netlink_parms(): no params data found
[  126.826412][ T7206] netlink: 16 bytes leftover after parsing attributes in process `syz.3.500'.
[  126.853321][ T7206] bridge_slave_0: left allmulticast mode
[  126.876353][ T7206] bridge_slave_0: left promiscuous mode
[  126.882185][ T7206] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.107205][ T7108] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.115931][ T7108] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.123132][ T7108] bridge_slave_0: entered allmulticast mode
[  127.166368][ T7108] bridge_slave_0: entered promiscuous mode
[  127.182306][ T7108] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.202027][ T7108] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.223025][ T7108] bridge_slave_1: entered allmulticast mode
[  127.240956][ T7108] bridge_slave_1: entered promiscuous mode
[  127.259203][ T7223] netlink: 48 bytes leftover after parsing attributes in process `syz.3.503'.
[  127.409292][ T7108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  127.462548][ T7108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  127.494771][ T6262] IPVS: stop unused estimator thread 0...
[  127.575817][ T7108] team0: Port device team_slave_0 added
[  127.591799][ T7108] team0: Port device team_slave_1 added
[  127.667412][ T7108] batman_adv: batadv0: Adding interface: batadv_slave_0
[  127.674527][ T7108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  127.700905][ T7108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  127.719722][ T7108] batman_adv: batadv0: Adding interface: batadv_slave_1
[  127.729907][ T7108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  127.780662][ T7108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  127.859912][ T7108] hsr_slave_0: entered promiscuous mode
[  127.867248][ T7108] hsr_slave_1: entered promiscuous mode
[  127.874092][ T7108] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  127.883922][ T7108] Cannot create hsr debugfs directory
[  128.092690][ T7108] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  128.110339][ T7108] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  128.122846][ T7108] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  128.146992][ T7108] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  128.253166][ T7108] 8021q: adding VLAN 0 to HW filter on device bond0
[  128.297793][ T7108] 8021q: adding VLAN 0 to HW filter on device team0
[  128.330025][ T6252] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.337335][ T6252] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.381169][ T6262] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.388400][ T6262] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.491262][ T5088] Bluetooth: hci0: command tx timeout
[  128.683888][ T7273] netlink: 4 bytes leftover after parsing attributes in process `syz.0.512'.
[  128.867268][ T7273] netlink: 4 bytes leftover after parsing attributes in process `syz.0.512'.
[  128.969966][ T7108] 8021q: adding VLAN 0 to HW filter on device batadv0
[  129.153810][ T7286] netlink: 'syz.3.515': attribute type 4 has an invalid length.
[  129.734331][ T7108] veth0_vlan: entered promiscuous mode
[  129.763242][ T7108] veth1_vlan: entered promiscuous mode
[  129.840580][ T7322] loop3: detected capacity change from 0 to 1024
[  129.866489][ T7322] EXT4-fs: Ignoring removed orlov option
[  129.923757][ T7322] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  129.953151][ T7108] veth0_macvtap: entered promiscuous mode
[  129.993943][ T7108] veth1_macvtap: entered promiscuous mode
[  130.077132][ T7108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  130.096019][ T7108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.120424][ T7108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  130.134733][ T7108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.148892][ T7331] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  130.165138][ T7108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  130.198640][ T7108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.231916][ T7108] batman_adv: batadv0: Interface activated: batadv_slave_0
[  130.247270][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.269041][ T7108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  130.280135][ T7108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.290714][ T7108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  130.314318][ T7108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.355995][ T7108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  130.379970][ T7108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.401803][ T7108] batman_adv: batadv0: Interface activated: batadv_slave_1
[  130.462295][ T7108] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  130.485948][ T7108] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  130.496969][ T7108] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  130.515656][ T7108] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  130.576720][ T5088] Bluetooth: hci0: command tx timeout
[  130.638526][ T2970] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.675699][ T2970] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.732450][ T7338] netlink: set zone limit has 8 unknown bytes
[  130.750163][ T2970] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.781194][ T2970] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.827377][ T7338] netlink: 209592 bytes leftover after parsing attributes in process `syz.2.528'.
[  131.224898][ T7355] netlink: 'syz.0.532': attribute type 10 has an invalid length.
[  131.304768][ T7355] team0: Port device dummy0 added
[  131.320998][ T7358] netlink: 'syz.0.532': attribute type 10 has an invalid length.
[  131.336824][ T7358] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  131.440002][ T7358] team0: Failed to send options change via netlink (err -105)
[  131.469218][ T7358] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  131.503200][ T7358] team0: Port device dummy0 removed
[  131.525132][ T7358] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  131.666112][ T7346] loop4: detected capacity change from 0 to 32768
[  131.732413][ T7346] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.468 (7346)
[  131.800690][ T7346] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  131.826066][ T7346] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  131.845472][ T7346] BTRFS info (device loop4): turning on sync discard
[  131.864510][ T7346] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  131.890007][ T7346] BTRFS info (device loop4): use zstd compression, level 3
[  131.903151][ T7346] BTRFS info (device loop4): turning on async discard
[  131.912237][ T7346] BTRFS warning (device loop4): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  131.951522][ T7346] BTRFS info (device loop4): trying to use backup root at mount time
[  131.967400][ T7346] BTRFS info (device loop4): enabling auto defrag
[  131.988304][ T7346] BTRFS info (device loop4): using free space tree
[  132.105124][ T6252] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  132.151881][ T7346] BTRFS error (device loop4): failed to load root extent
[  132.191859][ T7346] BTRFS warning (device loop4): try to load backup roots slot 1
[  132.226569][ T6252] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  132.283375][ T7346] BTRFS warning (device loop4): couldn't read tree root
[  132.305270][ T7346] BTRFS warning (device loop4): try to load backup roots slot 2
[  132.349573][ T6255] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  132.384843][ T7346] BTRFS warning (device loop4): couldn't read tree root
[  132.408852][ T7346] BTRFS warning (device loop4): try to load backup roots slot 3
[  132.525338][ T7346] BTRFS info (device loop4): enabling ssd optimizations
[  132.540769][ T7346] BTRFS info (device loop4): rebuilding free space tree
[  132.737736][ T7346] BTRFS info (device loop4): checking UUID tree
[  133.057083][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  133.063561][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  133.442686][ T7108] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  134.930754][ T7440] netlink: 'syz.4.543': attribute type 1 has an invalid length.
[  135.229287][ T7440] erspan1: entered allmulticast mode
[  136.100230][ T7461] netlink: 44 bytes leftover after parsing attributes in process `syz.2.557'.
[  138.007694][ T7501] netlink: 20 bytes leftover after parsing attributes in process `syz.0.567'.
[  138.022861][ T7501] netlink: 4 bytes leftover after parsing attributes in process `syz.0.567'.
[  138.275400][ T7512] trusted_key: syz.3.571 sent an empty control message without MSG_MORE.
[  138.798003][ T7536] loop3: detected capacity change from 0 to 512
[  138.907853][ T7536] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  138.924283][ T7536] ext4 filesystem being mounted at /146/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  139.039789][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  139.958688][ T7589] netlink: 16 bytes leftover after parsing attributes in process `syz.4.599'.
[  140.067453][ T7593] netlink: 'syz.2.603': attribute type 4 has an invalid length.
[  140.164373][ T7598] syz_tun: entered allmulticast mode
[  140.198555][ T7598] pim6reg: entered allmulticast mode
[  140.266576][ T7598] syz_tun (unregistering): left allmulticast mode
[  141.406365][ T7661] netlink: 'syz.0.623': attribute type 4 has an invalid length.
[  141.447129][ T7661] netlink: 'syz.0.623': attribute type 4 has an invalid length.
[  141.876779][ T7681] netlink: 4 bytes leftover after parsing attributes in process `syz.3.633'.
[  141.886443][ T7681] netlink: 4 bytes leftover after parsing attributes in process `syz.3.633'.
[  142.629397][ T7718] netlink: 7 bytes leftover after parsing attributes in process `syz.3.649'.
[  143.528678][   T27] audit: type=1326 audit(1780667920.832:1391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7721 comm="syz.2.650" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef879ce59 code=0x7fc00000
[  143.615302][   T27] audit: type=1326 audit(1780667920.832:1392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7721 comm="syz.2.650" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f0ef879ce59 code=0x7fc00000
[  143.671157][   T27] audit: type=1326 audit(1780667920.832:1393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7721 comm="syz.2.650" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef879ce59 code=0x7fc00000
[  143.793121][   T27] audit: type=1326 audit(1780667920.832:1394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7721 comm="syz.2.650" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef879ce59 code=0x7fc00000
[  143.919148][   T27] audit: type=1326 audit(1780667920.832:1395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7721 comm="syz.2.650" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef879ce59 code=0x7fc00000
[  143.947208][   T27] audit: type=1326 audit(1780667920.832:1396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7721 comm="syz.2.650" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef879ce59 code=0x7fc00000
[  144.014647][   T27] audit: type=1326 audit(1780667920.842:1397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7721 comm="syz.2.650" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef879ce59 code=0x7fc00000
[  144.053066][   T27] audit: type=1326 audit(1780667920.842:1398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7721 comm="syz.2.650" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef879ce59 code=0x7fc00000
[  144.080383][   T27] audit: type=1326 audit(1780667920.842:1399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7721 comm="syz.2.650" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef879ce59 code=0x7fc00000
[  144.109780][   T27] audit: type=1326 audit(1780667920.842:1400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7721 comm="syz.2.650" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef879ce59 code=0x7fc00000
[  145.721491][ T7815] netlink: 12 bytes leftover after parsing attributes in process `syz.4.680'.
[  145.803802][ T7815] netlink: 4 bytes leftover after parsing attributes in process `syz.4.680'.
[  146.614440][ T7834] loop3: detected capacity change from 0 to 512
[  146.653836][ T7835] overlayfs: failed to clone upperpath
[  146.735937][ T7834] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  146.779511][ T7834] ext4 filesystem being mounted at /178/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  146.926876][ T7834] EXT4-fs error (device loop3): ext4_get_first_dir_block:3584: inode #12: comm syz.3.688: Attempting to read directory block (0) that is past i_size (3)
[  147.110096][ T7834] EXT4-fs (loop3): Remounting filesystem read-only
[  147.282635][ T5774] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.372637][ T2946] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  147.385107][ T2946] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  147.613988][ T7852] netlink: 12 bytes leftover after parsing attributes in process `syz.4.694'.
[  147.715097][ T7852] 8021q: adding VLAN 0 to HW filter on device bond1
[  147.780614][ T7855] 8021q: adding VLAN 0 to HW filter on device bond2
[  147.823693][ T7855] bond1: (slave bond2): Enslaving as an active interface with an up link
[  147.912818][ T7857] netlink: 4 bytes leftover after parsing attributes in process `syz.4.694'.
[  149.341900][ T7857] bond1 (unregistering): (slave bond2): Releasing backup interface
[  149.480358][ T7857] bond1 (unregistering): Released all slaves
[  150.783373][ T7907] loop4: detected capacity change from 0 to 1024
[  150.984974][ T7913] overlayfs: failed to clone upperpath
[  151.063787][ T7907] hfsplus: xattr searching failed
[  151.516348][ T2970] hfsplus: bad catalog file entry
[  151.521473][ T2970] hfsplus: b-tree write err: -5, ino 3
[  151.953702][ T7934] netlink: 20 bytes leftover after parsing attributes in process `syz.4.719'.
[  152.027630][ T7936] netlink: 20 bytes leftover after parsing attributes in process `syz.4.719'.
[  153.308478][ T7967] netlink: 8 bytes leftover after parsing attributes in process `syz.2.738'.
[  153.445655][   T23] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  153.657224][   T23] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  153.692300][   T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.742651][   T23] usb 5-1: config 0 descriptor??
[  155.228477][   T23] usb 5-1: Cannot set autoneg
[  155.233347][   T23] MOSCHIP usb-ethernet driver: probe of 5-1:0.0 failed with error -71
[  155.342803][   T23] usb 5-1: USB disconnect, device number 2
[  156.078900][ T8024] overlayfs: failed to clone upperpath
[  157.100239][ T8043] netlink: 4 bytes leftover after parsing attributes in process `syz.2.754'.
[  157.948255][   T27] kauditd_printk_skb: 59 callbacks suppressed
[  157.948272][   T27] audit: type=1326 audit(1780667935.252:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8046 comm="syz.3.757" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43ecb9ce59 code=0x7fc00000
[  158.389080][   T27] audit: type=1326 audit(1780667935.702:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8046 comm="syz.3.757" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f43ecb3e1d9 code=0x7fc00000
[  158.535481][   T27] audit: type=1326 audit(1780667935.702:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8046 comm="syz.3.757" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f43ecb3e29d code=0x7fc00000
[  158.725051][   T27] audit: type=1326 audit(1780667935.702:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8046 comm="syz.3.757" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f43ecb9ce59 code=0x7fc00000
[  160.006127][ T8100] gretap1: entered promiscuous mode
[  160.411992][ T8069] netlink: 12 bytes leftover after parsing attributes in process `syz.4.762'.
[  162.273584][ T8139] mmap: syz.4.782 (8139) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  162.996018][ T8157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.787'.
[  163.978662][ T8178] overlayfs: failed to clone upperpath
[  164.379699][ T8182] loop4: detected capacity change from 0 to 4096
[  164.446491][ T8182] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[  164.683729][ T8182] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  164.861706][ T8190] netlink: 'syz.0.799': attribute type 4 has an invalid length.
[  164.907979][ T8196] netlink: 4 bytes leftover after parsing attributes in process `syz.4.796'.
[  165.749430][ T8239] overlayfs: failed to clone upperpath
[  165.929973][ T8249] overlayfs: failed to clone upperpath
[  166.360053][ T8272] netlink: 'syz.4.822': attribute type 12 has an invalid length.
[  166.386184][ T8272] netlink: 'syz.4.822': attribute type 29 has an invalid length.
[  166.404482][ T8272] netlink: 148 bytes leftover after parsing attributes in process `syz.4.822'.
[  166.425333][ T8272] netlink: 'syz.4.822': attribute type 1 has an invalid length.
[  166.440889][ T8272] netlink: 'syz.4.822': attribute type 2 has an invalid length.
[  166.450117][ T8272] netlink: 11 bytes leftover after parsing attributes in process `syz.4.822'.
[  166.464240][ T8276] netlink: 'syz.4.822': attribute type 12 has an invalid length.
[  166.479343][ T8276] netlink: 'syz.4.822': attribute type 29 has an invalid length.
[  166.488716][ T8276] netlink: 148 bytes leftover after parsing attributes in process `syz.4.822'.
[  166.510533][ T8276] netlink: 'syz.4.822': attribute type 1 has an invalid length.
[  166.522318][ T8276] netlink: 'syz.4.822': attribute type 2 has an invalid length.
[  166.531366][ T8276] netlink: 11 bytes leftover after parsing attributes in process `syz.4.822'.
[  166.764869][ T8290] loop4: detected capacity change from 0 to 256
[  166.778833][ T8290] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  166.791941][ T8290] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  166.804730][ T8290] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011e7e, chksum : 0x7f95ea71, utbl_chksum : 0xe619d30d)
[  166.845096][   T27] audit: type=1800 audit(1780667944.152:1460): pid=8290 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.827" name="file1" dev="loop4" ino=1048604 res=0 errno=0
[  166.980609][ T8294] syz.2.830 uses obsolete (PF_INET,SOCK_PACKET)
[  167.070987][ T8296] netlink: 'syz.3.831': attribute type 4 has an invalid length.
[  167.075576][ T5761] IPVS: starting estimator thread 0...
[  167.206123][ T8299] IPVS: using max 20 ests per chain, 48000 per kthread
[  167.245042][ T8306] batadv_slave_1: entered promiscuous mode
[  167.262379][ T8305] batadv_slave_1: left promiscuous mode
[  167.380287][ T8314] loop4: detected capacity change from 0 to 1024
[  167.389474][ T8314] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  167.428001][ T8314] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.532881][ T8314] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  167.594920][ T8314] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  167.650739][ T7108] EXT4-fs error (device loop4): ext4_iget_extra_inode:4739: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  167.677704][ T7108] EXT4-fs error (device loop4): ext4_iget_extra_inode:4739: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  167.835052][ T6255] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.923137][ T6255] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.040866][ T6255] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.124814][ T6255] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.502201][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  168.517134][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  168.526848][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  168.535147][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  168.569348][   T52] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  168.577914][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  170.382151][ T8341] chnl_net:caif_netlink_parms(): no params data found
[  170.676330][ T5088] Bluetooth: hci0: command tx timeout
[  170.752164][ T8341] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.759526][ T8341] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.767687][ T8341] bridge_slave_0: entered allmulticast mode
[  170.775105][ T8341] bridge_slave_0: entered promiscuous mode
[  170.784465][ T8341] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.791985][ T8341] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.885471][ T8341] bridge_slave_1: entered allmulticast mode
[  170.892765][ T8341] bridge_slave_1: entered promiscuous mode
[  171.144722][ T8341] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  171.214213][ T8341] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  171.381048][ T8341] team0: Port device team_slave_0 added
[  171.416043][ T8341] team0: Port device team_slave_1 added
[  171.526316][ T8341] batman_adv: batadv0: Adding interface: batadv_slave_0
[  171.553723][ T8341] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.640753][ T8341] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  171.691277][ T8341] batman_adv: batadv0: Adding interface: batadv_slave_1
[  171.712887][ T8341] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.791908][ T8341] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  172.098186][ T8341] hsr_slave_0: entered promiscuous mode
[  172.198650][ T8341] hsr_slave_1: entered promiscuous mode
[  172.265397][ T8341] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  172.288770][ T8341] Cannot create hsr debugfs directory
[  172.725481][ T5088] Bluetooth: hci0: command tx timeout
[  173.574509][ T8341] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  173.684942][ T8341] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  173.808145][ T8341] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  173.899743][ T8341] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  174.186464][ T8440] capability: warning: `syz.2.878' uses 32-bit capabilities (legacy support in use)
[  174.579212][ T8341] 8021q: adding VLAN 0 to HW filter on device bond0
[  174.806024][ T5088] Bluetooth: hci0: command tx timeout
[  174.930947][ T8341] 8021q: adding VLAN 0 to HW filter on device team0
[  174.987587][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.994767][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  175.051327][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.058559][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  176.652417][ T8341] 8021q: adding VLAN 0 to HW filter on device batadv0
[  176.887584][ T5088] Bluetooth: hci0: command tx timeout
[  177.143424][ T8501] fuse: Bad value for 'fd'
[  177.391223][ T8508] validate_nla: 1 callbacks suppressed
[  177.391238][ T8508] netlink: 'syz.2.896': attribute type 1 has an invalid length.
[  177.460742][ T8508] bond2: entered promiscuous mode
[  177.466412][ T8508] 8021q: adding VLAN 0 to HW filter on device bond2
[  177.655898][ T8516] 8021q: adding VLAN 0 to HW filter on device bond2
[  177.662994][ T8516] bond2: (slave vti0): The slave device specified does not support setting the MAC address
[  177.675522][ T8516] bond2: (slave vti0): Setting fail_over_mac to active for active-backup mode
[  177.688876][ T8516] bond2: (slave vti0): making interface the new active one
[  177.696311][ T8516] vti0: entered promiscuous mode
[  177.702448][ T8516] bond2: (slave vti0): Enslaving as an active interface with an up link
[  177.970410][ T8341] veth0_vlan: entered promiscuous mode
[  178.051050][ T8533] netlink: 28 bytes leftover after parsing attributes in process `syz.2.902'.
[  178.133594][ T6255] hsr_slave_0: left promiscuous mode
[  178.163248][ T6255] hsr_slave_1: left promiscuous mode
[  178.217547][ T6255] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  178.243363][ T6255] batman_adv: batadv0: Removing interface: batadv_slave_0
[  178.290068][ T6255] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  178.314314][ T6255] batman_adv: batadv0: Removing interface: batadv_slave_1
[  178.336113][ T6255] bridge_slave_1: left allmulticast mode
[  178.342181][ T6255] bridge_slave_1: left promiscuous mode
[  178.354579][ T6255] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.394293][ T6255] bridge_slave_0: left allmulticast mode
[  178.415135][ T6255] bridge_slave_0: left promiscuous mode
[  178.442070][ T6255] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.542153][ T6255] veth1_macvtap: left promiscuous mode
[  178.556162][ T6255] veth0_macvtap: left promiscuous mode
[  178.563239][ T6255] veth1_vlan: left promiscuous mode
[  178.589540][ T6255] veth0_vlan: left promiscuous mode
[  179.233827][ T6255] bond2 (unregistering): Released all slaves
[  179.261826][ T6255] pim6reg (unregistering): left allmulticast mode
[  179.856429][ T6255] team0 (unregistering): Port device team_slave_1 removed
[  179.902587][ T6255] team0 (unregistering): Port device team_slave_0 removed
[  179.944950][ T6255] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  179.991689][ T6255] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  180.309149][ T6255] bond0 (unregistering): Released all slaves
[  180.422596][ T8341] veth1_vlan: entered promiscuous mode
[  180.432860][ T8550] netlink: 4 bytes leftover after parsing attributes in process `syz.0.906'.
[  180.628663][ T8341] veth0_macvtap: entered promiscuous mode
[  180.666476][ T8341] veth1_macvtap: entered promiscuous mode
[  180.714741][ T8341] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  180.745481][ T8341] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.769429][ T8341] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  180.790422][ T8341] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.807688][ T8341] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  180.819028][ T8341] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.831094][ T8341] batman_adv: batadv0: Interface activated: batadv_slave_0
[  180.842223][ T8341] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  180.853611][ T8341] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.872242][ T8341] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  180.888179][ T8341] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.903097][ T8341] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  180.918844][ T8341] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.943620][ T8341] batman_adv: batadv0: Interface activated: batadv_slave_1
[  180.984826][ T8341] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  181.005443][ T8341] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  181.014176][ T8341] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  181.025545][ T8341] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  181.252025][ T2946] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  181.263289][ T6255] IPVS: stop unused estimator thread 0...
[  181.280831][ T2946] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  181.363022][ T2946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  181.383783][ T2946] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  182.174138][ T8623] bond0: entered promiscuous mode
[  182.204851][ T8623] bond_slave_0: entered promiscuous mode
[  182.233829][ T8623] bond_slave_1: entered promiscuous mode
[  182.280125][ T8623] team0: entered promiscuous mode
[  182.295419][ T8623] team_slave_0: entered promiscuous mode
[  182.310910][ T8623] team_slave_1: entered promiscuous mode
[  182.339258][ T8627] netlink: 'syz.3.923': attribute type 1 has an invalid length.
[  182.451274][ T8627] bond1: entered promiscuous mode
[  182.466586][ T8627] 8021q: adding VLAN 0 to HW filter on device bond1
[  182.632818][ T8633] 8021q: adding VLAN 0 to HW filter on device bond1
[  182.641776][ T8633] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  182.658575][ T8633] bond1: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  182.678717][ T8633] bond1: (slave ip6gre1): making interface the new active one
[  182.691566][ T8633] ip6gre1: entered promiscuous mode
[  182.699466][ T8633] bond1: (slave ip6gre1): Enslaving as an active interface with an up link
[  185.421963][ T8729] netlink: 24 bytes leftover after parsing attributes in process `syz.2.947'.
[  186.235445][ T8733] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.244312][ T8733] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.858429][ T8733] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  186.903037][ T8733] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  187.337498][ T8733] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  187.351547][ T8733] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  187.369501][ T8733] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  187.378659][ T8733] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  187.542578][ T8770] netlink: 4 bytes leftover after parsing attributes in process `syz.0.957'.
[  187.569532][ T8770] veth1_macvtap: left promiscuous mode
[  187.851985][ T8780] fuse: Bad value for 'fd'
[  188.134055][   T27] audit: type=1326 audit(1780667965.442:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.5.966" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd859ce59 code=0x7ffc0000
[  188.224714][   T27] audit: type=1326 audit(1780667965.442:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.5.966" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd859ce59 code=0x7ffc0000
[  188.314095][   T27] audit: type=1326 audit(1780667965.442:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.5.966" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3bd859ce59 code=0x7ffc0000
[  188.367579][   T27] audit: type=1326 audit(1780667965.442:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.5.966" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd859ce59 code=0x7ffc0000
[  188.441716][   T27] audit: type=1326 audit(1780667965.442:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.5.966" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd859ce59 code=0x7ffc0000
[  188.505936][   T27] audit: type=1326 audit(1780667965.442:1466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.5.966" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3bd855d68e code=0x7ffc0000
[  188.547325][   T27] audit: type=1326 audit(1780667965.442:1467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.5.966" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd859ce59 code=0x7ffc0000
[  188.615925][   T27] audit: type=1326 audit(1780667965.442:1468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.5.966" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd859ce59 code=0x7ffc0000
[  188.697235][   T27] audit: type=1326 audit(1780667965.442:1469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.5.966" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=91 compat=0 ip=0x7f3bd859ce59 code=0x7ffc0000
[  188.806134][   T27] audit: type=1326 audit(1780667965.442:1470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8790 comm="syz.5.966" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd859ce59 code=0x7ffc0000
[  189.387169][ T8827] vcan0: tx drop: invalid da for name 0x0000000000000001
[  190.090348][ T8846] loop5: detected capacity change from 0 to 1024
[  190.461557][ T8858] all: renamed from bridge_slave_1
[  191.370025][ T5779] Bluetooth: hci3: command 0x0406 tx timeout
[  191.370037][ T5784] Bluetooth: hci2: command 0x0406 tx timeout
[  191.956909][ T8915] pim6reg: entered allmulticast mode
[  192.890137][ T8951] 9pnet: p9_errstr2errno: server reported unknown error X��q�d�
[  194.412169][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  194.419262][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  194.598039][ T8900] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  194.699895][ T8962] netlink: 'syz.2.1019': attribute type 4 has an invalid length.
[  194.739749][ T8962] netlink: 'syz.2.1019': attribute type 4 has an invalid length.
[  198.952246][   T27] kauditd_printk_skb: 3 callbacks suppressed
[  198.952261][   T27] audit: type=1326 audit(1780667976.262:1474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9070 comm="syz.0.1056" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  199.107488][   T27] audit: type=1326 audit(1780667976.262:1475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9070 comm="syz.0.1056" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  199.227709][   T27] audit: type=1326 audit(1780667976.302:1476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9070 comm="syz.0.1056" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  199.391426][   T27] audit: type=1326 audit(1780667976.302:1477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9070 comm="syz.0.1056" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  199.539544][   T27] audit: type=1326 audit(1780667976.302:1478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9070 comm="syz.0.1056" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  199.685309][   T27] audit: type=1326 audit(1780667976.302:1479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9070 comm="syz.0.1056" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  199.892468][   T27] audit: type=1326 audit(1780667976.302:1480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9070 comm="syz.0.1056" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  200.020920][   T27] audit: type=1326 audit(1780667976.312:1481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9070 comm="syz.0.1056" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  200.135967][   T27] audit: type=1326 audit(1780667976.312:1482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9070 comm="syz.0.1056" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  200.255107][   T27] audit: type=1326 audit(1780667976.312:1483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9070 comm="syz.0.1056" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  200.415070][ T9065] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1064'.
[  203.153508][ T9142] bond0: entered promiscuous mode
[  203.174914][ T9142] bond_slave_0: entered promiscuous mode
[  203.215766][ T9142] bond_slave_1: entered promiscuous mode
[  203.260045][ T9142] dummy0: entered promiscuous mode
[  208.461853][ T9160] netlink: 'syz.2.1079': attribute type 10 has an invalid length.
[  208.595507][   T27] kauditd_printk_skb: 58 callbacks suppressed
[  208.595520][   T27] audit: type=1326 audit(1780667985.902:1542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9162 comm="syz.0.1081" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  208.694025][ T9160] team0: Device dummy0 failed to register rx_handler
[  208.822302][   T27] audit: type=1326 audit(1780667985.902:1543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9162 comm="syz.0.1081" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  208.946726][   T27] audit: type=1326 audit(1780667985.932:1544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9162 comm="syz.0.1081" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  208.994935][ T9166] netlink: 'syz.2.1079': attribute type 10 has an invalid length.
[  209.097068][   T27] audit: type=1326 audit(1780667985.932:1545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9162 comm="syz.0.1081" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  209.227223][   T27] audit: type=1326 audit(1780667985.932:1546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9162 comm="syz.0.1081" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa16915d68e code=0x7ffc0000
[  209.482082][   T27] audit: type=1326 audit(1780667985.932:1547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9162 comm="syz.0.1081" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  209.548739][ T9181] loop5: detected capacity change from 0 to 128
[  209.604502][   T27] audit: type=1326 audit(1780667985.932:1548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9162 comm="syz.0.1081" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=91 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  209.852764][   T27] audit: type=1326 audit(1780667985.932:1549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9162 comm="syz.0.1081" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  210.014518][   T27] audit: type=1326 audit(1780667985.932:1550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9162 comm="syz.0.1081" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  210.085496][ T9178] syz.5.1085: attempt to access beyond end of device
[  210.085496][ T9178] loop5: rw=2049, sector=138, nr_sectors = 112 limit=128
[  210.182134][   T27] audit: type=1326 audit(1780667985.942:1551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9162 comm="syz.0.1081" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  210.740268][ T9194] bond0: entered promiscuous mode
[  210.788354][ T9194] bond_slave_0: entered promiscuous mode
[  210.825646][ T9194] bond_slave_1: entered promiscuous mode
[  214.659508][ T9271] netlink: 'syz.3.1104': attribute type 10 has an invalid length.
[  214.814764][ T9271] team0: Port device dummy0 added
[  214.849869][ T9272] netlink: 'syz.3.1104': attribute type 10 has an invalid length.
[  215.158563][ T9272] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  215.316006][ T9272] team0: Failed to send options change via netlink (err -105)
[  215.337452][ T9272] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  215.380714][ T9272] team0: Port device dummy0 removed
[  215.435842][ T9272] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  215.823687][ T9300] netlink: 'syz.0.1118': attribute type 1 has an invalid length.
[  215.851836][ T9300] netlink: 'syz.0.1118': attribute type 1 has an invalid length.
[  215.901999][ T9300] netlink: 'syz.0.1118': attribute type 2 has an invalid length.
[  215.938526][ T9300] netlink: 'syz.0.1118': attribute type 7 has an invalid length.
[  215.960693][ T9300] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1118'.
[  216.030142][ T9302] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1110'.
[  216.587726][ T5088] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  216.605251][ T5088] CPU: 1 PID: 5088 Comm: kworker/u5:1 Not tainted syzkaller #0
[  216.612844][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  216.622920][ T5088] Workqueue: hci2 hci_rx_work
[  216.627658][ T5088] Call Trace:
[  216.630961][ T5088]  <TASK>
[  216.633906][ T5088]  dump_stack_lvl+0x18c/0x250
[  216.638708][ T5088]  ? show_regs_print_info+0x20/0x20
[  216.643928][ T5088]  ? load_image+0x420/0x420
[  216.648465][ T5088]  sysfs_create_dir_ns+0x26e/0x2a0
[  216.653601][ T5088]  ? sysfs_warn_dup+0xa0/0xa0
[  216.658299][ T5088]  ? do_raw_spin_unlock+0x121/0x230
[  216.663528][ T5088]  kobject_add_internal+0x61c/0xcc0
[  216.668774][ T5088]  kobject_add+0x164/0x240
[  216.673241][ T5088]  ? __rwlock_init+0x150/0x150
[  216.678040][ T5088]  ? kobject_init+0x1e0/0x1e0
[  216.682746][ T5088]  ? _raw_spin_unlock+0x28/0x40
[  216.687629][ T5088]  ? get_device_parent+0x366/0x390
[  216.692774][ T5088]  device_add+0x408/0xc50
[  216.697142][ T5088]  hci_conn_add_sysfs+0xd5/0x1e0
[  216.702116][ T5088]  le_conn_complete_evt+0xf5d/0x1540
[  216.707436][ T5088]  ? hci_event_packet+0x4cb/0x1270
[  216.712588][ T5088]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  216.718857][ T5088]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  216.724518][ T5088]  ? skb_pull_data+0xfb/0x200
[  216.729231][ T5088]  hci_le_conn_complete_evt+0x187/0x440
[  216.734809][ T5088]  ? hci_remote_host_features_evt+0x150/0x150
[  216.740904][ T5088]  hci_event_packet+0x7ba/0x1270
[  216.745880][ T5088]  ? bis_list+0x290/0x290
[  216.750247][ T5088]  ? lockdep_hardirqs_on+0x98/0x150
[  216.755480][ T5088]  ? hci_send_to_monitor+0xd7/0x4f0
[  216.760704][ T5088]  hci_rx_work+0x43a/0xd60
[  216.765153][ T5088]  ? process_scheduled_works+0x96f/0x15d0
[  216.770895][ T5088]  process_scheduled_works+0xa5d/0x15d0
[  216.776498][ T5088]  ? worker_attach_to_pool+0x380/0x380
[  216.781987][ T5088]  ? assign_work+0x3d2/0x5d0
[  216.786606][ T5088]  worker_thread+0xa55/0xfc0
[  216.791225][ T5088]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  216.797141][ T5088]  ? _raw_spin_unlock+0x40/0x40
[  216.802018][ T5088]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  216.807971][ T5088]  kthread+0x2fa/0x390
[  216.812070][ T5088]  ? pr_cont_work+0x560/0x560
[  216.816783][ T5088]  ? kthread_blkcg+0xd0/0xd0
[  216.821405][ T5088]  ret_from_fork+0x48/0x80
[  216.825848][ T5088]  ? kthread_blkcg+0xd0/0xd0
[  216.830457][ T5088]  ret_from_fork_asm+0x11/0x20
[  216.835264][ T5088]  </TASK>
[  216.843575][ T5088] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  216.860180][ T5088] Bluetooth: hci2: failed to register connection device
[  218.445112][ T9346] loop5: detected capacity change from 0 to 16
[  218.493770][ T9346] erofs: (device loop5): mounted with root inode @ nid 36.
[  218.631537][ T9346] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  220.560504][ T9385] loop5: detected capacity change from 0 to 128
[  221.854799][ T9407] netlink: 'syz.3.1138': attribute type 4 has an invalid length.
[  222.912809][   T27] kauditd_printk_skb: 2 callbacks suppressed
[  222.912823][   T27] audit: type=1326 audit(1780668000.222:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9421 comm="syz.5.1144" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd859ce59 code=0x7fc00000
[  223.004186][   T27] audit: type=1326 audit(1780668000.222:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9421 comm="syz.5.1144" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3bd859ce59 code=0x7fc00000
[  223.141087][   T27] audit: type=1326 audit(1780668000.232:1556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9421 comm="syz.5.1144" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bd859ce59 code=0x7fc00000
[  223.846913][ T9444] loop5: detected capacity change from 0 to 16
[  223.915669][ T9444] erofs: (device loop5): mounted with root inode @ nid 36.
[  224.479995][ T9454] overlayfs: failed to resolve './cgroup': -2
[  224.885302][ T9458] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  227.460348][   T27] audit: type=1326 audit(1780668004.772:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9471 comm="syz.0.1156" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  227.547822][   T27] audit: type=1326 audit(1780668004.802:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9471 comm="syz.0.1156" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  227.706255][   T27] audit: type=1326 audit(1780668004.802:1559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9471 comm="syz.0.1156" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  227.894932][   T27] audit: type=1326 audit(1780668004.802:1560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9471 comm="syz.0.1156" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  228.020043][   T27] audit: type=1326 audit(1780668004.802:1561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9471 comm="syz.0.1156" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  230.174270][ T9553] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1188'.
[  231.792738][ T9578] syz.0.1195 (9578) used greatest stack depth: 18952 bytes left
[  233.024600][ T9615] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1207'.
[  234.063910][ T9627] ip6gre2: entered promiscuous mode
[  234.099600][ T9627] ip6gre2: entered allmulticast mode
[  235.290528][ T9658] gretap0: entered promiscuous mode
[  235.302610][ T9658] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1221'.
[  235.318778][ T9658] gretap0: left promiscuous mode
[  236.210171][ T9676] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1228'.
[  237.003708][ T9688] netlink: 64595 bytes leftover after parsing attributes in process `syz.5.1231'.
[  238.072533][ T9701] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1238'.
[  238.120823][ T9701] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1238'.
[  238.259265][ T9704] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  238.291902][ T9704] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  240.496741][ T9741] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1251'.
[  241.114321][ T9753] netlink: 'syz.5.1255': attribute type 1 has an invalid length.
[  241.150685][ T9753] netlink: 'syz.5.1255': attribute type 4 has an invalid length.
[  241.187553][ T9753] netlink: 9462 bytes leftover after parsing attributes in process `syz.5.1255'.
[  241.332430][ T9756] overlayfs: failed to clone upperpath
[  242.006643][ T9765] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1259'.
[  242.052123][ T9765] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  242.061109][ T9765] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  242.069910][ T9765] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  242.078829][ T9765] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  242.186337][ T9765] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1259'.
[  243.403512][ T9791] 9pnet: p9_errstr2errno: server reported unknown error adapte
[  245.760548][ T9834] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1286'.
[  245.822129][ T9834] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1286'.
[  245.875640][ T9834] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1286'.
[  245.916929][ T9834] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1286'.
[  249.683662][ T9883] loop5: detected capacity change from 0 to 1024
[  249.724529][ T9883] EXT4-fs: Ignoring removed nomblk_io_submit option
[  249.776485][ T9883] EXT4-fs: inline encryption not supported
[  249.912297][ T9883] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  250.278736][ T9883] loop5: detected capacity change from 1024 to 64
[  250.457432][ T8341] EXT4-fs warning (device loop5): ext4_empty_dir:3139: inode #11: lblock 0: comm syz-executor: error -12 reading directory block
[  250.495035][ T8341] EXT4-fs warning (device loop5): ext4_empty_dir:3139: inode #11: lblock 0: comm syz-executor: error -12 reading directory block
[  250.529739][ T8341] EXT4-fs warning (device loop5): ext4_empty_dir:3139: inode #11: lblock 0: comm syz-executor: error -12 reading directory block
[  250.567296][ T8341] EXT4-fs warning (device loop5): ext4_empty_dir:3139: inode #11: lblock 0: comm syz-executor: error -12 reading directory block
[  250.611356][ T8341] EXT4-fs warning (device loop5): ext4_empty_dir:3139: inode #11: lblock 0: comm syz-executor: error -12 reading directory block
[  250.646036][ T8341] EXT4-fs warning (device loop5): ext4_empty_dir:3139: inode #11: lblock 0: comm syz-executor: error -12 reading directory block
[  250.694919][ T8341] EXT4-fs warning (device loop5): ext4_empty_dir:3139: inode #11: lblock 0: comm syz-executor: error -12 reading directory block
[  250.733687][ T8341] EXT4-fs warning (device loop5): ext4_empty_dir:3139: inode #11: lblock 0: comm syz-executor: error -12 reading directory block
[  250.772812][ T8341] EXT4-fs warning (device loop5): ext4_empty_dir:3139: inode #11: lblock 0: comm syz-executor: error -12 reading directory block
[  250.801093][ T9894] IPv6: sit1: Disabled Multicast RS
[  250.861062][ T8341] EXT4-fs warning (device loop5): ext4_empty_dir:3139: inode #11: lblock 0: comm syz-executor: error -12 reading directory block
[  254.107621][ T9973] netlink: 182 bytes leftover after parsing attributes in process `syz.2.1344'.
[  254.867590][ T8341] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.986263][ T9890] kmmpd-loop5: attempt to access beyond end of device
[  254.986263][ T9890] loop5: rw=14337, sector=128, nr_sectors = 2 limit=64
[  255.050733][ T9890] Buffer I/O error on dev loop5, logical block 64, lost sync page write
[  257.046116][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  257.052461][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  257.800229][ T9996] overlayfs: failed to clone upperpath
[  258.835370][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  258.845586][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  258.854141][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  258.862228][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  258.870038][   T52] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  258.877776][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  259.535281][T10022] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1364'.
[  260.290459][T10007] chnl_net:caif_netlink_parms(): no params data found
[  260.723580][T10007] bridge0: port 1(bridge_slave_0) entered blocking state
[  260.750267][T10007] bridge0: port 1(bridge_slave_0) entered disabled state
[  260.787220][T10007] bridge_slave_0: entered allmulticast mode
[  260.814189][T10007] bridge_slave_0: entered promiscuous mode
[  260.855305][T10007] bridge0: port 2(bridge_slave_1) entered blocking state
[  260.887624][T10007] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.918074][T10007] bridge_slave_1: entered allmulticast mode
[  260.943413][T10007] bridge_slave_1: entered promiscuous mode
[  260.969968][ T5088] Bluetooth: hci0: command tx timeout
[  261.183155][T10007] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  261.227429][T10007] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  261.299407][T10007] team0: Port device team_slave_0 added
[  261.322647][T10007] team0: Port device team_slave_1 added
[  261.431989][T10007] batman_adv: batadv0: Adding interface: batadv_slave_0
[  261.475882][T10007] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  261.581195][T10007] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  261.629399][T10007] batman_adv: batadv0: Adding interface: batadv_slave_1
[  261.650989][T10007] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  261.743947][T10007] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  261.985986][T10007] hsr_slave_0: entered promiscuous mode
[  262.013167][T10007] hsr_slave_1: entered promiscuous mode
[  262.028502][T10007] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  262.052891][T10007] Cannot create hsr debugfs directory
[  262.942868][T10007] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  263.001191][T10007] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  263.045560][ T5088] Bluetooth: hci0: command tx timeout
[  263.101533][T10007] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  263.140740][T10007] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  263.679789][T10007] 8021q: adding VLAN 0 to HW filter on device bond0
[  263.808084][T10007] 8021q: adding VLAN 0 to HW filter on device team0
[  263.853059][ T2946] bridge0: port 1(bridge_slave_0) entered blocking state
[  263.860287][ T2946] bridge0: port 1(bridge_slave_0) entered forwarding state
[  263.932962][ T2946] bridge0: port 2(bridge_slave_1) entered blocking state
[  263.940146][ T2946] bridge0: port 2(bridge_slave_1) entered forwarding state
[  264.931584][ T6249] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  265.132717][ T5088] Bluetooth: hci0: command tx timeout
[  265.245113][T10007] 8021q: adding VLAN 0 to HW filter on device batadv0
[  265.549839][ T6249] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  265.987101][ T6249] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  266.300094][T10107] overlayfs: failed to clone upperpath
[  266.591782][T10116] 9pnet: p9_errstr2errno: server reported unknown error %n(
[  266.779329][ T6249] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  267.205907][ T5088] Bluetooth: hci0: command tx timeout
[  267.458146][T10007] veth0_vlan: entered promiscuous mode
[  267.592696][T10007] veth1_vlan: entered promiscuous mode
[  267.792670][T10007] veth0_macvtap: entered promiscuous mode
[  267.884575][T10007] veth1_macvtap: entered promiscuous mode
[  268.321527][T10146] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1405'.
[  268.349280][T10146] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1405'.
[  268.433259][T10007] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  268.464291][T10007] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  268.491028][T10007] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  268.585943][T10007] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  268.630768][T10007] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  268.688526][T10007] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  268.727724][T10007] batman_adv: batadv0: Interface activated: batadv_slave_0
[  268.817394][T10158] 9pnet: p9_errstr2errno: server reported unknown error ��n$�[
[  268.817394][T10158] Q&|x�X
[  268.964772][T10157] pimreg: entered allmulticast mode
[  269.031332][T10152] pimreg: left allmulticast mode
[  269.225966][T10007] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  269.265351][T10007] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  269.295429][T10007] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  269.321303][T10007] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  269.358702][T10007] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  269.415239][T10007] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  269.450752][T10007] batman_adv: batadv0: Interface activated: batadv_slave_1
[  269.666333][T10007] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  269.734179][T10007] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  269.798386][T10007] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  269.831753][T10007] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  270.092672][T10177] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1413'.
[  272.718901][ T6252] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  272.810905][ T6252] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  275.827690][ T6264] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  275.877853][ T6264] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  276.169259][   T27] audit: type=1326 audit(276.094:1562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.0.1426" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  276.296935][   T27] audit: type=1326 audit(276.094:1563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.0.1426" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  276.432546][   T27] audit: type=1326 audit(276.094:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.0.1426" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  276.558510][   T27] audit: type=1326 audit(276.104:1565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.0.1426" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  276.694288][   T27] audit: type=1326 audit(276.104:1566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.0.1426" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  276.842518][   T27] audit: type=1326 audit(276.124:1567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.0.1426" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  276.976775][   T27] audit: type=1326 audit(276.224:1568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.0.1426" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa16915d68e code=0x7ffc0000
[  277.080446][   T27] audit: type=1326 audit(276.234:1569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.0.1426" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa16915d68e code=0x7ffc0000
[  277.174975][   T27] audit: type=1326 audit(276.234:1570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.0.1426" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa16915d68e code=0x7ffc0000
[  277.280277][   T27] audit: type=1326 audit(276.234:1571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10237 comm="syz.0.1426" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa16915d68e code=0x7ffc0000
[  277.975108][T10264] loop6: detected capacity change from 0 to 1024
[  278.167536][T10264] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  278.310963][ T6249] hsr_slave_0: left promiscuous mode
[  278.345049][T10264] EXT4-fs error (device loop6): ext4_generic_delete_entry:2729: inode #12: block 7: comm syz.6.1354: bad entry in directory: rec_len is smaller than minimal - offset=16, inode=14, rec_len=8, size=56 fake=0
[  278.384127][ T6249] hsr_slave_1: left promiscuous mode
[  278.392933][ T6249] batman_adv: batadv0: Removing interface: batadv_slave_0
[  278.421022][T10264] EXT4-fs error (device loop6) in ext4_delete_inline_entry:1802: Corrupt filesystem
[  278.435026][ T6249] batman_adv: batadv0: Removing interface: batadv_slave_1
[  278.458043][ T6249] bridge_slave_1: left allmulticast mode
[  278.473991][ T6249] bridge_slave_1: left promiscuous mode
[  278.494643][ T6249] bridge0: port 2(bridge_slave_1) entered disabled state
[  278.518022][ T6249] bridge_slave_0: left allmulticast mode
[  278.534477][ T6249] bridge_slave_0: left promiscuous mode
[  278.543523][ T6249] bridge0: port 1(bridge_slave_0) entered disabled state
[  278.548145][T10007] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.546705][ T6249] team0 (unregistering): Port device team_slave_1 removed
[  279.624500][ T6249] team0 (unregistering): Port device team_slave_0 removed
[  279.692150][ T6249] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  279.702978][ T6249] bond_slave_1 (unregistering): left promiscuous mode
[  279.761400][ T6249] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  279.772366][ T6249] bond_slave_0 (unregistering): left promiscuous mode
[  280.389037][ T6249] bond0 (unregistering): Released all slaves
[  280.716493][T10308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1448'.
[  280.737536][T10308] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1448'.
[  280.843930][T10312] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  280.875763][T10312] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  282.825965][T10392] netlink: 'syz.6.1468': attribute type 5 has an invalid length.
[  282.928396][T10395] hsr0: entered promiscuous mode
[  282.938022][T10395] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1469'.
[  286.211908][T10480] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1489'.
[  286.757650][T10515] fuse: Bad value for 'fd'
[  286.987524][T10523] Bluetooth: MGMT ver 1.22
[  286.992036][T10523] Bluetooth: hci0: invalid length 0, exp 2 for type 3
[  287.356808][T10539] overlayfs: failed to resolve './file0': -2
[  287.367220][T10537] tipc: New replicast peer: 255.255.255.255
[  287.374210][T10537] tipc: Enabled bearer <udp:syz2>, priority 10
[  288.424530][T10601] bridge2: entered promiscuous mode
[  288.438973][T10601] bridge2: entered allmulticast mode
[  288.893735][T10625] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1538'.
[  288.904607][T10625] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1538'.
[  288.914027][T10625] netlink: 'syz.0.1538': attribute type 18 has an invalid length.
[  289.342993][T10655] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1550'.
[  289.353134][T10655] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  289.478954][T10655] batman_adv: batadv0: Removing interface: batadv_slave_1
[  289.630557][T10664] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1553'.
[  289.639912][T10664] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1553'.
[  289.655049][T10664] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  289.663885][T10664] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  289.672708][T10664] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  289.681771][T10664] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  289.700511][T10665] netdevsim netdevsim6 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  289.734641][T10665] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  290.741167][T10702] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1570'.
[  290.771019][T10703] loop6: detected capacity change from 0 to 2048
[  290.862104][T10703] NILFS (loop6): invalid segment: Magic number mismatch
[  290.885456][T10703] NILFS (loop6): trying rollback from an earlier position
[  290.918163][T10703] NILFS (loop6): recovery complete
[  290.945609][T10706] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  291.262392][T10712] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1573'.
[  291.285572][T10712] netlink: 'syz.3.1573': attribute type 25 has an invalid length.
[  291.293428][T10712] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1573'.
[  291.696510][T10725] fuse: Bad value for 'fd'
[  292.253380][T10748] fuse: Bad value for 'fd'
[  292.491056][T10745] loop6: detected capacity change from 0 to 32768
[  292.559909][T10745] ocfs2: Slot 0 on device (7,6) was already allocated to this node!
[  292.588763][T10745] JBD2: Ignoring recovery information on journal
[  292.692883][T10745] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  293.070885][T10745] loop6: detected capacity change from 32768 to 64
[  293.180247][T10759] (syz.6.1586,10759,0):ocfs2_do_extend_dir:3153 ERROR: status = -12
[  293.231752][T10759] (syz.6.1586,10759,0):ocfs2_fill_new_dir_el:2258 ERROR: status = -12
[  293.260993][T10759] (syz.6.1586,10759,0):ocfs2_mknod:394 ERROR: status = -12
[  293.295526][T10752] jbd2/loop6-75: attempt to access beyond end of device
[  293.295526][T10752] loop6: rw=38913, sector=642, nr_sectors = 1 limit=64
[  293.324819][T10752] jbd2/loop6-75: attempt to access beyond end of device
[  293.324819][T10752] loop6: rw=38913, sector=643, nr_sectors = 1 limit=64
[  293.342925][T10752] jbd2/loop6-75: attempt to access beyond end of device
[  293.342925][T10752] loop6: rw=38913, sector=644, nr_sectors = 1 limit=64
[  293.368355][T10752] jbd2/loop6-75: attempt to access beyond end of device
[  293.368355][T10752] loop6: rw=38913, sector=645, nr_sectors = 1 limit=64
[  293.392506][T10752] jbd2/loop6-75: attempt to access beyond end of device
[  293.392506][T10752] loop6: rw=38913, sector=646, nr_sectors = 1 limit=64
[  293.407837][T10752] jbd2/loop6-75: attempt to access beyond end of device
[  293.407837][T10752] loop6: rw=38913, sector=647, nr_sectors = 1 limit=64
[  293.421926][T10752] jbd2/loop6-75: attempt to access beyond end of device
[  293.421926][T10752] loop6: rw=38913, sector=648, nr_sectors = 1 limit=64
[  293.435862][T10752] jbd2/loop6-75: attempt to access beyond end of device
[  293.435862][T10752] loop6: rw=38913, sector=649, nr_sectors = 1 limit=64
[  293.452234][T10752] jbd2/loop6-75: attempt to access beyond end of device
[  293.452234][T10752] loop6: rw=38913, sector=650, nr_sectors = 1 limit=64
[  293.485391][T10752] jbd2/loop6-75: attempt to access beyond end of device
[  293.485391][T10752] loop6: rw=38913, sector=651, nr_sectors = 1 limit=64
[  293.523781][T10759] (syz.6.1586,10759,0):ocfs2_mknod:502 ERROR: status = -12
[  293.535700][T10752] Aborting journal on device loop6-75.
[  293.541720][T10752] Buffer I/O error on dev loop6, logical block 640, lost sync page write
[  293.565149][T10759] (syz.6.1586,10759,0):ocfs2_mkdir:659 ERROR: status = -12
[  293.585383][T10752] JBD2: I/O error when updating journal superblock for loop6-75.
[  293.648205][T10007] (syz-executor,10007,0):ocfs2_read_locked_inode:521 ERROR: status = -5
[  293.680864][T10007] (syz-executor,10007,0):ocfs2_read_locked_inode:521 ERROR: status = -5
[  294.042065][T10007] (syz-executor,10007,0):__ocfs2_flush_truncate_log:6033 ERROR: status = -5
[  294.063338][T10007] (syz-executor,10007,1):ocfs2_sync_fs:404 ERROR: status = -5
[  294.108774][T10007] (syz-executor,10007,1):ocfs2_start_trans:379 ERROR: status = -30
[  294.145367][T10007] OCFS2: abort (device loop6): handle_t *ocfs2_start_trans(struct ocfs2_super *, int): Detected aborted journal
[  294.185391][T10007] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  294.215290][T10007] OCFS2: File system is now read-only.
[  294.220802][T10007] (syz-executor,10007,1):ocfs2_shutdown_local_alloc:418 ERROR: status = -30
[  294.247551][ T6257] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  294.255286][T10007] (syz-executor,10007,1):__ocfs2_flush_truncate_log:6033 ERROR: status = -5
[  294.317940][ T6257] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.329768][T10007] (syz-executor,10007,0):ocfs2_truncate_log_shutdown:6322 ERROR: status = -5
[  294.370518][T10007] Buffer I/O error on dev loop6, logical block 17024, lost sync page write
[  294.405446][T10007] (syz-executor,10007,0):ocfs2_write_block:78 ERROR: status = -5
[  294.423725][T10007] (syz-executor,10007,0):ocfs2_update_disk_slot:199 ERROR: status = -5
[  294.447394][T10007] (syz-executor,10007,0):ocfs2_put_slot:517 ERROR: status = -5
[  294.466480][T10007] (syz-executor,10007,0):ocfs2_journal_shutdown:1107 ERROR: status = -5
[  294.585026][T10007] ocfs2: Unmounting device (7,6) on (node local)
[  294.686566][ T6257] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  294.727381][ T6257] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.922170][ T6257] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  294.959059][ T6257] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.237382][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  296.250657][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  296.261763][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  296.270342][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  296.310136][   T52] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  296.319864][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  297.569335][T10822] chnl_net:caif_netlink_parms(): no params data found
[  298.232499][T10822] bridge0: port 1(bridge_slave_0) entered blocking state
[  298.266461][T10822] bridge0: port 1(bridge_slave_0) entered disabled state
[  298.273721][T10822] bridge_slave_0: entered allmulticast mode
[  298.296195][T10822] bridge_slave_0: entered promiscuous mode
[  298.405511][   T52] Bluetooth: hci0: command tx timeout
[  298.446022][T10822] bridge0: port 2(bridge_slave_1) entered blocking state
[  298.453213][T10822] bridge0: port 2(bridge_slave_1) entered disabled state
[  298.479125][T10822] bridge_slave_1: entered allmulticast mode
[  298.513047][T10822] bridge_slave_1: entered promiscuous mode
[  298.612427][ T6257] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  298.636192][ T6257] batman_adv: batadv0: Removing interface: batadv_slave_0
[  298.686204][ T6257] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  298.695700][ T6257] batman_adv: batadv0: Removing interface: batadv_slave_1
[  298.726978][ T6257] bridge_slave_1: left allmulticast mode
[  298.732665][ T6257] bridge_slave_1: left promiscuous mode
[  298.755559][ T6257] bridge0: port 2(bridge_slave_1) entered disabled state
[  298.780534][ T6257] bridge_slave_0: left allmulticast mode
[  298.795274][ T6257] bridge_slave_0: left promiscuous mode
[  298.811611][ T6257] bridge0: port 1(bridge_slave_0) entered disabled state
[  298.927261][ T6257] veth1_macvtap: left promiscuous mode
[  298.938041][ T6257] veth0_macvtap: left promiscuous mode
[  298.943708][ T6257] veth1_vlan: left promiscuous mode
[  298.979670][ T6257] veth0_vlan: left promiscuous mode
[  300.282266][ T6257] team0 (unregistering): Port device team_slave_1 removed
[  300.380511][ T6257] team0 (unregistering): Port device team_slave_0 removed
[  300.461038][ T6257] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  300.486494][   T52] Bluetooth: hci0: command tx timeout
[  300.529074][ T6257] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  301.170627][ T6257] bond0 (unregistering): Released all slaves
[  301.374689][T10822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  301.427321][T10822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  301.691398][T10822] team0: Port device team_slave_0 added
[  301.755338][T10925] 9pnet: p9_errstr2errno: server reported unknown error 01777777
[  301.780566][T10822] team0: Port device team_slave_1 added
[  301.948161][T10822] batman_adv: batadv0: Adding interface: batadv_slave_0
[  301.979382][T10822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  302.112632][T10822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  302.206007][T10822] batman_adv: batadv0: Adding interface: batadv_slave_1
[  302.212995][T10822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  302.239022][T10822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  302.474424][T10822] hsr_slave_0: entered promiscuous mode
[  302.491029][T10822] hsr_slave_1: entered promiscuous mode
[  302.507399][T10822] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  302.531399][T10822] Cannot create hsr debugfs directory
[  302.578666][   T52] Bluetooth: hci0: command tx timeout
[  302.923099][T10947] vcan0: tx drop: invalid sa for name 0x0000000000000004
[  303.056076][T10822] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  303.071606][T10822] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  303.100891][T10822] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  303.133458][T10822] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  303.308529][T10822] 8021q: adding VLAN 0 to HW filter on device bond0
[  303.378973][T10822] 8021q: adding VLAN 0 to HW filter on device team0
[  303.406590][ T6264] bridge0: port 1(bridge_slave_0) entered blocking state
[  303.413766][ T6264] bridge0: port 1(bridge_slave_0) entered forwarding state
[  303.469498][ T6252] bridge0: port 2(bridge_slave_1) entered blocking state
[  303.476720][ T6252] bridge0: port 2(bridge_slave_1) entered forwarding state
[  303.482908][T10960] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1642'.
[  303.898644][   T27] kauditd_printk_skb: 42 callbacks suppressed
[  303.898658][   T27] audit: type=1326 audit(303.894:1614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10980 comm="syz.0.1648" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  303.980410][   T27] audit: type=1326 audit(303.894:1615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10980 comm="syz.0.1648" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  304.065558][   T27] audit: type=1326 audit(303.894:1616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10980 comm="syz.0.1648" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  304.141828][   T27] audit: type=1326 audit(303.894:1617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10980 comm="syz.0.1648" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  304.179120][T10822] 8021q: adding VLAN 0 to HW filter on device batadv0
[  304.205851][   T27] audit: type=1326 audit(303.894:1618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10980 comm="syz.0.1648" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  304.271956][   T27] audit: type=1326 audit(303.894:1619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10980 comm="syz.0.1648" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  304.355445][   T27] audit: type=1326 audit(303.894:1620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10980 comm="syz.0.1648" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  304.450998][   T27] audit: type=1326 audit(303.904:1621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10980 comm="syz.0.1648" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  304.522055][   T27] audit: type=1326 audit(303.904:1622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10980 comm="syz.0.1648" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  304.599526][   T27] audit: type=1326 audit(303.904:1623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10980 comm="syz.0.1648" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=260 compat=0 ip=0x7fa16919ce59 code=0x7ffc0000
[  304.645640][   T52] Bluetooth: hci0: command tx timeout
[  304.914282][T10822] veth0_vlan: entered promiscuous mode
[  304.958403][T10822] veth1_vlan: entered promiscuous mode
[  305.060107][T10822] veth0_macvtap: entered promiscuous mode
[  305.082047][T10822] veth1_macvtap: entered promiscuous mode
[  305.122788][T10822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  305.153659][T10822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.184821][T10822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  305.205833][T10822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.225659][T10822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  305.245239][T10822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.266937][T10822] batman_adv: batadv0: Interface activated: batadv_slave_0
[  305.292901][T10822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  305.325346][T10822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.346971][T10822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  305.367815][T10822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.399586][T10822] batman_adv: batadv0: Interface activated: batadv_slave_1
[  305.432943][T10822] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  305.465441][T10822] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  305.484717][T10822] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  305.502047][T10822] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  305.696482][ T6264] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  305.741912][ T6264] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  305.873898][ T6252] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  305.903640][ T6252] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.381679][T11050] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  306.750030][T11066] overlayfs: failed to clone upperpath
[  310.473148][T11221] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1701'.
[  310.491968][   T27] kauditd_printk_skb: 39 callbacks suppressed
[  310.491981][   T27] audit: type=1326 audit(310.494:1663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11185 comm="syz.2.1692" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ef879ce59 code=0x7fc00000
[  310.773239][T11236] loop7: detected capacity change from 0 to 64
[  310.885040][T11236] hfs: request for non-existent node 131072 in B*Tree
[  310.937725][T11236] hfs: request for non-existent node 131072 in B*Tree
[  310.955489][T11241] hfs: request for non-existent node 131072 in B*Tree
[  310.969964][T11241] hfs: request for non-existent node 131072 in B*Tree
[  311.010984][T11236] hfs: request for non-existent node 131072 in B*Tree
[  311.025544][T11236] hfs: request for non-existent node 131072 in B*Tree
[  311.042895][T11236] hfs: request for non-existent node 131072 in B*Tree
[  311.056268][ T6252] wlan1: Trigger new scan to find an IBSS to join
[  311.065552][T11236] hfs: request for non-existent node 131072 in B*Tree
[  313.785931][   T27] audit: type=1326 audit(313.784:1664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11340 comm="syz.3.1737" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f43ecb9ce59 code=0x0
[  314.393821][T11315] loop7: detected capacity change from 0 to 32768
[  314.474160][T11315] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 scanned by syz.7.1726 (11315)
[  314.666543][T11315] BTRFS info (device loop7): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  314.727121][T11315] BTRFS info (device loop7): using sha256 (sha256-avx2) checksum algorithm
[  314.795461][T11315] BTRFS info (device loop7): force clearing of disk cache
[  314.839067][T11315] BTRFS info (device loop7): metadata ratio 0
[  314.883681][T11315] BTRFS info (device loop7): enabling ssd optimizations
[  314.925279][T11315] BTRFS info (device loop7): using spread ssd allocation scheme
[  314.970846][T11315] BTRFS info (device loop7): using free space tree
[  315.340159][T11315] BTRFS info (device loop7): auto enabling async discard
[  315.376938][T11315] BTRFS info (device loop7): rebuilding free space tree
[  315.674156][   T27] audit: type=1800 audit(315.674:1665): pid=11403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1726" name="file1" dev="loop7" ino=260 res=0 errno=0
[  316.016999][   T78] wlan1: Trigger new scan to find an IBSS to join
[  316.273974][T10822] BTRFS info (device loop7): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  317.089961][ T4551] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00
[  317.292702][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  317.299947][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  318.397506][   T52] Bluetooth: hci0: Malformed MSFT vendor event: 0x02
[  319.057146][T11504] loop7: detected capacity change from 0 to 40427
[  319.099369][T11504] F2FS-fs (loop7): invalid crc value
[  319.293279][T11504] F2FS-fs (loop7): Start checkpoint disabled!
[  319.365560][T11504] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[  319.492466][T11504] bio_check_eod: 4 callbacks suppressed
[  319.492482][T11504] syz.7.1779: attempt to access beyond end of device
[  319.492482][T11504] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  319.591492][ T4551] kworker/u4:10: attempt to access beyond end of device
[  319.591492][ T4551] loop7: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  319.607325][ T4551] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  320.595562][T11565] fuse: Bad value for 'fd'
[  321.734495][T11616] loop7: detected capacity change from 0 to 1024
[  321.744305][T11616] EXT4-fs (loop7): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  321.756792][T11616] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  321.768559][T11616] EXT4-fs (loop7): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  321.780266][T11616] EXT4-fs error (device loop7): ext4_get_journal_inode:5820: inode #5: comm syz.7.1819: unexpected bad inode w/o EXT4_IGET_BAD
[  321.851081][T11616] EXT4-fs (loop7): no journal found
[  321.873361][T11616] EXT4-fs (loop7): can't get journal size
[  321.892031][T11616] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  322.034616][T11625] sctp: [Deprecated]: syz.0.1824 (pid 11625) Use of int in maxseg socket option.
[  322.034616][T11625] Use struct sctp_assoc_value instead
[  322.159045][T10822] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  323.024650][   T27] audit: type=1326 audit(326.025:1666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.7.1825" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa816d9ce59 code=0x7ffc0000
[  323.128824][   T27] audit: type=1326 audit(326.025:1667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.7.1825" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa816d9ce59 code=0x7ffc0000
[  323.251040][   T27] audit: type=1326 audit(326.025:1668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.7.1825" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa816d9ce59 code=0x7ffc0000
[  323.276748][   T27] audit: type=1326 audit(326.025:1669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.7.1825" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa816d9ce59 code=0x7ffc0000
[  323.366783][   T27] audit: type=1326 audit(326.055:1670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.7.1825" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fa816d9ce59 code=0x7ffc0000
[  323.405279][   T27] audit: type=1326 audit(326.085:1671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.7.1825" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa816d9ce59 code=0x7ffc0000
[  323.455285][   T27] audit: type=1326 audit(326.165:1672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.7.1825" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa816d5d68e code=0x7ffc0000
[  323.520046][   T27] audit: type=1326 audit(326.165:1673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.7.1825" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa816d5d68e code=0x7ffc0000
[  323.575735][   T27] audit: type=1326 audit(326.175:1674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.7.1825" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa816d5d68e code=0x7ffc0000
[  323.610999][   T42] libceph: connect (1)[c::]:6789 error -97
[  323.617253][   T27] audit: type=1326 audit(326.175:1675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11642 comm="syz.7.1825" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa816d5d68e code=0x7ffc0000
[  323.638762][   T42] libceph: mon0 (1)[c::]:6789 connect error
[  323.696408][   T42] libceph: connect (1)[c::]:6789 error -97
[  323.713843][   T42] libceph: mon0 (1)[c::]:6789 connect error
[  324.000134][   T42] libceph: connect (1)[c::]:6789 error -97
[  324.008141][   T42] libceph: mon0 (1)[c::]:6789 connect error
[  324.378940][T11659] ceph: No mds server is up or the cluster is laggy
[  324.430484][   T42] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  324.524549][T11697] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1848'.
[  324.554682][T11694] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  324.567734][T11694] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  324.657445][   T42] usb 8-1: unable to get BOS descriptor or descriptor too short
[  324.668209][   T42] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  324.685328][   T42] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  324.712317][   T42] usb 8-1: string descriptor 0 read error: -22
[  324.725351][   T42] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40
[  324.734397][   T42] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.097319][   T42] usb 8-1: cannot find UAC_HEADER
[  326.150965][   T42] snd-usb-audio: probe of 8-1:1.0 failed with error -22
[  326.303431][   T23] usb 8-1: USB disconnect, device number 2
[  326.771814][T11765] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1878'.
[  326.799983][T11765] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1878'.
[  326.948258][T11774] overlayfs: failed to clone upperpath
[  327.214954][T11788] tipc: Started in network mode
[  327.222877][T11788] tipc: Node identity ac14140f, cluster identity 4711
[  327.230946][T11788] tipc: New replicast peer: 255.255.255.255
[  327.254101][T11788] tipc: Enabled bearer <udp:syz2>, priority 10
[  328.369365][ T5830] tipc: Node number set to 2886997007
[  328.694699][T11852] bridge1: entered promiscuous mode
[  328.702316][T11852] bridge1: entered allmulticast mode
[  329.091793][   T52] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  329.275550][ T5830] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  329.465760][ T5830] usb 8-1: Using ep0 maxpacket: 16
[  329.492019][ T5830] usb 8-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  329.512251][ T5830] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.540436][ T5830] usb 8-1: config 0 descriptor??
[  329.564651][ T5830] gspca_main: sonixj-2.14.0 probing 0471:0327
[  330.585844][T11922] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1927'.
[  330.700609][T11931] netlink: 'syz.0.1929': attribute type 10 has an invalid length.
[  330.708904][T11931] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1929'.
[  330.765079][T11931] bridge0: port 3(vlan2) entered blocking state
[  330.771998][T11931] bridge0: port 3(vlan2) entered forwarding state
[  330.823074][T11931] team0: Port device geneve0 added
[  331.005453][ T5830] gspca_sonixj: i2c_w8 err -71
[  331.035864][ T5830] sonixj: probe of 8-1:0.0 failed with error -71
[  331.068523][ T5830] usb 8-1: USB disconnect, device number 3
[  332.298703][T11999] tipc: Started in network mode
[  332.321648][T11999] tipc: Node identity ac14140f, cluster identity 4711
[  332.349958][T11999] tipc: New replicast peer: 255.255.255.255
[  332.393424][T11999] tipc: Enabled bearer <udp:syz2>, priority 10
[  332.774369][T12016] loop7: detected capacity change from 0 to 4096
[  332.855413][T12016] EXT4-fs (loop7): cluster size (1024) smaller than block size (4096)
[  333.198921][T12027] loop7: detected capacity change from 0 to 1024
[  333.284918][T12027] hfsplus: filesystem is marked journaled, leaving read-only.
[  333.330142][T12034] bridge0: port 2(bridge_slave_1) entered blocking state
[  333.337417][T12034] bridge0: port 2(bridge_slave_1) entered listening state
[  333.505438][   T42] tipc: Node number set to 2886997007
[  333.675044][T12046] tipc: Started in network mode
[  333.681109][T12046] tipc: Node identity ac14140f, cluster identity 4711
[  333.693778][T12046] tipc: New replicast peer: 255.255.255.255
[  333.708607][T12046] tipc: Enabled bearer <udp:syz2>, priority 10
[  334.255842][T12063] policy can only be matched on NF_INET_PRE_ROUTING
[  334.255864][T12063] unable to load match
[  334.507274][T12082] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1968'.
[  334.532768][T12082] netlink: 'syz.7.1968': attribute type 25 has an invalid length.
[  334.559539][T12082] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1968'.
[  334.705670][   T42] tipc: Node number set to 2886997007
[  337.032633][T12153] 9pnet: p9_errstr2errno: server reported unknown error ��n$�[
[  337.032633][T12153] �8�S?R��7�)�̇
[  337.280099][T12162] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1994'.
[  338.371539][T12186] overlayfs: failed to clone upperpath
[  338.423294][T12188] loop7: detected capacity change from 0 to 1024
[  338.466319][T12188] EXT4-fs: Ignoring removed bh option
[  338.515880][T12188] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  338.583213][T12188] EXT4-fs error (device loop7): ext4_map_blocks:720: inode #15: comm syz.7.2005: lblock 0 mapped to illegal pblock 0 (length 1)
[  338.656254][T12188] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  338.668821][T12188] EXT4-fs (loop7): This should not happen!! Data will be lost
[  338.668821][T12188] 
[  338.679992][T12199] EXT4-fs error (device loop7): ext4_map_blocks:610: inode #15: comm syz.7.2005: lblock 0 mapped to illegal pblock 0 (length 1)
[  338.697489][T12199] EXT4-fs error (device loop7): ext4_map_blocks:610: inode #15: comm syz.7.2005: lblock 0 mapped to illegal pblock 0 (length 1)
[  338.715021][T12199] EXT4-fs error (device loop7): ext4_map_blocks:610: inode #15: comm syz.7.2005: lblock 0 mapped to illegal pblock 0 (length 1)
[  338.736245][T12199] EXT4-fs error (device loop7): ext4_map_blocks:610: inode #15: comm syz.7.2005: lblock 0 mapped to illegal pblock 0 (length 1)
[  338.751720][T12188] EXT4-fs error (device loop7): ext4_map_blocks:610: inode #15: comm syz.7.2005: lblock 0 mapped to illegal pblock 0 (length 1)
[  338.786037][T12188] EXT4-fs error (device loop7): ext4_ext_remove_space:2955: inode #15: comm syz.7.2005: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  338.832802][T12188] EXT4-fs error (device loop7) in ext4_setattr:5682: Corrupt filesystem
[  338.842991][T12199] EXT4-fs error (device loop7): ext4_map_blocks:610: inode #15: comm syz.7.2005: lblock 0 mapped to illegal pblock 0 (length 1)
[  338.859402][T12206] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2012'.
[  338.887199][T12207] EXT4-fs error (device loop7): ext4_free_blocks:6694: comm syz.7.2005: Freeing blocks not in datazone - block = 0, count = 1
[  339.071712][T10822] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  339.086055][T12216] fuse: Bad value for 'fd'
[  339.312208][T12224] loop7: detected capacity change from 0 to 4096
[  339.335486][T12224] ntfs3: loop7: Different NTFS sector size (1024) and media sector size (512).
[  339.378209][T12227] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2019'.
[  339.389953][T12224] ntfs3: loop7: Mark volume as dirty due to NTFS errors
[  340.428348][T12260] netlink: 16178 bytes leftover after parsing attributes in process `syz.7.2034'.
[  342.772402][T12313] netlink: 'syz.7.2053': attribute type 1 has an invalid length.
[  342.841367][T12313] gretap1: entered allmulticast mode
[  342.922485][T12313] bond1: (slave gretap1): making interface the new active one
[  342.977187][T12313] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  344.298218][   T27] kauditd_printk_skb: 65 callbacks suppressed
[  344.298233][   T27] audit: type=1804 audit(347.305:1741): pid=12347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.2075" name="bus" dev="ramfs" ino=27145 res=1 errno=0
[  346.076493][T12399] loop7: detected capacity change from 0 to 1024
[  346.086867][T12399] EXT4-fs: Ignoring removed bh option
[  346.127042][T12399] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  346.374189][T10822] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.415635][T12409] netlink: 'syz.2.2087': attribute type 10 has an invalid length.
[  347.646424][T12426] netlink: 'syz.0.2092': attribute type 16 has an invalid length.
[  347.658436][T12426] netlink: 'syz.0.2092': attribute type 17 has an invalid length.
[  347.692521][T12426] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  348.805519][ T1199] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  349.008647][ T1199] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  349.029804][ T1199] usb 8-1: config 0 has no interfaces?
[  349.059170][ T1199] usb 8-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  349.074460][ T1199] usb 8-1: New USB device strings: Mfr=0, Product=64, SerialNumber=0
[  349.097325][ T1199] usb 8-1: Product: syz
[  349.111752][ T1199] usb 8-1: config 0 descriptor??
[  349.346962][ T1199] usb 8-1: USB disconnect, device number 4
[  351.404607][T12501] loop7: detected capacity change from 0 to 32768
[  351.417089][T12501] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop7 scanned by syz.7.2117 (12501)
[  351.508324][T12501] BTRFS info (device loop7): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  351.545448][T12501] BTRFS info (device loop7): using blake2b (blake2b-256-generic) checksum algorithm
[  351.580389][T12501] BTRFS info (device loop7): metadata ratio 0
[  351.602726][T12501] BTRFS info (device loop7): using free space tree
[  351.772082][T12501] BTRFS info (device loop7): enabling ssd optimizations
[  351.785417][T12501] BTRFS info (device loop7): auto enabling async discard
[  352.022562][   T27] audit: type=1800 audit(355.025:1742): pid=12501 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2117" name="bus" dev="loop7" ino=263 res=0 errno=0
[  352.105537][   T27] audit: type=1800 audit(355.095:1743): pid=12501 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2117" name="bus" dev="loop7" ino=263 res=0 errno=0
[  352.715625][T10822] BTRFS info (device loop7): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  353.128812][T12547] netlink: 165 bytes leftover after parsing attributes in process `syz.3.2127'.
[  354.068451][T12553] loop7: detected capacity change from 0 to 40427
[  354.083612][T12553] F2FS-fs (loop7): Invalid SB checksum offset: 0
[  354.095088][T12553] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock
[  354.111261][T12553] F2FS-fs (loop7): invalid crc value
[  354.258293][T12553] F2FS-fs (loop7): Try to recover 2th superblock, ret: 0
[  354.277467][T12553] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  354.456456][T10822] syz-executor: attempt to access beyond end of device
[  354.456456][T10822] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  354.487772][T10822] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  357.114727][T12620] 
[  357.117105][T12620] ============================================
[  357.123257][T12620] WARNING: possible recursive locking detected
[  357.129416][T12620] syzkaller #0 Not tainted
[  357.133831][T12620] --------------------------------------------
[  357.139982][T12620] kworker/u4:59/12620 is trying to acquire lock:
[  357.146304][T12620] ffffe8ffffd64250 (&pd_list->lock){+...}-{2:2}, at: padata_do_serial+0x644/0xa70
[  357.155549][T12620] 
[  357.155549][T12620] but task is already holding lock:
[  357.162907][T12620] ffffe8ffffd67ef8 (&pd_list->lock){+...}-{2:2}, at: padata_do_serial+0x4db/0xa70
[  357.172120][T12620] 
[  357.172120][T12620] other info that might help us debug this:
[  357.180162][T12620]  Possible unsafe locking scenario:
[  357.180162][T12620] 
[  357.187598][T12620]        CPU0
[  357.190876][T12620]        ----
[  357.194150][T12620]   lock(&pd_list->lock);
[  357.198484][T12620]   lock(&pd_list->lock);
[  357.202821][T12620] 
[  357.202821][T12620]  *** DEADLOCK ***
[  357.202821][T12620] 
[  357.210962][T12620]  May be due to missing lock nesting notation
[  357.210962][T12620] 
[  357.219276][T12620] 3 locks held by kworker/u4:59/12620:
[  357.224736][T12620]  #0: ffff888142e6fd38 ((wq_completion)pdecrypt_parallel){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  357.236692][T12620]  #1: ffffc90002e87d00 ((work_completion)(&pw->pw_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  357.248542][T12620]  #2: ffffe8ffffd67ef8 (&pd_list->lock){+...}-{2:2}, at: padata_do_serial+0x4db/0xa70
[  357.258216][T12620] 
[  357.258216][T12620] stack backtrace:
[  357.264108][T12620] CPU: 1 PID: 12620 Comm: kworker/u4:59 Not tainted syzkaller #0
[  357.271842][T12620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  357.281905][T12620] Workqueue: pdecrypt_parallel padata_parallel_worker
[  357.288686][T12620] Call Trace:
[  357.291972][T12620]  <TASK>
[  357.294906][T12620]  dump_stack_lvl+0x18c/0x250
[  357.299596][T12620]  ? show_regs_print_info+0x20/0x20
[  357.304807][T12620]  ? print_deadlock_bug+0x435/0x5d0
[  357.310026][T12620]  __lock_acquire+0x5dbc/0x7d40
[  357.314894][T12620]  ? verify_lock_unused+0x140/0x140
[  357.320110][T12620]  ? mark_lock+0x94/0x320
[  357.324446][T12620]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  357.330434][T12620]  lock_acquire+0x19e/0x420
[  357.334974][T12620]  ? padata_do_serial+0x644/0xa70
[  357.340007][T12620]  ? lockdep_hardirqs_on+0x98/0x150
[  357.345215][T12620]  ? queue_work_on+0x19a/0x1f0
[  357.350013][T12620]  ? read_lock_is_recursive+0x20/0x20
[  357.355402][T12620]  ? __rwlock_init+0x150/0x150
[  357.360183][T12620]  _raw_spin_lock+0x2e/0x40
[  357.364696][T12620]  ? padata_do_serial+0x644/0xa70
[  357.369735][T12620]  padata_do_serial+0x644/0xa70
[  357.374605][T12620]  ? padata_parallel_worker+0x44/0x1c0
[  357.380072][T12620]  padata_parallel_worker+0x6f/0x1c0
[  357.385370][T12620]  ? process_scheduled_works+0x96f/0x15d0
[  357.391099][T12620]  process_scheduled_works+0xa5d/0x15d0
[  357.396671][T12620]  ? worker_attach_to_pool+0x380/0x380
[  357.402152][T12620]  ? assign_work+0x3d2/0x5d0
[  357.406768][T12620]  worker_thread+0xa55/0xfc0
[  357.411381][T12620]  kthread+0x2fa/0x390
[  357.415457][T12620]  ? pr_cont_work+0x560/0x560
[  357.420153][T12620]  ? kthread_blkcg+0xd0/0xd0
[  357.424760][T12620]  ret_from_fork+0x48/0x80
[  357.429192][T12620]  ? kthread_blkcg+0xd0/0xd0
[  357.433794][T12620]  ret_from_fork_asm+0x11/0x20
[  357.438580][T12620]  </TASK>
[  358.015843][T12611] wlan1: Trigger new scan to find an IBSS to join
[  361.045326][T12611] wlan1: Trigger new scan to find an IBSS to join
[  363.366253][    C0] bridge0: port 2(bridge_slave_1) entered learning state
[  364.015460][ T9282] wlan1: Trigger new scan to find an IBSS to join
[  364.905455][ T9284] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00