last executing test programs:

2m53.115677232s ago: executing program 2 (id=146):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@bridge_dellink={0x34, 0x13, 0x5, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@IFLA_AF_SPEC={0x14, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x5, 0x0, 0x1, {0xc, 0x7, 0x0, 0x1, [{0x8, 0x1}]}}]}]}, 0x34}}, 0x0)

2m52.292570272s ago: executing program 2 (id=152):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x10, 0x2, &(0x7f0000000100)=@raw=[@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0x2a}, @jmp={0x5, 0x0, 0x9, 0x0, 0x6, 0x40, 0xfffffffffffffff0}], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)

2m52.212373291s ago: executing program 2 (id=154):
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000040)={0xc, {"a2e3ad214fc752f91b3e090987f70e06d038e7ff7fc6e5539b3264078b089b0e083860090890e0878f0f1ac6e7049b334c959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31310d3b5d0936cd3b78070daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5003a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d780231c9c99a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f068bb87af8b90fd8f08876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd7072f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d27df2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb84bed4b281769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2c1cde360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e51074b41bc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a28000000000a010300000000000000000100000908000240000000070900010073797a300000000028000000000a03000000000000000000010000090900010073797a3000"], 0x78}, 0x1, 0x0, 0x0, 0x890}, 0x800)

2m52.111986857s ago: executing program 2 (id=157):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0)={[{@noinit_itable}, {@dax_inode}, {@nolazytime}, {@abort}, {@dax_inode}, {@lazytime}, {@noload}, {}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})

2m51.959380024s ago: executing program 2 (id=160):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000980)={0x0, 0x0, 0x10100}, &(0x7f0000000300)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0)
write$P9_RSTATu(r0, &(0x7f0000000580)={0x217, 0x2, 0xfd, {{0x500, 0xd6, 0x500, 0x3, {}, 0x2810000, 0xffffffff, 0x0, 0x4, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x31, 'pg>\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00|E\x00\x00Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\x03\xb4\x94\xe1\x9et\xb7\xd2\xa7\x1c5\xfaW.', 0x2, '\b\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0xee01, 0x0, 0xee01}}, 0x217)

2m51.4429133s ago: executing program 2 (id=166):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffff9, 0x100a99e, 0x10})
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e, 0xfffffffffffffff9})

2m51.175000889s ago: executing program 32 (id=166):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffff9, 0x100a99e, 0x10})
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e, 0xfffffffffffffff9})

2m50.99216235s ago: executing program 0 (id=170):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
open$dir(&(0x7f00000002c0)='./control/file0\x00', 0x80040, 0x28)
r0 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000100)='./control\x00', 0x0)
getdents64(r0, &(0x7f0000fc4fbe)=""/80, 0x50)

2m50.150731579s ago: executing program 0 (id=173):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="7800000011002300"/20, @ANYRES32=0x0, @ANYBLOB="0100000002000000080013"], 0x78}, 0x1, 0x0, 0x0, 0x40080c5}, 0x4000000)

2m49.431788452s ago: executing program 0 (id=176):
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$inet(r0, &(0x7f0000002780)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)

2m49.16929881s ago: executing program 0 (id=179):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x2000000, &(0x7f0000000640)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b46ea5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d9"], 0x1, 0x5514, &(0x7f0000013680)="$eJzs3M1rI2UcB/Bf2u2+uxbx4G0HFqGFTdh0X9Dbqrv4gl2KLwdPmiZpyG6SKU2a1p48eBQP/iei4Mmjf4MHz97Eg+JNWMk8U9n6gkqzjd1+PjD9zjyZ/Ob3hNLyTEICOLEWs19+qsSlOBcR8xFxMaLYr5Rb4XaK5yLickTMPbJVyvHfB05HxPmIuDQpnmpWyoc+uzq+cvPHN37++tszpy58/tV3s5s1MGvPR0R/M+3v9FPmnZT3y/HGuFtk/8a4zPRA/0F5nKfcaa8XFXYa++c1irzeSefnm9vDSW70Gs1JdrobxfjmIF1wOO7s1ymecL+xVRy32utFdod5kZ291NfuXvrbtjccpTqtst6HRfkYjfYzjbd322k+mw+KbA5G5Xiqm7fau5Mcl1leLpp5r1X0sX6YV/r/7c3uYHs3G7e3ht18kN2s1V+o1W9V61t5qz1q36g2+q1bN7KlTm9yWnXUbvRvd/K802vXmnl/OVvqNJvVej1butNe7zYGWb1eu167Vr25XO5dzV69927Wa2VLk3y5O9gedXvDbCPfytIzlrOV2vUXl7Mr9ezt1bVs7a27d1fX3nn/znv3Xlp9/ZXypD+1lS2tXFtZqdavVVfqy8d3/pP/9f9p/h+XTU9x/nAolVk3AHD8WP8D0/fwH8847uv/sP6fCuv/kz1/OBTrfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAE+v7hS9eK3YW0/GFcvypcuiZ8rgSEXMR8fAvzMfpAzXnyzoLf3P+wh96+KYSRYXJNc6U2/mIuF1uvz79uF8FAAAAeHJ9+dHlT9NqPf1YnHVDHKV002bu4gdTqleJiIXFH6ZQJcqbTfHs4btKJr/fp2J3StWKG1hnp1Qs3XI7Na1q/8r8gTj7SFRSzB1pOwAAwJE4uBI42lUIAAAAR+mTWTfAbBTvtJafxS8/wH8mRfmG4LkDRwAAAMAxVJl1AwAAAMBjV6z/ff8fAAAAPNnS9/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAb+zcTU7qUBQH8NOWvsf7yiPGuVtxBstwCQ4dGhbgJlgCbsENsAacuQQDhrYoNZgY+xXJ75e0t7chf06ZnXtJAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALj3my9n97cVd05zNtpl2ngYAAAA4Zp0vZ8XFpJz/qe7/q26dVfMkItKIONa7Z/GjlplVOfkHn8/f1fAQUSTsvuNndfyOiMvqeP7f9a8AAAAAp2s1X0zLbr08TYYuiO6NX6/KRZv071VLyUlE5JOnrwdss4NJujudt1BWYZc8ipuW0ooFrHFLYeWS26ittE/JasP4YEjKIe21HAAAoBf1TqDfLgQAAIA+XQ9dAMNIYr+Vud8LLv55/7Yh+Ks2AwAAAL6hZOgCAAAAgM4V/b/3/wEAAMBpK9//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJfW+XK2mi+mTXM222baeRoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF/bnHQVCIAzCYO/6zmTuf1hp0NTUpAqEj78xGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAN7/7y/+JqXEmmXttLD2PJGunxtapsXduHP1hfP0aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC42J+XFAiBIIiCOeN/J33/w0qCnkGECGh4VFGLBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCLfvfL/4mpcSaZO20sHY8ka1eNravG3oPG0YPx9m8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC42Lmf3yiqOADg39lfWJRYq+mhxmjiQS9SFgS5etA0HvwTTJqyYHXxB/QghJj04s30ZsLF6NEYE0298T9whoQL3jj0gIknD5qZnWkfK+giMLPtfj7Jm/ed2WHe9w1N0++8aQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMrO23txO9/Mj+JWeezG3StreX9zrM9d27q1lLc8zupMen94Kd3JFptLBAAAgNnRrur7iLjd3V7J+9Z8Uf93q3Pymv+7I6O4qufH6/6qr2r/vP36y50XdgeaH42TX/Ts+nBw7J+pdJ7cLKfbs/95Rqe488Wzl3bxH9J6b/P5nW5xP7Ovr19/p1eEh+rIFgD4P45WfRlUPw/lfb/JxACYGZ2k8K7q//Z8szkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1KG3GU9XcRYRS529OHfz7pW1oh/bv7Z1a6lqp65e3UqvmV+iGxFn14eDY3VNZB+4eOnyx6vD4eDCfYO5iHjAR48evBwRj//K8XD/6oMJzol47HMX1Bi0yq/1aclnfwQNf2MCAODA6ZYtr+tvd7dX8mPZQsRf399b/7+WxJHW/2N9Wv/f+fDUjXSstP7v1zbDKfHNkQd+tLxx/rPli5cuv7F+fvXc4NzgkzeP99/qnzh98uTp5eJZybInJgAAADyaXtnS+r+1ELEztv5/OIljwvr/82/7X6ZjtWe5/v8Xe4t+TWcCAAAw25575Y/fs/scz3q9+GJ1Y+NCf7Td3T8+2jaQ6kM7VLa0/m8vNJ0VAAAAUIedzeye9f8zSRwTrv8/88OLP6XXbEfEXLn+f3Tt0+GZ+qbTkD8nOquOXyd+4lMFAABgqs2VLV3/7xbv/7d2X3loRcTrrxZhVv4ZwInq//a7X/2YjpW+/3+ixjlOo9bi6H4U/WJEZ7HpjAAAADjInipbXuz/1t1e+ejnw+/3vP8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAULe/AwAA///lFT7r")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x100)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0xff, 0x0, 0x7fff0006}]})
close_range(r0, 0xffffffffffffffff, 0x0)

2m48.562126775s ago: executing program 0 (id=181):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000005300)=[{0x28, 0x0, 0xfb, 0xfffff034}, {0x80000006, 0x66}]}, 0x10)
syz_emit_ethernet(0x7a, &(0x7f0000000440)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, '\x00', 0x44, 0x2f, 0x0, @remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x880b, 0x0, 0xfffd}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x57}, {}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}}}}}}}}}, 0x0)

2m47.131044927s ago: executing program 0 (id=185):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x4}})

2m46.60837584s ago: executing program 33 (id=185):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x4}})

1m46.537364706s ago: executing program 3 (id=729):
r0 = socket(0x1e, 0x4, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000240)={'syztnl0\x00', &(0x7f0000000400)={'syztnl1\x00', 0x0, 0x10, 0x8, 0xfb, 0x8001, {{0x5, 0x4, 0x3, 0x5, 0x14, 0x65, 0x0, 0x2, 0x29, 0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000480)={'ip6tnl0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x29, 0x9, 0xbc, 0x0, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x32}, 0x10, 0x0, 0xe7, 0x2}})

1m46.388266845s ago: executing program 3 (id=730):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000140)={<r1=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e24, 0x40005, @mcast1}, {0x2, 0xfff9, 0xc00, @private2, 0xffffffff}, r1, 0x9dffffff}}, 0x48)

1m46.386659098s ago: executing program 3 (id=731):
r0 = creat(0x0, 0x0)
close(r0)
socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r1, 0x6, 0x1, 0x0, 0x0)
getpeername(r1, 0x0, 0x0)
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f00000010c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_WRITE_SC_SUPPORT={{0xd}, 0x3}}}, 0x7)

1m46.287789494s ago: executing program 3 (id=732):
syz_mount_image$minix(&(0x7f0000000540), &(0x7f00000002c0)='./file1\x00', 0x8040, &(0x7f0000000c00)=ANY=[@ANYRES16=0x0], 0xfd, 0x1d0, &(0x7f0000000300)="$eJzs3O9uk1AYx/EftIXNP/H/G99qom8cdiYSXxi3O3Hp2Fxkaqxv2jSxxivxRrwVb6BN7A2IAVoKqBVRoK3fT7LsPPQczvM0oZzThArAf+uqJEOGOpKCIHj/4m5wpemcANQj0LegqKeLMQC2ROvrH3U3pHFluQCo0/SwZUY39bH0ZTbqTeZ/ndw6YTcTtZPW9DAefiBpkhpvFVx/TD8Y0f/b7ex4W9JOkfXLp3j8vcX8YWqzUS+Tb76Y/Pze5zhIzX+hcP5x/ffvZPO/KOmSpMthIfay/zVJ139S/3H2/bNvFZwf+BuG9vJx5oCpkzPfe5jEHZ1Y8rpJbEWv7+fiR0lsR/Fe77V/XFUJAEoyf7j+n5vpuKVwwb+8/tvR9dytL0EAlekPhi+PfN97W6ZhjIt1NspPQaOehrUeaZRohJu7NUgj1/ho/oPz7NSac7hzTh3JfVAU3dAD2BjOu/M3Tn8wfHB2fnTqnXqv9t0nrit1H7tOtPN3svv/2Iov1ABsjMXdf7fpRAAAAAAAAAAAAAAAQGk3JN1chgdN5gIAAACgWr97MEjzn/tZ+fDQs/nJftGn4RIBAAAAAAAAAAAAAAAAAACArfE9AAD//zpGOPg=")
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x808000, &(0x7f00000002c0)=ANY=[@ANYBLOB="00cd067ca5fe94f358a97d3799d10d6a0f0d49553970899fa347aa76be1b2509f63779954a38f01042f578e036051ee7d6d1fb7e07c209e650464433ce970000000900000014c931bb00000000", @ANYRESOCT=0x0], 0x1, 0xa0, &(0x7f0000000000)="$eJzs17GJAlEUBdC7s8vuGjgNGNiBNdiKGGpmpAhWZCuWIIgVmInJyDgziHagngP/Py43fcnbXbaDlEm1Saoni+VqNpk3f/p5MA7voEjyl+Q/ybBs8u+tObRbkOxP62n36ubr3DUAAMArKTKqx3cbj/fmJ0mvvQOaBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPCJrgEAAP//sjg1uA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
lstat(&(0x7f00000034c0)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

1m46.224309773s ago: executing program 3 (id=733):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x28, r1, 0x5, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_FORWARDING={0x5}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x4004010)

1m45.95258318s ago: executing program 3 (id=739):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000300)=@GFS2_SMALL_FH_SIZE={0x10, 0x4, {0x2ce, 0x0, 0x4ac00000, 0x2}}, 0x101301)
syz_emit_ethernet(0x56, &(0x7f0000000280)={@random="a50ed9bfa23a", @dev, @void, {@canfd={0xd, {{0x1, 0x1, 0x0, 0x1}, 0x16, 0x0, 0x0, 0x0, "f8b50d307d74af37e4da9707f653e812f340ace5733a33dc5af03aa1939e28153eb8282b1da382161fd80f7757e423f45751fd1dd4586f5d99cbaaf8b332233f"}}}}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

1m45.716614399s ago: executing program 34 (id=739):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000300)=@GFS2_SMALL_FH_SIZE={0x10, 0x4, {0x2ce, 0x0, 0x4ac00000, 0x2}}, 0x101301)
syz_emit_ethernet(0x56, &(0x7f0000000280)={@random="a50ed9bfa23a", @dev, @void, {@canfd={0xd, {{0x1, 0x1, 0x0, 0x1}, 0x16, 0x0, 0x0, 0x0, "f8b50d307d74af37e4da9707f653e812f340ace5733a33dc5af03aa1939e28153eb8282b1da382161fd80f7757e423f45751fd1dd4586f5d99cbaaf8b332233f"}}}}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

1m18.936006905s ago: executing program 1 (id=947):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{}, 0x0, &(0x7f00000005c0)}, 0x20)
r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x12, 0x141341)
ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f00000005c0)={{{0x1, 0x1}}, 0x0, 0xfffffffd, 0x0})

1m18.93580874s ago: executing program 1 (id=948):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x13, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x43}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xc4}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)

1m18.886749239s ago: executing program 1 (id=949):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/mem_sleep', 0x101a02, 0x0)
syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
r0 = syz_io_uring_setup(0x6062, &(0x7f0000000780)={0x0, 0x0, 0x10100, 0x1fe, 0x155}, &(0x7f0000000400)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27})
io_uring_enter(r0, 0x6b51, 0x7e2e, 0x0, 0x0, 0x0)

1m18.650319915s ago: executing program 1 (id=951):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080)
ioctl$LOOP_SET_FD(r3, 0x4c00, r2)
dup2(r2, r0)

1m18.38637248s ago: executing program 1 (id=955):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x54c, 0x24b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

1m18.206214704s ago: executing program 1 (id=957):
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb7e, &(0x7f0000000c40)="$eJzs3M1rVFcbAPDn3nwYNb6JL/LyWkoNtGChOBrFSl2py9ZFof0DDHEiIdcPkhRMcBHbhXRVC910UWgXpX9AoetstNBV6aaVFrqXShHdp9zJnWQwM0mqMx4/fj84c8/HZM7z5JK555C5E8BLa6x8yCP2R8S5LGKk6s8jYrBRG4pYWn3eg/vXJh/evzaZxcrKB39nkVV9zdfKquPuqjEUEb+cyeK/n2ycd25hcWaiKOqzVfvw/MUrh+cWFg9NX5y4UL9QvzR+YvzY8RPHjr99pGu5vrv35tmvxk/t+f7Mrauv3fj9yyxOxXA11ppHt4zFWKxUWvv7I2Ki25Ml0lflk7X0Zf0JAwIAYFN5yxrufzESfbG+eBuJW78mDQ4AAADoipW+WPsfFQAAAPCiyuz/AQAA4AXX/BzAg/vXJpsl7ScSnq57pyNitF3+/bHUOA7FQETsepBF622t2eqPPbGxiNj30+iPZYke3Ye8maXrEfH/dvlnjfxHG3dxb8w/j4hu3Jk99kj7ecr/VBfmT50/AC+n5dOrF7KN1798bf0Tba5//W2uXY8j9fWv8/pvPf++Duu/97c5R/3Ap593Gmtd/xXfvnq7nL88PlFS/8K96xGv9Hde/5T5Zx3yP7fNOQb++PmHTmNl/mW+zfK081/5JuJg2/3P+jfaZJt/P9HhqemiXj22nePG7e/2dZq/9fyXpZy/uRd4Gsrzv6tD/lud/yvbnGP5r4N/dhrbOv/87mD2YaM2WPVcnZifnx2PGMzObuw/unkszec0X6PM/83XN//7b5d/+Z6wVP0eyr3A9epYtj9+ZM5D773zxuPn31tl/ucf8/zf3OYcX382e7fTWOr8AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg+5BExHFleW6vnea0WsTsi9sWuvLg8N//W1OWPLp0vxyJGYyCfmi7qRyJiZLWdle3xRn29ffSR9rGI2BsRX4zsbLRrk5eL86mTBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYM3uiBiOLK9FRB4RD0fyvFZLHRUAAADQdaOpAwAAAAB6zv4fAAAAXnz2/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPTY3gPLd7KIWDq5s1FKg9XYQNLIgF7LUwcAJNOXOgAgmf7UAQDJ2OMD2RbjQx1HdnQ9FgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeXQf3L9/JImLp5M5GKQ1WYwNJIwN6LU8dAJBMX+oAgGT6UwcAJGOPD2RbjA91HNnR9VgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHYNN0qW1yIib9TzvFaL2BMRozGQTU0X9SMR8Z+I+G1kYEfZHk8dNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF03t7A4M1EU9VkVFRWVtUrqdyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFKYW1icmSiK+uxc6kgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA1OYWFmcmiqI+28NK6hwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEjnnwAAAP///JMJmQ==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
pipe(&(0x7f0000000400)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
splice(r0, 0x0, r2, 0x0, 0x88000cc, 0x0)
write$eventfd(r1, &(0x7f0000000240), 0xffffff14)

1m18.019724086s ago: executing program 35 (id=957):
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb7e, &(0x7f0000000c40)="$eJzs3M1rVFcbAPDn3nwYNb6JL/LyWkoNtGChOBrFSl2py9ZFof0DDHEiIdcPkhRMcBHbhXRVC910UWgXpX9AoetstNBV6aaVFrqXShHdp9zJnWQwM0mqMx4/fj84c8/HZM7z5JK555C5E8BLa6x8yCP2R8S5LGKk6s8jYrBRG4pYWn3eg/vXJh/evzaZxcrKB39nkVV9zdfKquPuqjEUEb+cyeK/n2ycd25hcWaiKOqzVfvw/MUrh+cWFg9NX5y4UL9QvzR+YvzY8RPHjr99pGu5vrv35tmvxk/t+f7Mrauv3fj9yyxOxXA11ppHt4zFWKxUWvv7I2Ki25Ml0lflk7X0Zf0JAwIAYFN5yxrufzESfbG+eBuJW78mDQ4AAADoipW+WPsfFQAAAPCiyuz/AQAA4AXX/BzAg/vXJpsl7ScSnq57pyNitF3+/bHUOA7FQETsepBF622t2eqPPbGxiNj30+iPZYke3Ye8maXrEfH/dvlnjfxHG3dxb8w/j4hu3Jk99kj7ecr/VBfmT50/AC+n5dOrF7KN1798bf0Tba5//W2uXY8j9fWv8/pvPf++Duu/97c5R/3Ap593Gmtd/xXfvnq7nL88PlFS/8K96xGv9Hde/5T5Zx3yP7fNOQb++PmHTmNl/mW+zfK081/5JuJg2/3P+jfaZJt/P9HhqemiXj22nePG7e/2dZq/9fyXpZy/uRd4Gsrzv6tD/lud/yvbnGP5r4N/dhrbOv/87mD2YaM2WPVcnZifnx2PGMzObuw/unkszec0X6PM/83XN//7b5d/+Z6wVP0eyr3A9epYtj9+ZM5D773zxuPn31tl/ucf8/zf3OYcX382e7fTWOr8AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg+5BExHFleW6vnea0WsTsi9sWuvLg8N//W1OWPLp0vxyJGYyCfmi7qRyJiZLWdle3xRn29ffSR9rGI2BsRX4zsbLRrk5eL86mTBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYM3uiBiOLK9FRB4RD0fyvFZLHRUAAADQdaOpAwAAAAB6zv4fAAAAXnz2/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPTY3gPLd7KIWDq5s1FKg9XYQNLIgF7LUwcAJNOXOgAgmf7UAQDJ2OMD2RbjQx1HdnQ9FgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeXQf3L9/JImLp5M5GKQ1WYwNJIwN6LU8dAJBMX+oAgGT6UwcAJGOPD2RbjA91HNnR9VgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHYNN0qW1yIib9TzvFaL2BMRozGQTU0X9SMR8Z+I+G1kYEfZHk8dNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF03t7A4M1EU9VkVFRWVtUrqdyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFKYW1icmSiK+uxc6kgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA1OYWFmcmiqI+28NK6hwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEjnnwAAAP///JMJmQ==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
pipe(&(0x7f0000000400)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
splice(r0, 0x0, r2, 0x0, 0x88000cc, 0x0)
write$eventfd(r1, &(0x7f0000000240), 0xffffff14)

15.21020301s ago: executing program 5 (id=1616):
r0 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10)

15.120241915s ago: executing program 5 (id=1617):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r1, &(0x7f0000000980), 0xe)
listen(r1, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x440, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
open$dir(&(0x7f0000000100)='./file0\x00', 0x22a900, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
pselect6(0x40, &(0x7f0000000000)={0x6, 0x2, 0x8000000000000000, 0x0, 0x2, 0x0, 0x100, 0x10001003}, 0x0, &(0x7f00000002c0)={0x3ff, 0x8, 0x1000000000, 0x689, 0x2, 0x3ffffffffd, 0x2, 0x7}, 0x0, 0x0)
ioctl$IOMMU_IOAS_COPY(0xffffffffffffffff, 0x3b83, &(0x7f0000000040)={0x28, 0x5, 0x0, 0x0, 0x3, 0xfffffffffffffffa, 0x4003})
ioctl$IOMMU_IOAS_MAP(0xffffffffffffffff, 0x3b85, &(0x7f0000000180)={0x28, 0x6, 0x0, 0x0, 0x0, 0x0, 0x7a})

15.119676453s ago: executing program 5 (id=1618):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x8, &(0x7f00000003c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2a}, [@call={0x85, 0x0, 0x0, 0x87}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000000)="e06921e8682d85ff9782762f86dd", 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

15.041568289s ago: executing program 5 (id=1619):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100), 0x1, 0x500, &(0x7f0000000500)="$eJzs3U9sI1cZAPBvJn/sTdMmhR4AFbqUwoJWayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHohInOHHmgMQBqSfuSBzgxqUckAqsQA0SByOP7V3njzfWbmzvxr+fNJo38+L53tvRvGd91s4LYGJdj4ijiJiNiPcjYqFzPuls8XZ7a/3dZ/fvrh3fv7uWRLP53j+TrL51Lno+0/Jc55r5iPjBOxE/Sk4F/VNE/eBwe7VSKe91ThUb1d1i/eDw1lZ1dbO8Wd4plVaWV5bevP1G6dL6+kr1N59ei4jf/+7Ln/zx6Fs/aTVrvlPX24/L1O76zIM4LdMR8b1hBBuDqU5/Zh/nw4/1IS5TGhGfi4hXs+d/Iaayu3nSydv07RG2DgAYhmZzIZoLvccAwFWXZjmwJC10cgHzkaaFQjuH91LMpZVavXFzo7a/s97OlS3GTLqxVSkvdXKFizGTbGxNl5ezcve4Ui6dOr4dES9GxM9y17Ljwlqtsj7OLz4AMMGeOzX//yfXnv8BgCsu/7CYG2c7AIDRyY+7AQDAyJn/AWDymP8BYPKY/wFg8pj/AWDymP8BYKJ8/913W1vzuPP+6/UPDva3ax/cWi/XtwvV/bXCWm1vt7BZq21m7+ypXnS9Sq22u/x67H9YbJTrjWL94PBOtba/07iTvdf7TnlmJL0CAB7lxVc+/ksSEUdvXcu26Hnf/4Vz9cvDbh0wTOm4GwCMzdS4GwCMzdnVvoBJIR8P9CzRe6/ndP5M4bSPBrp8at1QePrc+OIT5P+BZ5r8P0yux8v/+y4PV4H8P0yuZjOx5j8ATBg5fiC5oL739/+lZs/BYL//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJU0n21JWuisBT4faVooRDwfEYsxk2xsVcpLEfFCRPw5N5NrHS9HhHWDAOBZlv496az/dWPhtfnTtbO5/+ayfUT8+Bfv/fzD1UZjbzliNvnXg/ONjzrnS+NoPwBwke483Z3Huz67f3etu42yPZ9+p724aCvucWdr10zHdLbPZ7mGuX8nneO21veVqUuIf3QvIr5wXv+TLDey2Fn59HT8VuznRxo/PRE/zera+9a/xecvoS0waT5ujT9vn/f8pXE925///OezEerJdce/4zPjX/pg/JvqM/5dHzTG63/47pmTzYV23b2IL01HHHcv3jP+dOMnfeK/NmD8v778lVf71TV/GXEjzut/ciJWsVHdLdYPDm9tVVc3y5vlnVJpZXll6c3bb5SKWY662M1Un/WPt26+0C9+q/9zfeLnL+j/1wfs/6/+9/4Pv/qI+N/82vn3/6VHxG/Nid8YMP7q3G/z/epa8df79P+i+39zwPif/O1wfcA/BQBGoH5wuL1aqZT3hl1Ihx8iKyQRRyPoTruQ+/VP3xlVrCEW4ulohsLTVBj3yAQM28OHftwtAQAAAAAAAAAAAAAA+hnFfycadx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//5iA1Hs=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
getdents(r0, 0x0, 0x0)

14.427549222s ago: executing program 5 (id=1620):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000cc0)="91ebffffff7f7d8625547e6fdcfb96c1d9b461ad7581ce705ad7203fb9e00e70512c27e5d5980dbbdb9d8dd381060e0f5bd279f6b8d9109f8e5b1ad6402331e7e4ba5a0300ee40f4ed347c7997c0c822b355f310b659f42003566ffc26878858a5f20373da0b75bed8465da60f840979b6b18d0cbeb297ce3e1e34d46e9e28b416e60e9f9dceb059bd608a506d563315b1a9c536f6ca7ec68acd35c32cdace2471dce1452c62550a9bf975bb6adf889077c111c77030761c0f5d6baccf58dd38bdc0889b5566", 0xc6}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000f00)="5604b1f93280601007f1bfc8446f785300fcfc78c557b8e530dc9f84187a0dd96c1488a0a665ec777782588791c4fd3b0443cd5bde128419bfe468e776011282e789dbfd36ffcbeddbc482d96b9f47e195afe70b764b941e9590c8cfb377d923eaffee045993ff1eb3737b9ec2", 0x6d}], 0x20}}], 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

14.013432483s ago: executing program 5 (id=1623):
r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000040)={0x1, 0x0, &(0x7f0000000000)=[<r1=>0x0]})
ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000080)={0x1, r1, 0xfffffffd, 0x4, 0x80000000, 0x2, 0x56afe045})

13.589490988s ago: executing program 36 (id=1623):
r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000040)={0x1, 0x0, &(0x7f0000000000)=[<r1=>0x0]})
ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000080)={0x1, r1, 0xfffffffd, 0x4, 0x80000000, 0x2, 0x56afe045})

1.605891387s ago: executing program 4 (id=1695):
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0xeb, 0x1, 0x413}}}, 0x7)

1.30947248s ago: executing program 4 (id=1698):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)={0x14, 0x32, 0x1, 0x70bd28, 0x25dfdbfd, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4008000)

1.309092857s ago: executing program 7 (id=1699):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x78}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)

1.23991007s ago: executing program 4 (id=1700):
timer_create(0x8, 0x0, &(0x7f0000bbdffc)=<r0=>0x0)
timer_settime(r0, 0x0, &(0x7f0000000180)={{0x77359400}, {0x77359400}}, &(0x7f0000000a80))

1.178471813s ago: executing program 7 (id=1701):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x4c)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d05c164a534308", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4051}, 0x20008001)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x1, 0x7fff, 0x1, 0x4, 0x9, 0xa4, 0xffb, 0x7, 0xb69, 0xc1, 0x4, 0x1, 0x3, 0x5, 0x101, 0x1000, 0x9, 0x3, 0x1, 0x1, 0xfffffffa, 0x0, 0x6, 0x9, 0x4, 0x7, 0x5, 0x100000, 0x762, 0x3, 0x0, 0xe, 0x2b12, 0x100, 0x6, 0x1c00, 0xb, 0x40, 0xbed4, 0x8, 0x8000100, 0x3, 0x0, 0x11000, 0x8, 0x5, 0x79b, 0x2, 0x1, 0x7f, 0x4, 0xa, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x81, 0x2, 0x180000, 0x4007, 0x8b, 0x5, 0x2af, 0xf7, 0x5, 0x2, 0x6, 0x9, 0x4, 0x7, 0x4009, 0x0, 0x4, 0x100002, 0x8, 0x752, 0x0, 0x3, 0x0, 0x10001, 0x2, 0xffffffff, 0x6, 0x6, 0x9, 0x80000000, 0x8, 0x2, 0xfffffffe, 0x84, 0x100, 0x5, 0x252, 0x81, 0xb, 0x5, 0x20006, 0x5, 0x2, 0xb, 0x2, 0xd9a, 0xd, 0x2a2, 0xfffffffd, 0x3, 0x2, 0x5, 0x8, 0x0, 0x4, 0x2, 0x40, 0x8, 0x4, 0x4, 0x401, 0x66cd, 0x8, 0x8, 0x1, 0x1fc, 0xc5c, 0xffffffff]}})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)

1.17819366s ago: executing program 4 (id=1702):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000080)=@req3={0x54c, 0x4, 0x3, 0x3, 0xc, 0x6, 0x7}, 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
gettid()
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)

1.177985374s ago: executing program 7 (id=1703):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0x511e36599023629, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0)
r1 = syz_io_uring_setup(0x24fa, &(0x7f00000002c0)={0x0, 0x0, 0x10100}, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000200)=<r3=>0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB='2'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READ_FIXED)
io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

440.361896ms ago: executing program 6 (id=1704):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0)
r2 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x0, 0x2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_USE_CARRIER={0x5}]}}}]}, 0x3c}}, 0x8004)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

405.191203ms ago: executing program 6 (id=1705):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000000), 0x4)

320.408741ms ago: executing program 6 (id=1706):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0)

289.568704ms ago: executing program 6 (id=1707):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000180)=0x7, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000340)=0x63ba, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000100)=0x8, 0x4)
sendmmsg$inet6(r0, &(0x7f0000000400)=[{{&(0x7f0000000240)={0xa, 0x4e23, 0x800, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}], 0x1, 0x60040000)
recvmmsg(r0, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f80)=""/129, 0x81}, 0xdb30}], 0x1, 0x40002042, 0x0)

288.280556ms ago: executing program 7 (id=1708):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="500000001800010018bd7000fddbdf251d0105000c000b00000000e00200000508000900", @ANYRES32, @ANYBLOB="08000e00", @ANYRES32=0x0, @ANYBLOB="15000100030000e007020000f1ffff00040000000100000008000a"], 0x50}, 0x1, 0x0, 0x0, 0x20044806}, 0x48080)

186.272986ms ago: executing program 7 (id=1709):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = fanotify_init(0x10, 0x101000)
fanotify_mark(r1, 0x80, 0x0, 0xffffffffffffffff, 0x0)

185.911712ms ago: executing program 6 (id=1710):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r0, 0x0, 0xffdd)

185.397575ms ago: executing program 4 (id=1711):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0x0, 0x25, 0x148, 0x0, 0x60, 0x270, 0x2a8, 0x2a8, 0x270, 0x2a8, 0x8000000, 0x0, {[{{@ip={@rand_addr=0x64010100, @multicast1, 0xffffff00, 0x0, 'syzkaller1\x00', 'veth1_virt_wifi\x00', {0xff}, {}, 0x6a, 0x1, 0x21}, 0x0, 0x70, 0xd0, 0x0, {0x200003ae, 0x7f00}}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x2, 0x1, 0x1, 0x4], 0x4, 0x1}, {0xffffffffffffffff, [0x5, 0x6, 0x4, 0x4, 0x1, 0x3], 0xfe, 0x3}}}}, {{@ip={@rand_addr=0x64010100, @broadcast, 0x0, 0x0, 'veth1_to_bond\x00', 'wlan1\x00', {0xff}, {0xff}}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8000, 'syz0\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x280)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000180)=0x42000000, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

46.655006ms ago: executing program 7 (id=1712):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x10050, &(0x7f0000000800)={[{@jqfmt_vfsv1}, {@nouid32}, {@jqfmt_vfsv0}, {@norecovery}, {@nogrpid}, {@dioread_lock}]}, 0x3, 0x546, &(0x7f0000000180)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrJbdSdJ47bBh6og+lRQKz4Ja0wmIWSSWZJJuwmLTfFVEES04Is++SL4BwjSF99FKNR3UVGkZvVBoe2VO3Onm0xmkhRncpfk94OTe889k/t9Z8KcOXfm5t4ALqwnI+JGRIxFxDMRMVVsT4sSe52SP+7+/r3FvCSRZS+9nURSbOvu63KxvJb/qEZMRMQ3vhrx3eRo3K2d3bWFRqO+WdSnW+vJO1m2e3N1fWGlvlLfmJubfW7++flb8zND6Wc1Il748l9/8sNffuWF3372lT/d/vuN7+Vp/TfLXo2efgxTp+uV9nPRlT+Xm6MIVpLxdg87bpWcCwAAx8vn+x+OiE+25/9TMdaezQEAAADnSfaFyXgnicgAAACAcyuNiMlI0lpxvu9kccbqtYj4aFxNG82t1meWm9sbS3lbRDUq6fJqoz4TE+1zB6pRSfL6bHGObbf+bE99LiIejYgfT11p12uLzcZS2R9+AAAAwAVxref4/99TaVqrFY17JScHAAAADE+17AQAAACAkXP8DwAAAOdfNetzh66j0tFnAgAAAIzA1158MS9Z9/7XSy/vbK81X765VN9aq61vL9YWm5t3aivN5kr7mn3rJ+2v0Wze+VxsbN+dbtW3WtNbO7u315vbG63bq4dugQ0AAACcoUc/8cYfk4jY+/yVdsldKtoqEdnYwQePl5EhMCof6Jyev4wuD+DsHXx/v1JiHsDZM6WHi6tSdgJA6U76B6CBJ+/8fvi5AAAAo3H9Y4O//397udTUgBErvv9PTnUBEOBcGSs7AaA0ne//3ss6ys4GOEuV42YADgrg3EuH8/3/CacSJgYUAAAo2WS7JGmtOA6YjDSt1SIead8WsJIsrzbqMxHxoYh4a6pyOa/Ptn8zMZsHAAAAAAAAAAAAAAAAAAAAAAAAgFPKsiQyAAAA4FyLSP/WvTPX9amnJ3s/H7iU/GeqvYyIV3720k/vLrRam7P59n++v731erH92TI+wQAAAAB6dY/Tu8fxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBM9/fvLd7Psizbv7d4lnH/8aWIqBbxi9JpGY+J9nIiKhFx9V9JjB/4vSQixoYQf++1iHisX/wkTyuqRRaH4l+KSCPiyrDixweMH53414YQHy6yN/Lx54v9Xn9pPNle9n/9jRfl/zV4/EvfH//GBox/jwzaaeVw9fE3fz09MP5rEY+P9x9/uvGTfH994j91yj5+55u7u4Pasl9EXO83/iWHY0231u9Mb+3s3lxdX1ipr9Q35uZmn5t/fv7W/Mz08mqjXvzsG+NHH//New9q7x7p/9Vjxt92/wc8/0+fsv/vvnl3/yOd1Z6/TFTi51l246n+f//H8sWnj8bvvvd9qngfyOv5c5i+/q2+8Z/41R+eGJRb3v+lAf2f6On/5Z7+3zhl/5/5+vf/fMqHAgBnYGtnd22h0ahvWjm4EtWHIo2HdyWfd5aeRhJJ5CtvHWpaKD+xzsqrxWtsodF9tQ1pz78rDo5GmXxJ4xEAADA6Dyb9vS1JOQkBAAAAAAAAAAAAAAAAAADABXTiZcAGNaUR8WDLt39wzNXIemPuldNVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBj/S8AAP//QELWQQ==")

46.312688ms ago: executing program 4 (id=1713):
r0 = socket$inet(0x2, 0x2, 0x1)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x5e21, @local}, 0x10)

0s ago: executing program 6 (id=1714):
unshare(0xa000400)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
r1 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f00000001c0)=':!/^:-^*!-\x00', 0x0, r1)

kernel console output (not intermixed with test programs):

 found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  175.458500][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.461474][ T5914] usb 5-1: Product: syz
[  175.463113][ T5914] usb 5-1: Manufacturer: syz
[  175.471321][ T5914] usb 5-1: SerialNumber: syz
[  175.479572][ T8817] ntfs3(loop1): ino=20, mi_enum_attr
[  175.522677][ T8827] netlink: 248 bytes leftover after parsing attributes in process `syz.5.930'.
[  175.624657][ T8829] loop5: detected capacity change from 0 to 256
[  175.636504][ T8829] vfat: Bad value for 'nonumtail'
[  175.704479][ T5914] usb 5-1: USB disconnect, device number 8
[  175.899874][ T5915] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  176.068776][ T5915] usb 6-1: Using ep0 maxpacket: 8
[  176.076716][ T5915] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD9, changing to 0x89
[  176.081556][ T5915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 99, changing to 10
[  176.085223][ T5915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 34391, setting to 1024
[  176.107653][ T5915] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  176.110827][ T5915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.151506][ T5915] usb 6-1: config 0 descriptor??
[  176.154398][ T8829] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  176.204048][ T8838] loop1: detected capacity change from 0 to 4096
[  176.221703][ T8838] ntfs3(loop1): It is recommened to use chkdsk.
[  176.232149][ T8838] ntfs3(loop1): try to read out of volume at offset 0x3fffffc0c00
[  176.242052][ T8838] ntfs3(loop1): try to read out of volume at offset 0x3fffffc0c00
[  176.245250][ T8838] ntfs3(loop1): try to read out of volume at offset 0x3fffffc0c00
[  176.257411][ T8838] ntfs3(loop1): try to read out of volume at offset 0x3fffffc0c00
[  176.260644][ T8838] ntfs3(loop1): try to read out of volume at offset 0x3fffffc1c00
[  176.268742][ T8838] ntfs3(loop1): try to read out of volume at offset 0x3fffffc2c00
[  176.272024][ T8838] ntfs3(loop1): try to read out of volume at offset 0x3fffffc4c00
[  176.278072][ T8838] ntfs3(loop1): try to read out of volume at offset 0x3fffffc8c00
[  176.287331][ T8838] ntfs3(loop1): try to read out of volume at offset 0x3fffffd0c00
[  176.381711][ T5915] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  176.408690][ T5915] usb 6-1: USB disconnect, device number 4
[  176.556587][ T8842] loop4: detected capacity change from 0 to 32768
[  176.567279][ T8842] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.937 (8842)
[  176.581671][ T8842] BTRFS info (device loop4): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  176.584903][ T8842] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  176.589034][ T8842] BTRFS info (device loop4): using free-space-tree
[  176.674360][ T8846] loop1: detected capacity change from 0 to 32768
[  176.793326][ T6458] BTRFS info (device loop4): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  176.996506][ T8872] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  177.071720][ T8875] loop5: detected capacity change from 0 to 512
[  177.140303][ T8875] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.160926][ T8875] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  177.215083][   T33] audit: type=1800 audit(1755548146.955:287): pid=8875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.945" name="file1" dev="loop5" ino=15 res=0 errno=0
[  177.246123][   T33] audit: type=1800 audit(1755548146.975:288): pid=8875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.945" name="file2" dev="loop5" ino=16 res=0 errno=0
[  177.299916][   T33] audit: type=1800 audit(1755548146.975:289): pid=8875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.945" name="file1" dev="loop5" ino=15 res=0 errno=0
[  177.541136][   T33] audit: type=1326 audit(1755548147.285:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8891 comm="syz.4.952" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f498cd8ebe9 code=0x7ffc0000
[  177.549647][   T33] audit: type=1326 audit(1755548147.285:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8891 comm="syz.4.952" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f498cd8d550 code=0x7ffc0000
[  177.559524][   T33] audit: type=1326 audit(1755548147.285:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8891 comm="syz.4.952" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f498cd8d550 code=0x7ffc0000
[  177.567443][   T33] audit: type=1326 audit(1755548147.285:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8891 comm="syz.4.952" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f498cd8ebe9 code=0x7ffc0000
[  177.587418][   T33] audit: type=1326 audit(1755548147.285:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8891 comm="syz.4.952" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f498cd8ebe9 code=0x7ffc0000
[  177.594647][   T33] audit: type=1326 audit(1755548147.285:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8891 comm="syz.4.952" exe="/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7f498cd8ebe9 code=0x7ffc0000
[  177.597812][ T8164] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.344218][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  178.350575][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  178.354345][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  178.357924][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  178.361063][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  178.592000][ T8915] chnl_net:caif_netlink_parms(): no params data found
[  178.694991][ T8915] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.698167][ T8915] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.701229][ T8915] bridge_slave_0: entered allmulticast mode
[  178.705248][ T8915] bridge_slave_0: entered promiscuous mode
[  178.712188][ T8915] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.715180][ T8915] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.718781][ T8915] bridge_slave_1: entered allmulticast mode
[  178.722817][ T8915] bridge_slave_1: entered promiscuous mode
[  178.760073][ T8915] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  178.768739][ T8915] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  178.811841][ T8915] team0: Port device team_slave_0 added
[  178.816964][ T8915] team0: Port device team_slave_1 added
[  178.853647][ T8915] batman_adv: batadv0: Adding interface: batadv_slave_0
[  178.856451][ T8915] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  178.867006][ T8915] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  178.873074][ T8915] batman_adv: batadv0: Adding interface: batadv_slave_1
[  178.876048][ T8915] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  178.887570][ T8915] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  178.960131][ T8915] hsr_slave_0: entered promiscuous mode
[  178.963319][ T8915] hsr_slave_1: entered promiscuous mode
[  178.977933][ T8915] debugfs: 'hsr0' already exists in 'hsr'
[  178.980244][ T8915] Cannot create hsr debugfs directory
[  179.280273][ T8915] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  179.301818][ T8915] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  179.329003][ T8915] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  179.342592][ T8915] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  179.377048][ T8939] netlink: 68 bytes leftover after parsing attributes in process `syz.5.970'.
[  179.381126][ T8939] netlink: 68 bytes leftover after parsing attributes in process `syz.5.970'.
[  179.384739][ T8939] netlink: 10 bytes leftover after parsing attributes in process `syz.5.970'.
[  179.539350][ T8915] 8021q: adding VLAN 0 to HW filter on device bond0
[  179.570674][ T8915] 8021q: adding VLAN 0 to HW filter on device team0
[  179.585699][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.588667][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[  179.601880][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.604825][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[  179.869585][ T8915] 8021q: adding VLAN 0 to HW filter on device batadv0
[  179.875765][ T8956] loop5: detected capacity change from 0 to 2048
[  179.882129][ T8956] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  180.042056][ T8915] veth0_vlan: entered promiscuous mode
[  180.052499][ T8915] veth1_vlan: entered promiscuous mode
[  180.089078][ T8915] veth0_macvtap: entered promiscuous mode
[  180.093190][ T8915] veth1_macvtap: entered promiscuous mode
[  180.112192][ T8915] batman_adv: batadv0: Interface activated: batadv_slave_0
[  180.134255][ T8915] batman_adv: batadv0: Interface activated: batadv_slave_1
[  180.141781][ T5879] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  180.145027][ T5879] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  180.159620][ T5879] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  180.166035][ T5879] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  180.275612][   T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.279293][   T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  180.326960][   T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.330991][   T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  180.457688][ T5857] Bluetooth: hci2: command tx timeout
[  180.506931][ T8980] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  180.568507][ T5900] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  180.717732][ T5900] usb 6-1: Using ep0 maxpacket: 32
[  180.755695][ T5900] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  180.773869][ T5900] usb 6-1: config 0 has no interface number 0
[  180.806279][ T5900] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  180.810333][ T8988] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  180.811567][ T5900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.815908][ T5900] usb 6-1: Product: syz
[  180.821505][ T5900] usb 6-1: Manufacturer: syz
[  180.825830][ T5900] usb 6-1: SerialNumber: syz
[  180.862162][ T5900] usb 6-1: config 0 descriptor??
[  180.899096][ T5900] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  181.045754][ T8992] loop4: detected capacity change from 0 to 4096
[  181.065812][ T8992] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  181.108993][ T8992] ntfs3(loop4): ino=b, mi_enum_attr
[  181.115807][ T8992] ntfs3(loop4): Failed to load $Extend (-22).
[  181.125910][ T8992] ntfs3(loop4): Failed to initialize $Extend.
[  181.155413][ T5900] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  181.235108][ T5900] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  181.516876][    C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  181.520990][ T5914] usb 6-1: USB disconnect, device number 5
[  181.577520][ T5914] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  181.609874][ T5914] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  181.619047][ T5914] quatech2 6-1:0.51: device disconnected
[  181.734186][ T8994] loop4: detected capacity change from 0 to 32768
[  181.762673][ T8994] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.988 (8994)
[  181.799989][ T8994] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  181.804098][ T8994] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  181.806830][ T8994] BTRFS info (device loop4): using free-space-tree
[  182.073853][ T6458] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  182.540342][ T5857] Bluetooth: hci2: command tx timeout
[  182.870296][ T9020] loop5: detected capacity change from 0 to 40427
[  182.897444][ T9020] F2FS-fs (loop5): invalid crc value
[  182.941427][ T9020] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  182.945353][ T9020] F2FS-fs (loop5): Start checkpoint disabled!
[  182.953902][ T9020] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  182.985918][ T9020] syz.5.992: attempt to access beyond end of device
[  182.985918][ T9020] loop5: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[  183.029401][   T28] kworker/u9:1: attempt to access beyond end of device
[  183.029401][   T28] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  183.041636][   T28] CPU: 0 UID: 0 PID: 28 Comm: kworker/u9:1 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  183.041651][   T28] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  183.041657][   T28] Workqueue: writeback wb_workfn (flush-7:5)
[  183.041672][   T28] Call Trace:
[  183.041676][   T28]  <TASK>
[  183.041680][   T28]  dump_stack_lvl+0x189/0x250
[  183.041693][   T28]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.041702][   T28]  ? __pfx_queue_work_on+0x10/0x10
[  183.041710][   T28]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  183.041720][   T28]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  183.041735][   T28]  f2fs_handle_critical_error+0x37c/0x540
[  183.041749][   T28]  f2fs_write_end_io+0x886/0xb60
[  183.041765][   T28]  __submit_merged_bio+0x27a/0x6a0
[  183.041779][   T28]  __submit_merged_write_cond+0x255/0x530
[  183.041792][   T28]  f2fs_write_data_pages+0x261d/0x3000
[  183.041818][   T28]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  183.041835][   T28]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  183.041858][   T28]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  183.041874][   T28]  ? trace_f2fs_writepages+0x7f/0x200
[  183.041884][   T28]  ? f2fs_write_node_pages+0x478/0x6e0
[  183.041896][   T28]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  183.041912][   T28]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  183.041924][   T28]  do_writepages+0x32e/0x550
[  183.041937][   T28]  ? reacquire_held_locks+0x127/0x1d0
[  183.041944][   T28]  ? writeback_sb_inodes+0x384/0x1010
[  183.041957][   T28]  __writeback_single_inode+0x145/0xff0
[  183.041967][   T28]  ? do_raw_spin_unlock+0x4d/0x240
[  183.041978][   T28]  writeback_sb_inodes+0x6c7/0x1010
[  183.042033][   T28]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  183.042063][   T28]  ? rcu_is_watching+0x15/0xb0
[  183.042080][   T28]  wb_writeback+0x43b/0xaf0
[  183.042093][   T28]  ? queue_io+0x3c1/0x590
[  183.042104][   T28]  ? __pfx_wb_writeback+0x10/0x10
[  183.042117][   T28]  ? _raw_spin_unlock_irq+0x23/0x50
[  183.042128][   T28]  wb_workfn+0x409/0xef0
[  183.042167][   T28]  ? __pfx_wb_workfn+0x10/0x10
[  183.042179][   T28]  ? __lock_acquire+0xab9/0xd20
[  183.042194][   T28]  ? process_scheduled_works+0x9ef/0x17b0
[  183.042205][   T28]  ? _raw_spin_unlock_irq+0x23/0x50
[  183.042213][   T28]  ? process_scheduled_works+0x9ef/0x17b0
[  183.042220][   T28]  ? process_scheduled_works+0x9ef/0x17b0
[  183.042228][   T28]  process_scheduled_works+0xae1/0x17b0
[  183.042249][   T28]  ? __pfx_process_scheduled_works+0x10/0x10
[  183.042264][   T28]  worker_thread+0x8a0/0xda0
[  183.042285][   T28]  kthread+0x711/0x8a0
[  183.042296][   T28]  ? __pfx_worker_thread+0x10/0x10
[  183.042303][   T28]  ? __pfx_kthread+0x10/0x10
[  183.042313][   T28]  ? _raw_spin_unlock_irq+0x23/0x50
[  183.042323][   T28]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.042334][   T28]  ? __pfx_kthread+0x10/0x10
[  183.042343][   T28]  ret_from_fork+0x3fc/0x770
[  183.042353][   T28]  ? __pfx_ret_from_fork+0x10/0x10
[  183.042363][   T28]  ? __switch_to_asm+0x39/0x70
[  183.042372][   T28]  ? __switch_to_asm+0x33/0x70
[  183.042381][   T28]  ? __pfx_kthread+0x10/0x10
[  183.042391][   T28]  ret_from_fork_asm+0x1a/0x30
[  183.042407][   T28]  </TASK>
[  183.042491][   T28] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  183.400896][ T9033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.997'.
[  183.404472][ T9033] netlink: 12 bytes leftover after parsing attributes in process `syz.4.997'.
[  183.605975][ T9037] netlink: 'syz.4.999': attribute type 3 has an invalid length.
[  183.628271][ T9037] netlink: 'syz.4.999': attribute type 3 has an invalid length.
[  183.632635][ T9037] netlink: 16 bytes leftover after parsing attributes in process `syz.4.999'.
[  183.672586][ T5914] IPVS: starting estimator thread 0...
[  183.778208][ T9043] IPVS: using max 64 ests per chain, 153600 per kthread
[  183.941227][   T10] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  184.011319][ T9065] loop5: detected capacity change from 0 to 512
[  184.024915][ T9065] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  184.046566][ T9065] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  184.067484][ T9065] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  184.086959][ T9065] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  184.097218][   T10] usb 7-1: Using ep0 maxpacket: 16
[  184.109047][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  184.112896][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  184.124849][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  184.134575][   T10] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  184.139111][ T8164] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.142893][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.156224][   T10] usb 7-1: config 0 descriptor??
[  184.576486][   T10] HID 045e:07da: Invalid code 65791 type 1
[  184.606146][   T10] input: HID 045e:07da as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:045E:07DA.0009/input/input8
[  184.617309][ T5857] Bluetooth: hci2: command tx timeout
[  184.645407][   T10] microsoft 0003:045E:07DA.0009: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.6-1/input0
[  184.676610][ T9100] Bluetooth: MGMT ver 1.23
[  184.780005][ T9112] loop5: detected capacity change from 0 to 256
[  184.783100][ T9112] exfat: Deprecated parameter 'utf8'
[  184.785251][ T9112] exfat: Deprecated parameter 'namecase'
[  184.786866][ T5915] usb 7-1: USB disconnect, device number 2
[  184.788414][ T9112] exfat: Deprecated parameter 'namecase'
[  184.792074][ T9112] exfat: Deprecated parameter 'utf8'
[  184.815314][ T9112] exFAT-fs (loop5): failed to load upcase table (idx : 0x00012153, chksum : 0x8212fc2e, utbl_chksum : 0xe619d30d)
[  185.170432][ T9127] loop5: detected capacity change from 0 to 256
[  185.191123][ T9127] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  185.205069][ T9127] exFAT-fs (loop5): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  185.625177][ T9143] loop4: detected capacity change from 0 to 256
[  185.641881][ T9143] exfat: Deprecated parameter 'utf8'
[  185.685914][ T9131] loop5: detected capacity change from 0 to 32768
[  185.703211][ T9131] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1042 (9131)
[  185.725407][ T9131] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  185.739741][ T9131] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  185.746027][ T9131] BTRFS info (device loop5): using free-space-tree
[  185.935053][ T8164] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  185.987710][   T52] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  186.145559][   T52] usb 5-1: Using ep0 maxpacket: 16
[  186.169372][   T52] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  186.176223][   T52] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  186.180766][   T52] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.184049][   T52] usb 5-1: Product: syz
[  186.201811][   T52] usb 5-1: Manufacturer: syz
[  186.203723][   T52] usb 5-1: SerialNumber: syz
[  186.226665][   T52] usb 5-1: config 0 descriptor??
[  186.249571][   T52] hub 5-1:0.0: bad descriptor, ignoring hub
[  186.251976][   T52] hub 5-1:0.0: probe with driver hub failed with error -5
[  186.273241][   T52] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input9
[  186.697355][ T5857] Bluetooth: hci2: command tx timeout
[  186.739557][ T5915] usb 5-1: USB disconnect, device number 9
[  187.338565][ T9230] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1083'.
[  187.397751][   T33] kauditd_printk_skb: 4 callbacks suppressed
[  187.397761][   T33] audit: type=1326 audit(1755548157.145:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9234 comm="syz.5.1086" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  187.409905][ T5915] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  187.426306][   T33] audit: type=1326 audit(1755548157.155:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9234 comm="syz.5.1086" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  187.436532][   T33] audit: type=1326 audit(1755548157.155:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9234 comm="syz.5.1086" exe="/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  187.438583][ T9238] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  187.445491][   T33] audit: type=1326 audit(1755548157.155:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9234 comm="syz.5.1086" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  187.453658][   T33] audit: type=1326 audit(1755548157.155:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9234 comm="syz.5.1086" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  187.460573][   T33] audit: type=1326 audit(1755548157.165:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9234 comm="syz.5.1086" exe="/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  187.461959][ T9238] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  187.468586][   T33] audit: type=1326 audit(1755548157.215:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9234 comm="syz.5.1086" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  187.473578][ T9238] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null.
[  187.484450][ T9235] loop5: detected capacity change from 0 to 512
[  187.486392][ T9238] overlayfs: missing 'lowerdir'
[  187.488231][ T9235] journal_path: Non-blockdev passed as './bus'
[  187.491621][   T33] audit: type=1326 audit(1755548157.215:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9234 comm="syz.5.1086" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  187.500325][ T9235] EXT4-fs: error: could not find journal device path
[  187.509567][   T33] audit: type=1326 audit(1755548157.225:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9234 comm="syz.5.1086" exe="/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  187.530382][   T33] audit: type=1326 audit(1755548157.225:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9234 comm="syz.5.1086" exe="/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa91c78ec23 code=0x7ffc0000
[  187.580674][ T5915] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  187.584561][ T5915] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  187.599593][ T5915] usb 7-1: New USB device found, idVendor=1b5c, idProduct=0105, bcdDevice= 1.f1
[  187.603396][ T5915] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.606640][ T5915] usb 7-1: Product: syz
[  187.617324][ T5915] usb 7-1: Manufacturer: syz
[  187.619232][ T5915] usb 7-1: SerialNumber: syz
[  187.636981][ T5915] usb 7-1: config 0 descriptor??
[  187.646084][ T5915] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected
[  187.656842][ T5915] usb 7-1: Detected SIO
[  187.665821][ T5915] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 4
[  187.672131][ T5915] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 7
[  187.681161][ T5915] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  187.854349][ T5915] usb 7-1: USB disconnect, device number 3
[  187.889627][ T5915] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  187.906565][ T5915] ftdi_sio 7-1:0.0: device disconnected
[  188.042358][ T9262] loop4: detected capacity change from 0 to 128
[  188.130874][ T5914] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  188.249692][ T9264] loop4: detected capacity change from 0 to 32768
[  188.272039][ T9264] JBD2: Ignoring recovery information on journal
[  188.276746][ T9264] jbd2_journal_bmap: journal block not found at offset 32 on loop4-75
[  188.280744][ T9264] JBD2: bad block at offset 32
[  188.285684][ T9264] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  188.288952][ T5914] usb 6-1: Using ep0 maxpacket: 8
[  188.296007][ T5914] usb 6-1: config 7 has an invalid interface number: 190 but max is 0
[  188.299213][ T5914] usb 6-1: config 7 has no interface number 0
[  188.314098][ T5914] usb 6-1: config 7 interface 190 has no altsetting 0
[  188.319911][ T9264] OCFS2: ERROR (device loop4): int ocfs2_claim_suballoc_bits(struct ocfs2_alloc_context *, handle_t *, u32, u32, struct ocfs2_suballoc_result *): Chain allocator dinode 71 has 16777215 used bits but only 1024 total
[  188.330956][ T9264] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  188.334973][ T9264] OCFS2: File system is now read-only.
[  188.339353][ T9264] (syz.4.1099,9264,1):ocfs2_claim_suballoc_bits:2063 ERROR: status = -30
[  188.342846][ T9264] (syz.4.1099,9264,1):__ocfs2_claim_clusters:2438 ERROR: status = -30
[  188.345980][ T5914] usb 6-1: New USB device found, idVendor=0af0, idProduct=8400, bcdDevice=c0.15
[  188.349862][ T9264] (syz.4.1099,9264,0):__ocfs2_claim_clusters:2446 ERROR: status = -30
[  188.350206][ T5914] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.353189][ T9264] (syz.4.1099,9264,0):ocfs2_block_group_alloc_contig:437 ERROR: status = -30
[  188.356189][ T5914] usb 6-1: Product: syz
[  188.356204][ T5914] usb 6-1: Manufacturer: syz
[  188.356215][ T5914] usb 6-1: SerialNumber: syz
[  188.369492][ T9264] (syz.4.1099,9264,0):ocfs2_block_group_alloc:711 ERROR: status = -30
[  188.373015][ T9264] (syz.4.1099,9264,0):ocfs2_block_group_alloc:764 ERROR: status = -30
[  188.379096][ T9264] (syz.4.1099,9264,0):ocfs2_reserve_suballoc_bits:839 ERROR: status = -30
[  188.387245][ T9264] (syz.4.1099,9264,1):ocfs2_reserve_suballoc_bits:856 ERROR: status = -30
[  188.390155][ T9264] (syz.4.1099,9264,1):ocfs2_reserve_new_metadata_blocks:996 ERROR: status = -30
[  188.393145][ T9264] (syz.4.1099,9264,1):ocfs2_reserve_new_metadata_blocks:1019 ERROR: status = -30
[  188.398949][ T9264] (syz.4.1099,9264,1):ocfs2_expand_inline_dir:2847 ERROR: status = -30
[  188.409223][ T9264] (syz.4.1099,9264,1):ocfs2_extend_dir:3211 ERROR: status = -30
[  188.414176][ T9264] (syz.4.1099,9264,1):ocfs2_prepare_dir_for_insert:4316 ERROR: status = -30
[  188.421085][ T9264] (syz.4.1099,9264,1):ocfs2_mknod:301 ERROR: status = -30
[  188.423769][ T9264] (syz.4.1099,9264,1):ocfs2_mknod:505 ERROR: status = -30
[  188.431504][ T9264] (syz.4.1099,9264,1):ocfs2_create:678 ERROR: status = -30
[  188.514652][ T6458] ocfs2: Unmounting device (7,4) on (node local)
[  188.593531][ T5914] hso 6-1:7.190: Not our interface
[  188.606140][ T5914] usb 6-1: USB disconnect, device number 6
[  188.884893][ T9284] input: syz1 as /devices/virtual/input/input10
[  189.201936][ T9300] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1116'.
[  189.205299][ T9300] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1116'.
[  189.217532][ T9300] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1116'.
[  189.229963][ T9300] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1116'.
[  189.237346][ T9300] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1116'.
[  189.241326][ T9300] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1116'.
[  189.361870][ T9296] loop6: detected capacity change from 0 to 32768
[  189.390341][ T9296] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1114 (9296)
[  189.438538][ T9296] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  189.442905][ T9296] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  189.446473][ T9296] BTRFS info (device loop6): disk space caching is enabled
[  189.467309][ T9296] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  189.574445][ T9296] BTRFS info (device loop6): rebuilding free space tree
[  189.608692][ T9296] BTRFS info (device loop6): disabling free space tree
[  189.611521][ T9296] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  189.612203][ T9298] loop5: detected capacity change from 0 to 32768
[  189.615299][ T9296] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  189.667551][ T9298] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[  189.697024][ T9298] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  189.706859][ T8915] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  189.876611][ T8164] ocfs2: Unmounting device (7,5) on (node local)
[  190.062038][ T9330] TCP: TCP_TX_DELAY enabled
[  190.238444][ T9332] loop5: detected capacity change from 0 to 8192
[  190.334087][ T9338] loop6: detected capacity change from 0 to 512
[  190.389814][ T9338] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  190.394933][ T9338] ext4 filesystem being mounted at /38/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  190.530050][ T8915] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.713905][ T9352] loop4: detected capacity change from 0 to 16
[  190.720529][ T9352] erofs (device loop4): mounted with root inode @ nid 36.
[  190.983394][ T9363] trusted_key: syz.6.1135 sent an empty control message without MSG_MORE.
[  191.346673][ T9371] loop5: detected capacity change from 0 to 32768
[  191.426922][ T9371] ocfs2: Mounting device (7,5) on (node local, slot 0) with writeback data mode.
[  191.830143][ T8164] ocfs2: Unmounting device (7,5) on (node local)
[  191.841301][ T9381] loop4: detected capacity change from 0 to 1024
[  191.869137][ T9381] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  191.957015][ T6458] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.045460][ T9386] loop4: detected capacity change from 0 to 1764
[  192.073020][ T5857] Bluetooth: Frame is too long (len 18, expected len 4)
[  192.270617][ T9389] block nbd5: shutting down sockets
[  192.397723][ T9403] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1150'.
[  192.471544][ T9409] netlink: 'syz.6.1152': attribute type 31 has an invalid length.
[  192.588772][ T9416] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1155'.
[  192.734169][ T9424] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1159'.
[  192.824638][ T9431] netlink: 'syz.5.1163': attribute type 83 has an invalid length.
[  193.356746][ T9443] loop5: detected capacity change from 0 to 40427
[  193.376795][ T9443] F2FS-fs (loop5): invalid crc value
[  193.465431][ T9443] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  193.472264][ T9443] F2FS-fs (loop5): Start checkpoint disabled!
[  193.482225][ T9443] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  193.826194][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  193.829096][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  193.930623][   T36] kworker/u10:1: attempt to access beyond end of device
[  193.930623][   T36] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  193.970396][   T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u10:1 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  193.970417][   T36] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  193.970425][   T36] Workqueue: writeback wb_workfn (flush-7:5)
[  193.970445][   T36] Call Trace:
[  193.970450][   T36]  <TASK>
[  193.970465][   T36]  dump_stack_lvl+0x189/0x250
[  193.970483][   T36]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.970496][   T36]  ? __pfx_queue_work_on+0x10/0x10
[  193.970507][   T36]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  193.970522][   T36]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  193.970544][   T36]  f2fs_handle_critical_error+0x37c/0x540
[  193.970565][   T36]  f2fs_write_end_io+0x886/0xb60
[  193.970590][   T36]  __submit_merged_bio+0x27a/0x6a0
[  193.970611][   T36]  __submit_merged_write_cond+0x255/0x530
[  193.970632][   T36]  f2fs_write_data_pages+0x261d/0x3000
[  193.970674][   T36]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  193.970699][   T36]  ? rcu_is_watching+0x15/0xb0
[  193.970736][   T36]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  193.970749][   T36]  ? lockdep_hardirqs_on+0x9c/0x150
[  193.970765][   T36]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  193.970778][   T36]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  193.970801][   T36]  ? rcu_preempt_deferred_qs_irqrestore+0x89c/0xce0
[  193.970815][   T36]  ? rcu_is_watching+0x15/0xb0
[  193.970849][   T36]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  193.970865][   T36]  do_writepages+0x32e/0x550
[  193.970885][   T36]  ? reacquire_held_locks+0x127/0x1d0
[  193.970897][   T36]  ? writeback_sb_inodes+0x384/0x1010
[  193.970919][   T36]  __writeback_single_inode+0x145/0xff0
[  193.970934][   T36]  ? do_raw_spin_unlock+0x4d/0x240
[  193.970950][   T36]  writeback_sb_inodes+0x6c7/0x1010
[  193.970964][   T36]  ? lockdep_hardirqs_on+0x9c/0x150
[  193.970998][   T36]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  193.971046][   T36]  ? rcu_is_watching+0x15/0xb0
[  193.971066][   T36]  wb_writeback+0x43b/0xaf0
[  193.971087][   T36]  ? queue_io+0x3c1/0x590
[  193.971104][   T36]  ? __pfx_wb_writeback+0x10/0x10
[  193.971125][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  193.971142][   T36]  wb_workfn+0x409/0xef0
[  193.971168][   T36]  ? __pfx_wb_workfn+0x10/0x10
[  193.971185][   T36]  ? __lock_acquire+0xab9/0xd20
[  193.971209][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[  193.971228][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  193.971240][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[  193.971249][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[  193.971262][   T36]  process_scheduled_works+0xae1/0x17b0
[  193.971300][   T36]  ? __pfx_process_scheduled_works+0x10/0x10
[  193.971355][   T36]  worker_thread+0x8a0/0xda0
[  193.971392][   T36]  kthread+0x711/0x8a0
[  193.971408][   T36]  ? __pfx_worker_thread+0x10/0x10
[  193.971420][   T36]  ? __pfx_kthread+0x10/0x10
[  193.971435][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  193.971448][   T36]  ? lockdep_hardirqs_on+0x9c/0x150
[  193.971467][   T36]  ? __pfx_kthread+0x10/0x10
[  193.971481][   T36]  ret_from_fork+0x3fc/0x770
[  193.971496][   T36]  ? __pfx_ret_from_fork+0x10/0x10
[  193.971514][   T36]  ? __switch_to_asm+0x39/0x70
[  193.971527][   T36]  ? __switch_to_asm+0x33/0x70
[  193.971539][   T36]  ? __pfx_kthread+0x10/0x10
[  193.971554][   T36]  ret_from_fork_asm+0x1a/0x30
[  193.971583][   T36]  </TASK>
[  193.972464][   T36] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  194.434702][ T9458] netlink: 'syz.6.1173': attribute type 12 has an invalid length.
[  194.438977][ T9458] netlink: 132 bytes leftover after parsing attributes in process `syz.6.1173'.
[  194.711389][ T9464] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1175'.
[  194.829907][ T9466] loop5: detected capacity change from 0 to 1024
[  194.873664][   T33] kauditd_printk_skb: 21 callbacks suppressed
[  194.873678][   T33] audit: type=1800 audit(1755548164.615:331): pid=9466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1176" name="file1" dev="loop5" ino=2 res=0 errno=0
[  194.884534][ T9466] hfsplus: catalog searching failed
[  194.934715][ T1152] hfsplus: bad catalog file entry
[  194.936974][ T1152] hfsplus: b-tree write err: -5, ino 3
[  195.040066][ T9472] loop5: detected capacity change from 0 to 1024
[  195.494952][ T9470] loop6: detected capacity change from 0 to 32768
[  195.554199][ T9470] jfs_mount: Failed to read FILESYSTEM_I
[  195.570818][ T9470] Mount JFS Failure: -5
[  195.586694][ T9470] jfs_mount failed w/return code = -5
[  195.984607][ T9481] loop4: detected capacity change from 0 to 256
[  195.987645][ T9481] exfat: Bad value for 'allow_utime'
[  197.052587][ T9502] loop6: detected capacity change from 0 to 32768
[  197.065409][ T9512] loop4: detected capacity change from 0 to 512
[  197.102560][ T9502] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  197.173773][ T9502] OCFS2: ERROR (device loop6): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #2304 has bad signature 
[  197.180729][ T9502] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  197.184584][ T9502] OCFS2: File system is now read-only.
[  197.186718][ T9502] (syz.6.1192,9502,1):ocfs2_search_chain:1852 ERROR: status = -30
[  197.191505][ T9502] (syz.6.1192,9502,1):ocfs2_search_chain:1940 ERROR: status = -30
[  197.193764][ T9512] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  197.195223][ T9502] (syz.6.1192,9502,1):ocfs2_claim_suballoc_bits:2010 ERROR: status = -30
[  197.201399][ T9512] ext4 filesystem being mounted at /349/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  197.203021][ T9502] (syz.6.1192,9502,1):ocfs2_claim_suballoc_bits:2063 ERROR: status = -30
[  197.209917][ T9502] (syz.6.1192,9502,1):__ocfs2_claim_clusters:2438 ERROR: status = -30
[  197.213746][ T9502] (syz.6.1192,9502,1):__ocfs2_claim_clusters:2446 ERROR: status = -30
[  197.217027][ T9502] (syz.6.1192,9502,1):ocfs2_local_alloc_new_window:1199 ERROR: status = -30
[  197.220436][ T9502] (syz.6.1192,9502,1):ocfs2_local_alloc_new_window:1224 ERROR: status = -30
[  197.223871][ T9502] (syz.6.1192,9502,1):ocfs2_local_alloc_slide_window:1298 ERROR: status = -30
[  197.228859][ T9502] (syz.6.1192,9502,1):ocfs2_local_alloc_slide_window:1317 ERROR: status = -30
[  197.232690][ T9502] (syz.6.1192,9502,1):ocfs2_reserve_local_alloc_bits:672 ERROR: status = -30
[  197.235992][ T9502] (syz.6.1192,9502,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30
[  197.239807][ T9502] (syz.6.1192,9502,1):ocfs2_reserve_clusters_with_limit:1172 ERROR: status = -30
[  197.243345][ T9502] (syz.6.1192,9502,1):ocfs2_reserve_clusters_with_limit:1221 ERROR: status = -30
[  197.246863][ T9502] (syz.6.1192,9502,1):ocfs2_expand_inline_dir:2864 ERROR: status = -30
[  197.250522][ T9502] (syz.6.1192,9502,1):ocfs2_extend_dir:3211 ERROR: status = -30
[  197.253495][ T9502] (syz.6.1192,9502,1):ocfs2_prepare_dir_for_insert:4316 ERROR: status = -30
[  197.256830][ T9502] (syz.6.1192,9502,1):ocfs2_symlink:1879 ERROR: status = -30
[  197.259975][ T9502] (syz.6.1192,9502,1):ocfs2_symlink:2080 ERROR: status = -30
[  197.291044][ T6458] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.303171][ T8915] (syz-executor,8915,0):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  197.339638][ T8915] ocfs2: Unmounting device (7,6) on (node local)
[  197.402811][ T9519] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1198'.
[  197.406493][ T9519] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1198'.
[  197.436016][ T9519] geneve3: entered promiscuous mode
[  197.443547][ T9519] geneve3: entered allmulticast mode
[  197.609315][ T9523] loop6: detected capacity change from 0 to 256
[  197.636021][ T9523] FAT-fs (loop6): Directory bread(block 64) failed
[  197.638812][ T9523] FAT-fs (loop6): Directory bread(block 65) failed
[  197.641239][ T9523] FAT-fs (loop6): Directory bread(block 66) failed
[  197.644144][ T9523] FAT-fs (loop6): Directory bread(block 67) failed
[  197.646473][ T9523] FAT-fs (loop6): Directory bread(block 68) failed
[  197.649982][ T9523] FAT-fs (loop6): Directory bread(block 69) failed
[  197.652851][ T9523] FAT-fs (loop6): Directory bread(block 70) failed
[  197.655756][ T9523] FAT-fs (loop6): Directory bread(block 71) failed
[  197.658990][ T9523] FAT-fs (loop6): Directory bread(block 72) failed
[  197.661355][ T9523] FAT-fs (loop6): Directory bread(block 73) failed
[  197.792295][ T9527] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1202'.
[  198.118718][ T9525] loop4: detected capacity change from 0 to 32768
[  198.222198][ T9525] bcachefs (/dev/loop4): error validating superblock: Invalid superblock section ext: field too small (64 < 88)
[  198.222198][ T9525] ext (size 64):
[  198.222198][ T9525] Recovery passes required:      recovery_pass_empty,scan_for_btree_nodes,accounting_read,stripes_read,set_may_go_rw,journal_replay,check_btree_backpointers,check_backpointers_to_extents,bucket_gens_init,reconstruct_snapshots,check_snapshot_trees,check_snapshots,check_subvols,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_unreachable_inodes,check_nlinks,resume_logged_ops,fix_reflink_p
[  198.222198][ T9525] Errors to silently fix:        jset_unknown_csum,bkey_at_pos_max,alloc_key_empty_but_have_data,lru_entry_bad,btree_ptr_val_too_big,btree_ptr_v2_val_too_big,extent_ptrs_invalid_entry,extent_ptrs_no_ptrs,extent_ptrs_redundant_crc,extent_ptrs_unwritten,extent_ptrs_written_and_unwritten,ptr_to_invalid_device,ptr_to_duplicate_device,ptr_after_last_bucket,ptr_before_first_bucket,ptr_to_missing_alloc_key,ptr_to_missing_replicas_entry,ptr_too_stale,stale_dirty_ptr,ptr_crc_uncompress
[  198.222353][ T9525] bcachefs: bch2_fs_get_tree() error: invalid_sb_ext
[  199.173609][ T9550] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  199.361459][ T9562] futex_wake_op: syz.4.1216 tries to shift op by 32; fix this program
[  199.457251][ T5886] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  199.616272][ T5886] usb 7-1: config 0 has an invalid interface number: 242 but max is 0
[  199.620024][ T5886] usb 7-1: config 0 has no interface number 0
[  199.633960][ T5886] usb 7-1: config 0 interface 242 has no altsetting 0
[  199.642575][ T5886] usb 7-1: New USB device found, idVendor=2c7c, idProduct=0125, bcdDevice=51.ba
[  199.646172][ T5886] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.650674][ T5886] usb 7-1: Product: syz
[  199.652748][ T5886] usb 7-1: Manufacturer: syz
[  199.655247][ T5886] usb 7-1: SerialNumber: syz
[  199.659504][ T5886] usb 7-1: config 0 descriptor??
[  199.890174][ T5886] qmi_wwan 7-1:0.242: bogus CDC Union: master=0, slave=1
[  199.899234][ T5886] qmi_wwan 7-1:0.242: probe with driver qmi_wwan failed with error -22
[  199.924008][ T5886] usb 7-1: USB disconnect, device number 4
[  200.024962][ T9595] loop5: detected capacity change from 0 to 64
[  200.086021][ T9595] Trying to free block not in datazone
[  200.135388][ T9600] loop5: detected capacity change from 0 to 256
[  200.144102][ T9600] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x2eabf3fa, utbl_chksum : 0xe619d30d)
[  200.236775][ T9598] loop4: detected capacity change from 0 to 32768
[  200.279141][ T9598] JBD2: Ignoring recovery information on journal
[  200.321399][ T9598] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  200.393160][ T6458] ocfs2: Unmounting device (7,4) on (node local)
[  200.496187][ T9614] loop5: detected capacity change from 0 to 1024
[  200.512054][ T9614] hfsplus: Bad value for 'uid'
[  200.887261][ T5900] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[  200.912216][ T9625] syz.4.1245 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  201.039668][ T5900] usb 7-1: config index 0 descriptor too short (expected 149, got 148)
[  201.044501][ T5900] usb 7-1: config 1 has an invalid descriptor of length 37, skipping remainder of the config
[  201.053471][ T5900] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  201.065690][ T5900] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  201.077275][ T5900] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  201.080688][ T5900] usb 7-1: SerialNumber: syz
[  201.115245][ T5900] usb 7-1: 0:2 : does not exist
[  201.121442][ T5900] usb 7-1: unit 48 not found!
[  201.315480][ T5900] usb 7-1: USB disconnect, device number 5
[  202.302655][ T9644] syz.5.1253: attempt to access beyond end of device
[  202.302655][ T9644] loop5: rw=0, sector=64, nr_sectors = 8 limit=0
[  202.310321][ T9644] syz.5.1253: attempt to access beyond end of device
[  202.310321][ T9644] loop5: rw=0, sector=120, nr_sectors = 8 limit=0
[  202.315426][ T9644] Mount JFS Failure: -5
[  202.316887][ T9644] jfs_mount failed w/return code = -5
[  202.501800][ T9650] loop5: detected capacity change from 0 to 1024
[  202.721303][ T9652] loop6: detected capacity change from 0 to 32768
[  202.724477][ T9652] XFS: ikeep mount option is deprecated.
[  202.744370][ T9652] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  202.769456][ T9652] XFS (loop6): Ending clean mount
[  202.774198][ T9652] XFS (loop6): Quotacheck needed: Please wait.
[  202.811754][ T9652] XFS (loop6): Quotacheck: Done.
[  202.845044][ T9670] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1262'.
[  202.869596][ T8915] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  203.002624][ T9672] tipc: Started in network mode
[  203.004556][ T9672] tipc: Node identity eabb7ab41224, cluster identity 4711
[  203.012592][ T9672] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  203.039755][ T9672] syzkaller0: entered promiscuous mode
[  203.041765][ T9672] syzkaller0: entered allmulticast mode
[  203.067670][ T9672] tipc: Resetting bearer <eth:syzkaller0>
[  203.074558][ T9671] tipc: Resetting bearer <eth:syzkaller0>
[  203.109536][ T9671] tipc: Disabling bearer <eth:syzkaller0>
[  203.164720][ T9681] loop6: detected capacity change from 0 to 2048
[  203.180761][ T9681] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  203.220891][   T33] audit: type=1326 audit(1755548172.965:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9682 comm="syz.5.1268" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  203.251585][   T33] audit: type=1326 audit(1755548172.985:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9682 comm="syz.5.1268" exe="/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  203.284622][   T33] audit: type=1326 audit(1755548172.985:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9682 comm="syz.5.1268" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  203.302553][   T33] audit: type=1326 audit(1755548172.985:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9682 comm="syz.5.1268" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  203.321210][   T33] audit: type=1326 audit(1755548172.985:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9682 comm="syz.5.1268" exe="/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  203.343708][   T33] audit: type=1326 audit(1755548172.985:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9682 comm="syz.5.1268" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  203.352387][   T33] audit: type=1326 audit(1755548172.985:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9682 comm="syz.5.1268" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  203.377248][   T33] audit: type=1326 audit(1755548172.985:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9682 comm="syz.5.1268" exe="/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  203.385873][   T33] audit: type=1326 audit(1755548172.985:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9682 comm="syz.5.1268" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  203.406967][   T33] audit: type=1326 audit(1755548172.985:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9682 comm="syz.5.1268" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91c78ebe9 code=0x7ffc0000
[  203.500777][ T9680] loop4: detected capacity change from 0 to 40427
[  203.506743][ T9680] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  203.514283][ T9680] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  203.527916][ T9680] F2FS-fs (loop4): invalid crc value
[  203.676782][ T9680] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  203.698656][ T9680] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  203.701739][ T9680] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  203.735806][ T9680] fscrypt (loop4, inode 3): Error -61 getting encryption context
[  204.745407][ T5886] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  204.896278][ T9732] loop5: detected capacity change from 0 to 8
[  204.906906][ T9732] SQUASHFS error: zlib decompression failed, data probably corrupt
[  204.909977][ T5886] usb 7-1: Using ep0 maxpacket: 16
[  204.912032][ T9732] SQUASHFS error: Failed to read block 0x9b: -5
[  204.914065][ T9732] SQUASHFS error: Unable to read metadata cache entry [99]
[  204.916150][ T9732] SQUASHFS error: Unable to read inode 0x127
[  204.919756][ T5886] usb 7-1: config index 0 descriptor too short (expected 65038, got 27)
[  204.922322][ T5886] usb 7-1: config 0 has too many interfaces: 150, using maximum allowed: 32
[  204.925237][ T5886] usb 7-1: config 0 descriptor has 1 excess byte, ignoring
[  204.928038][ T5886] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 150
[  204.937494][ T5886] usb 7-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[  204.941155][ T5886] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.952737][ T5886] usb 7-1: config 0 descriptor??
[  205.095465][ T9738] loop5: detected capacity change from 0 to 512
[  205.105163][ T9738] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  205.165098][ T5900] usb 7-1: USB disconnect, device number 6
[  205.249721][ T9744] loop4: detected capacity change from 0 to 8
[  205.263768][ T9744] SQUASHFS error: Failed to read block 0x4de: -5
[  205.266934][ T9744] SQUASHFS error: Failed to read block 0x4de: -5
[  205.742389][ T9752] loop4: detected capacity change from 0 to 65536
[  205.762639][ T9752] XFS (loop4): Mounting V5 Filesystem 6653b971-41ab-480a-bd7b-5ff79b9409b5
[  205.815167][ T9752] XFS (loop4): Ending clean mount
[  206.419004][ T6458] XFS (loop4): Unmounting Filesystem 6653b971-41ab-480a-bd7b-5ff79b9409b5
[  206.610273][ T9783] loop5: detected capacity change from 0 to 512
[  206.706262][ T9787] loop6: detected capacity change from 0 to 512
[  206.733829][ T9783] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.743738][ T9783] ext4 filesystem being mounted at /182/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  206.756238][ T9787] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.763723][ T9787] ext4 filesystem being mounted at /100/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  206.785817][ T8164] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.875181][ T8915] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.683714][ T9830] netlink: 'syz.6.1323': attribute type 29 has an invalid length.
[  207.689392][ T9830] netlink: 'syz.6.1323': attribute type 29 has an invalid length.
[  207.693132][ T9830] netlink: 500 bytes leftover after parsing attributes in process `syz.6.1323'.
[  207.797377][ T5900] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  207.948027][ T5900] usb 5-1: Using ep0 maxpacket: 16
[  207.954334][ T5900] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  207.960429][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.964566][ T5900] usb 5-1: Product: syz
[  207.966339][ T5900] usb 5-1: Manufacturer: syz
[  207.968475][ T5900] usb 5-1: SerialNumber: syz
[  207.975905][ T5900] r8152-cfgselector 5-1: Unknown version 0x0000
[  207.983981][ T5900] r8152-cfgselector 5-1: config 0 descriptor??
[  208.085312][ T9841] loop6: detected capacity change from 0 to 4096
[  208.092392][ T9841] ntfs3(loop6): Different NTFS sector size (4096) and media sector size (512).
[  208.130009][ T9841] ntfs3(loop6): ino=19, mi_enum_attr
[  208.132236][ T9841] ntfs3(loop6): Mark volume as dirty due to NTFS errors
[  208.410678][ T5915] r8152-cfgselector 5-1: USB disconnect, device number 10
[  209.075481][ T9845] loop4: detected capacity change from 0 to 1024
[  209.391062][ T9851] loop4: detected capacity change from 0 to 4096
[  209.422685][ T9856] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  209.521244][   T33] kauditd_printk_skb: 3 callbacks suppressed
[  209.521255][   T33] audit: type=1800 audit(1755548179.265:345): pid=9851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1331" name="file1" dev="loop4" ino=15 res=0 errno=0
[  209.550843][ T9862] loop5: detected capacity change from 0 to 128
[  209.689347][ T9854] loop6: detected capacity change from 0 to 32768
[  209.744981][ T9865] loop5: detected capacity change from 0 to 512
[  209.765856][ T9865] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  209.773785][ T9865] ext4 filesystem being mounted at /191/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  209.846033][ T9854] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  209.846066][ T9854]   allowing incompatible features above 0.0: (unknown version)
[  209.846076][ T9854]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  209.869833][ T8164] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.874839][ T9854] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0
[  209.893389][ T5857] Bluetooth: hci1: unexpected event 0x09 length: 10 > 3
[  209.924710][ T9854] bcachefs (loop6): initializing new filesystem
[  209.959555][ T9854] bcachefs (loop6): going read-write
[  209.981498][ T9854] bcachefs (loop6): marking superblocks
[  210.025788][ T9854] bcachefs (loop6): initializing freespace
[  210.032821][ T9885] loop4: detected capacity change from 0 to 4096
[  210.045229][ T9854] bcachefs (loop6): done initializing freespace
[  210.061955][ T9885] NILFS (loop4): invalid segment: Checksum error in segment payload
[  210.064648][ T9854] bcachefs (loop6): reading snapshots table
[  210.069491][ T9854] bcachefs (loop6): reading snapshots done
[  210.075556][ T9885] NILFS (loop4): trying rollback from an earlier position
[  210.098273][ T9885] NILFS (loop4): recovery complete
[  210.102849][ T9889] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  210.107087][ T9854] bcachefs (loop6): done starting filesystem
[  210.272675][ T9896] netlink: 'syz.5.1345': attribute type 11 has an invalid length.
[  210.374326][ T8915] bcachefs (loop6): shutting down
[  210.376415][ T8915] bcachefs (loop6): going read-only
[  210.382986][ T8915] bcachefs (loop6): finished waiting for writes to stop
[  210.390538][ T8915] bcachefs (loop6): flushing journal and stopping allocators, journal seq 2
[  210.450089][ T8915] bcachefs (loop6): flushing journal and stopping allocators complete, journal seq 3
[  210.461859][ T8915] bcachefs (loop6): clean shutdown complete, journal seq 4
[  210.467941][ T8915] bcachefs (loop6): marking filesystem clean
[  210.554360][ T8915] bcachefs (loop6): shutdown complete
[  210.859180][ T9894] loop4: detected capacity change from 0 to 131072
[  210.921599][ T9894] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0)
[  210.924190][ T9894] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  210.953647][ T9894] F2FS-fs (loop4): invalid crc value
[  211.136087][ T9894] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  211.141716][ T9894] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  211.143954][ T9894] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  211.156730][   T33] audit: type=1800 audit(1755548180.895:346): pid=9894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1344" name="file2" dev="loop4" ino=8 res=0 errno=0
[  211.516157][ T9909] loop5: detected capacity change from 0 to 2048
[  211.522515][ T9909] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  211.542379][ T9909] NILFS error (device loop5): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  211.549252][ T9910] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  211.557401][ T9909] Remounting filesystem read-only
[  211.742664][ T9916] loop4: detected capacity change from 0 to 16384
[  211.853650][ T9920] loop5: detected capacity change from 0 to 32768
[  211.858182][ T9920] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1354 (9920)
[  211.869555][ T9920] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  211.873264][ T9920] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm
[  211.888176][ T9920] BTRFS info (device loop5): using free-space-tree
[  211.953256][ T9916] bcachefs (loop4): starting version 1.13: inode_has_child_snapshots opts=metadata_checksum=none,data_checksum=none
[  211.953269][ T9916]   features: new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  211.971788][ T9916] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  211.985947][ T9916] bcachefs (loop4): recovering from clean shutdown, journal seq 15
[  211.996199][ T9916] bcachefs (loop4): Doing compatible version upgrade from 1.13: inode_has_child_snapshots to 1.28: inode_has_case_insensitive
[  211.996199][ T9916]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[  212.002469][ T9920] BTRFS info (device loop5): rebuilding free space tree
[  212.040190][   T33] audit: type=1800 audit(1755548181.785:347): pid=9920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1354" name="bus" dev="loop5" ino=263 res=0 errno=0
[  212.103248][ T8164] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  212.105767][ T9945] loop6: detected capacity change from 0 to 1024
[  212.121638][ T9916] bcachefs (loop4): error reading btree root btree=accounting level=0: btree_node_read_error, fixing
[  212.129625][ T9916] bcachefs (loop4): check_topology... done
[  212.172846][ T9916] bcachefs (loop4): accounting_read... done
[  212.200392][ T9916] bcachefs (loop4): alloc_read... done
[  212.204651][ T9916] bcachefs (loop4): snapshots_read... done
[  212.219321][ T9916] bcachefs (loop4): check_allocations...
[  212.226536][ T9916] bcachefs (loop4): bucket 0:185 gen 0 has wrong data_type: got btree, should be need_discard, fixing
[  212.262034][ T9916] bcachefs (loop4): bucket 0:185 gen 0 data type need_discard has wrong dirty_sectors: got 32, should be 0, fixing
[  212.300885][ T9951] sctp: [Deprecated]: syz.5.1355 (pid 9951) Use of struct sctp_assoc_value in delayed_ack socket option.
[  212.300885][ T9951] Use struct sctp_sack_info instead
[  212.302209][ T9916]  done
[  212.329206][ T9916] bcachefs (loop4): going read-write
[  212.417818][ T9916] bcachefs (loop4): journal_replay...
[  212.627423][   T10] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  212.679774][ T9916]  done
[  212.682809][ T9916] bcachefs (loop4): check_lrus... done
[  212.685189][ T9916] bcachefs (loop4): check_backpointers_to_extents... done
[  212.707023][ T9916] bcachefs (loop4): check_extents_to_backpointers...
[  212.709441][ T9916] bcachefs (loop4): scanning for missing backpointers in 2/512 buckets
[  212.731963][ T9916]  done
[  212.758168][ T9916] bcachefs (loop4): check_inodes... done
[  212.789180][ T9916] bcachefs (loop4): resume_logged_ops... done
[  212.796199][ T9916] bcachefs (loop4): delete_dead_inodes... done
[  212.828043][   T10] usb 7-1: Using ep0 maxpacket: 16
[  212.904724][   T10] usb 7-1: config 0 has an invalid interface number: 41 but max is 0
[  212.927534][   T10] usb 7-1: config 0 has no interface number 0
[  212.930817][   T10] usb 7-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  212.953106][   T10] usb 7-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  212.989715][   T10] usb 7-1: config 0 interface 41 has no altsetting 0
[  213.023810][ T9916] bcachefs (loop4): Fixed errors, running fsck a second time to verify fs is clean
[  213.030947][   T10] usb 7-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  213.036656][ T9916] bcachefs (loop4): check_extents_to_backpointers...
[  213.037993][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.046588][   T10] usb 7-1: Product: syz
[  213.047584][ T9916]  done
[  213.049181][   T10] usb 7-1: Manufacturer: syz
[  213.052273][ T9916] bcachefs (loop4): check_inodes...
[  213.053100][   T10] usb 7-1: SerialNumber: syz
[  213.053454][ T9916]  done
[  213.060834][   T10] usb 7-1: config 0 descriptor??
[  213.063795][ T9916] bcachefs (loop4): resume_logged_ops... done
[  213.065649][ T9958] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  213.067831][ T9916] bcachefs (loop4): delete_dead_inodes...
[  213.071384][ T9958] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  213.074382][ T9916]  done
[  213.081194][ T9916] bcachefs (loop4): done starting filesystem
[  213.151869][ T9916] syz.4.1349 (9916) used greatest stack depth: 13048 bytes left
[  213.170372][ T6458] bcachefs (loop4): shutting down
[  213.172480][ T6458] bcachefs (loop4): going read-only
[  213.174616][ T6458] bcachefs (loop4): finished waiting for writes to stop
[  213.185353][ T6458] bcachefs (loop4): flushing journal and stopping allocators, journal seq 29
[  213.225861][ T6458] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 32
[  213.231650][ T6458] bcachefs (loop4): clean shutdown complete, journal seq 33
[  213.235306][ T6458] bcachefs (loop4): marking filesystem clean
[  213.264857][ T6458] bcachefs (loop4): shutdown complete
[  213.284595][ T9958] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  213.286923][ T9958] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  213.818449][ T9986] loop5: detected capacity change from 0 to 64
[  213.908544][   T10] CoreChips 7-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  213.910121][ T9988] loop5: detected capacity change from 0 to 128
[  213.916545][ T9988] EXT4-fs: Ignoring removed nobh option
[  213.933418][ T9988] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  213.938698][ T9988] ext4 filesystem being mounted at /211/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  213.951412][ T9988] fscrypt (loop5, inode 12): Unsupported log2_data_unit_size in encryption policy: 232
[  213.978598][ T8164] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  214.331421][   T10] CoreChips 7-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[  214.334850][   T10] CoreChips 7-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71
[  214.358214][   T10] CoreChips 7-1:0.41: probe with driver CoreChips failed with error -71
[  214.370430][   T10] usb 7-1: USB disconnect, device number 7
[  215.153929][T10001] netlink: 204 bytes leftover after parsing attributes in process `syz.4.1368'.
[  215.594291][T10014] loop6: detected capacity change from 0 to 32768
[  215.597057][T10014] XFS: ikeep mount option is deprecated.
[  215.635674][T10014] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  215.690146][T10014] XFS (loop6): Ending clean mount
[  215.693033][T10014] XFS (loop6): Quotacheck needed: Please wait.
[  215.735526][T10014] XFS (loop6): Quotacheck: Done.
[  215.974981][T10041] netlink: 'syz.4.1384': attribute type 12 has an invalid length.
[  216.211132][T10046] loop5: detected capacity change from 0 to 512
[  216.304877][T10046] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  216.315878][T10046] ext4 filesystem being mounted at /215/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  216.346307][T10046] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.1386: corrupted inode contents
[  216.370039][T10046] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #2: comm syz.5.1386: mark_inode_dirty error
[  216.386337][T10046] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.1386: corrupted inode contents
[  216.406155][T10054] loop4: detected capacity change from 0 to 8
[  216.411646][T10053] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.1386: corrupted inode contents
[  216.436438][T10053] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #2: comm syz.5.1386: mark_inode_dirty error
[  216.446905][T10054] SQUASHFS error: Unable to read inode 0x11f
[  216.465033][T10053] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.1386: corrupted inode contents
[  216.487782][T10053] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.1386: mark_inode_dirty error
[  216.505682][T10053] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.1386: corrupted inode contents
[  216.516012][T10053] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #2: comm syz.5.1386: mark_inode_dirty error
[  216.677674][ T8164] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.856660][ T8915] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  217.018154][T10070] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1394'.
[  217.294222][T10082] binder: 10081:10082 ioctl c018620b 0 returned -14
[  217.346292][T10080] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1398'.
[  217.493242][T10093] netlink: 'syz.6.1403': attribute type 10 has an invalid length.
[  217.496346][T10093] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1403'.
[  217.504463][T10093] batman_adv: batadv0: Adding interface: virt_wifi0
[  217.512940][T10093] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  217.535629][T10093] batman_adv: batadv0: Interface activated: virt_wifi0
[  217.617506][T10100] netlink: 140 bytes leftover after parsing attributes in process `syz.4.1407'.
[  217.839033][T10112] netlink: 'syz.6.1412': attribute type 11 has an invalid length.
[  217.890719][   T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  217.984716][T10116] loop6: detected capacity change from 0 to 1024
[  218.025048][T10116] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  218.045885][T10116] EXT4-fs (loop6): shut down requested (1)
[  218.048858][   T10] usb 6-1: Using ep0 maxpacket: 16
[  218.056760][   T10] usb 6-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79
[  218.060701][   T10] usb 6-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0
[  218.064026][   T10] usb 6-1: Manufacturer: syz
[  218.084307][   T10] usb 6-1: config 0 descriptor??
[  218.188206][ T8915] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.580852][   T10] usb 6-1: Cannot retrieve CPort count: -71
[  218.588395][   T10] usb 6-1: Cannot retrieve CPort count: -71
[  218.592569][   T10] es2_ap_driver 6-1:0.0: probe with driver es2_ap_driver failed with error -71
[  218.599934][   T10] usb 6-1: USB disconnect, device number 7
[  218.700010][T10132] loop6: detected capacity change from 0 to 256
[  218.732050][T10132] FAT-fs (loop6): Directory bread(block 64) failed
[  218.736229][T10132] FAT-fs (loop6): Directory bread(block 65) failed
[  218.740534][T10132] FAT-fs (loop6): Directory bread(block 66) failed
[  218.743821][T10132] FAT-fs (loop6): Directory bread(block 67) failed
[  218.749618][T10132] FAT-fs (loop6): Directory bread(block 68) failed
[  218.752544][T10132] FAT-fs (loop6): Directory bread(block 69) failed
[  218.755454][T10132] FAT-fs (loop6): Directory bread(block 70) failed
[  218.758357][T10132] FAT-fs (loop6): Directory bread(block 71) failed
[  218.761279][T10132] FAT-fs (loop6): Directory bread(block 72) failed
[  218.764179][T10132] FAT-fs (loop6): Directory bread(block 73) failed
[  218.782769][   T33] audit: type=1800 audit(1755548188.525:348): pid=10132 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1420" name="bus" dev="loop6" ino=1048656 res=0 errno=0
[  218.866134][T10136] loop6: detected capacity change from 0 to 512
[  218.872561][T10136] EXT4-fs: Conflicting test_dummy_encryption options
[  219.116071][T10148] loop4: detected capacity change from 0 to 1024
[  219.133017][T10148] hfsplus: request for non-existent node 33423360 in B*Tree
[  219.135561][T10148] hfsplus: request for non-existent node 33423360 in B*Tree
[  219.517270][ T5900] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  219.668098][ T5900] usb 6-1: Using ep0 maxpacket: 16
[  219.672960][ T5900] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  219.677794][ T5900] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  219.681613][ T5900] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  219.685752][ T5900] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  219.693725][ T5900] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  219.697013][ T5900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.699939][ T5900] usb 6-1: Product: syz
[  219.701583][ T5900] usb 6-1: Manufacturer: syz
[  219.703162][ T5900] usb 6-1: SerialNumber: syz
[  219.940905][ T5900] usb 6-1: USB disconnect, device number 8
[  220.000692][ T5948] udevd[5948]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  220.592131][T10184] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1444'.
[  220.653331][T10178] loop4: detected capacity change from 0 to 32768
[  220.666466][T10178] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1441 (10178)
[  220.675941][T10178] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  220.693775][T10178] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  220.696856][T10178] BTRFS info (device loop4): using free-space-tree
[  220.917347][ T5900] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  221.027817][ T6458] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  221.061261][T10207] loop5: detected capacity change from 0 to 32768
[  221.071889][ T5900] usb 7-1: config 0 interface 0 altsetting 12 endpoint 0x87 has an invalid bInterval 102, changing to 10
[  221.091324][ T5900] usb 7-1: config 0 interface 0 altsetting 12 endpoint 0x87 has invalid maxpacket 24624, setting to 1024
[  221.094800][ T5900] usb 7-1: config 0 interface 0 has no altsetting 0
[  221.112679][ T5900] usb 7-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=d9.c3
[  221.115348][ T5900] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.123148][T10207] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  221.138754][ T5900] usb 7-1: Product: syz
[  221.140090][ T5900] usb 7-1: Manufacturer: syz
[  221.141432][ T5900] usb 7-1: SerialNumber: syz
[  221.165262][ T5900] usb 7-1: config 0 descriptor??
[  221.175724][ T5900] keyspan 7-1:0.0: Keyspan 2 port adapter converter detected
[  221.200147][ T5900] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 7
[  221.236880][ T5900] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 81
[  221.257574][T10207] (syz.5.1448,10207,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: directory entry overrun - offset=0, inode=65, rec_len=16, name_len=1
[  221.274318][ T5900] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 1
[  221.283358][ T5900] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 2
[  221.300764][ T5900] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 85
[  221.305173][ T5900] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 5
[  221.314885][ T5900] usb 7-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  221.331301][ T5900] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 83
[  221.333844][ T5900] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 3
[  221.336311][ T5900] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 4
[  221.341969][ T5900] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 86
[  221.345120][ T5900] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 6
[  221.356566][ T8164] ocfs2: Unmounting device (7,5) on (node local)
[  221.369850][ T5900] usb 7-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  221.415775][ T5900] usb 7-1: USB disconnect, device number 8
[  221.425327][ T5900] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  221.434109][ T5900] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  221.440506][ T5900] keyspan 7-1:0.0: device disconnected
[  221.565605][T10223] loop4: detected capacity change from 0 to 2048
[  221.609553][ T5948]  loop4: p1 < > p4 < >
[  221.611237][ T5948] loop4: partition table partially beyond EOD, truncated
[  221.617376][ T5948] loop4: p4 start 42180 is beyond EOD, truncated
[  221.625749][T10223]  loop4: p1 < > p4 < >
[  221.627557][T10223] loop4: partition table partially beyond EOD, truncated
[  221.631876][T10223] loop4: p4 start 42180 is beyond EOD, truncated
[  221.917443][ T5900] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  221.993471][T10241] tmpfs: Bad value for 'mpol'
[  222.417871][ T5900] usb 5-1: config 0 has an invalid interface number: 52 but max is 0
[  222.425802][ T5900] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  222.436146][ T5900] usb 5-1: config 0 has no interface number 0
[  222.444095][ T5900] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10
[  222.453060][ T5900] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  222.456938][ T5900] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  222.464088][ T5900] usb 5-1: config 0 interface 52 has no altsetting 0
[  222.470263][ T5900] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice= 0.00
[  222.473792][ T5900] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=35
[  222.476745][ T5900] usb 5-1: SerialNumber: syz
[  222.481636][T10247] loop6: detected capacity change from 0 to 524287999
[  222.482566][ T5900] usb 5-1: config 0 descriptor??
[  222.501004][ T6190] Buffer I/O error on dev loop6, logical block 65535999, async page read
[  222.641537][T10249] batman_adv: batadv0: Adding interface: gretap1
[  222.643716][T10249] batman_adv: batadv0: Interface activated: gretap1
[  222.704040][ T5900] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[  222.715657][ T5900] synaptics_usb 5-1:0.52: probe with driver synaptics_usb failed with error -5
[  222.925930][   T24] usb 5-1: USB disconnect, device number 11
[  223.127408][ T5900] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  223.277704][ T5900] usb 6-1: Using ep0 maxpacket: 32
[  223.283218][ T5900] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  223.286824][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.297619][ T5900] usb 6-1: config 0 descriptor??
[  223.307399][ T5900] gspca_main: nw80x-2.14.0 probing 055f:d001
[  223.524820][ T5900] gspca_nw80x: reg_w err -71
[  223.534239][ T5900] nw80x 6-1:0.0: probe with driver nw80x failed with error -71
[  223.556399][ T5900] usb 6-1: USB disconnect, device number 9
[  223.787885][   T24] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  223.939862][   T24] usb 5-1: config 0 has an invalid interface number: 209 but max is 0
[  223.942486][   T24] usb 5-1: config 0 has no interface number 0
[  223.944481][   T24] usb 5-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice=53.a6
[  223.949699][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.955724][   T24] usb 5-1: config 0 descriptor??
[  223.964802][   T24] ftdi_sio 5-1:0.209: FTDI USB Serial Device converter detected
[  223.980023][   T24] ftdi_sio ttyUSB0: unknown device type: 0x53a6
[  224.116777][T10278] autofs4:pid:10278:validate_dev_ioctl: path string terminator missing for cmd(0xc0189373)
[  224.179863][   T24] usb 5-1: USB disconnect, device number 12
[  224.189798][   T24] ftdi_sio 5-1:0.209: device disconnected
[  224.227714][T10280] loop5: detected capacity change from 0 to 4096
[  224.234430][T10280] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512).
[  224.324394][T10276] loop6: detected capacity change from 0 to 32768
[  224.338894][T10276] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1474 (10276)
[  224.363197][T10276] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  224.366448][T10276] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  224.385703][T10276] BTRFS info (device loop6): using free-space-tree
[  224.517616][ T8915] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  224.779593][T10313] loop4: detected capacity change from 0 to 8
[  224.783117][T10313] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  224.999419][T10312] loop6: detected capacity change from 0 to 32768
[  225.126666][T10315] cramfs: Error -3 while decompressing!
[  225.129278][T10315] cramfs: ffffffff99bef628(26)->ffff88802d23e000(4096)
[  225.131688][T10315] cramfs: Error -3 while decompressing!
[  225.133532][T10315] cramfs: ffffffff99bef642(26)->ffff88802d23d000(4096)
[  225.135778][T10315] cramfs: Error -3 while decompressing!
[  225.137705][T10315] cramfs: ffffffff99bef65c(16)->ffff88802d23c000(4096)
[  225.140078][T10315] cramfs: Error -3 while decompressing!
[  225.141947][T10315] cramfs: ffffffff99bef628(26)->ffff88802d23e000(4096)
[  225.414233][T10317] veth3: entered promiscuous mode
[  225.513303][T10325] loop6: detected capacity change from 0 to 2048
[  225.535176][T10325] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  225.656091][T10325] UDF-fs: warning (device loop6): udf_truncate_tail_extent: Too long extent after EOF in inode 1436: i_size: 11776 lbcount: 12288 extent 145+3072
[  225.671448][T10331] vivid-001: disconnect
[  225.674317][T10330] vivid-001: reconnect
[  225.807871][T10338] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1495'.
[  225.935037][T10343] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  226.626674][T10361] loop5: detected capacity change from 0 to 1024
[  226.700248][T10361] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  226.736084][T10368] loop4: detected capacity change from 0 to 512
[  226.744393][T10368] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  226.749134][T10368] EXT4-fs (loop4): orphan cleanup on readonly fs
[  226.762717][T10368] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  226.809185][T10368] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  226.830344][T10368] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #13: comm syz.4.1506: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  226.839001][ T8164] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.872650][T10368] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1506: couldn't read orphan inode 13 (err -117)
[  226.885513][T10368] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  226.928712][ T6458] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.193446][T10371] loop6: detected capacity change from 0 to 32768
[  227.332688][T10371] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1507 (10371)
[  227.465512][T10371] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  227.474758][T10371] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  227.484379][T10371] BTRFS info (device loop6): using free-space-tree
[  227.683859][   T12] BTRFS info (device loop6): qgroup scan completed (inconsistency flag cleared)
[  227.769499][ T8915] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  227.780890][T10406] loop4: detected capacity change from 0 to 8
[  227.856073][T10406] SQUASHFS error: Failed to read block 0x1ec: -5
[  227.872900][T10406] SQUASHFS error: Unable to read metadata cache entry [1ea]
[  228.190335][T10414] loop4: detected capacity change from 0 to 512
[  228.194269][T10414] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  228.203054][T10414] UDF-fs: Scanning with blocksize 512 failed
[  228.206920][T10414] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  228.210831][T10414] UDF-fs: Scanning with blocksize 1024 failed
[  228.214398][T10414] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  228.217761][T10414] UDF-fs: Scanning with blocksize 2048 failed
[  228.220816][T10414] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  228.227517][T10414] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  228.243129][T10416] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1514'.
[  228.246679][T10416] netlink: 216 bytes leftover after parsing attributes in process `syz.6.1514'.
[  228.283464][T10416] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1514'.
[  228.721972][T10427] loop4: detected capacity change from 0 to 32768
[  228.728647][T10427] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  228.745309][T10427] XFS (loop4): Ending clean mount
[  228.812619][ T6458] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  229.092605][T10458] loop5: detected capacity change from 0 to 256
[  229.149054][T10458] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  229.388865][T10471] netlink: 'syz.5.1539': attribute type 4 has an invalid length.
[  229.391265][T10471] netlink: 'syz.5.1539': attribute type 1 has an invalid length.
[  229.393806][T10471] netlink: 3577 bytes leftover after parsing attributes in process `syz.5.1539'.
[  229.458772][   T52] usb 5-1: new low-speed USB device number 13 using dummy_hcd
[  229.508847][T10478] loop5: detected capacity change from 0 to 1024
[  229.610147][   T52] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  229.617343][   T52] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  229.621516][   T52] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  229.625843][   T52] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  229.642102][   T52] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  229.647969][   T52] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  229.659788][   T52] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  229.663972][   T52] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  229.670629][   T52] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  229.679003][   T52] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  229.691435][   T52] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  229.694478][   T52] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  229.706328][   T52] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  229.721351][   T52] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  229.725782][   T52] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  229.741371][   T52] usb 5-1: string descriptor 0 read error: -22
[  229.743772][   T52] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  229.758480][   T52] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.789424][   T52] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  229.815728][T10482] sd 0:0:0:0: PR command failed: 1026
[  229.818475][T10482] sd 0:0:0:0: Sense Key : Illegal Request [current] 
[  229.821545][T10482] sd 0:0:0:0: Add. Sense: Invalid command operation code
[  230.004125][   T52] usb 5-1: USB disconnect, device number 13
[  230.075508][T10492] loop5: detected capacity change from 0 to 2048
[  230.107887][T10492] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  230.112471][T10492] ext4 filesystem being mounted at /276/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  230.124587][T10492] EXT4-fs error (device loop5): __ext4_new_inode:1073: comm syz.5.1548: reserved inode found cleared - inode=1
[  230.143267][T10492] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  230.152993][T10492] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended
[  230.180178][T10492] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  230.212870][T10492] EXT4-fs error (device loop5) in ext4_free_inode:361: Corrupt filesystem
[  230.222502][   T12] bridge_slave_1: left allmulticast mode
[  230.224800][   T12] bridge_slave_1: left promiscuous mode
[  230.228292][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  230.246269][   T12] bridge_slave_0: left allmulticast mode
[  230.250854][   T12] bridge_slave_0: left promiscuous mode
[  230.251230][ T8164] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.252912][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.663129][T10506] loop5: detected capacity change from 0 to 40427
[  230.670884][T10506] F2FS-fs (loop5): invalid crc value
[  230.726637][T10506] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  230.730371][T10506] F2FS-fs (loop5): Start checkpoint disabled!
[  230.734548][T10506] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  231.161687][   T12] bond1 (unregistering): (slave bridge1): Releasing active interface
[  231.224223][ T1106] kworker/u10:8: attempt to access beyond end of device
[  231.224223][ T1106] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  231.230402][ T1106] CPU: 1 UID: 0 PID: 1106 Comm: kworker/u10:8 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  231.230423][ T1106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  231.230433][ T1106] Workqueue: writeback wb_workfn (flush-7:5)
[  231.230456][ T1106] Call Trace:
[  231.230462][ T1106]  <TASK>
[  231.230469][ T1106]  dump_stack_lvl+0x189/0x250
[  231.230489][ T1106]  ? __pfx_dump_stack_lvl+0x10/0x10
[  231.230503][ T1106]  ? __pfx_queue_work_on+0x10/0x10
[  231.230515][ T1106]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  231.230532][ T1106]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  231.230591][ T1106]  f2fs_handle_critical_error+0x37c/0x540
[  231.230616][ T1106]  f2fs_write_end_io+0x886/0xb60
[  231.230646][ T1106]  __submit_merged_bio+0x27a/0x6a0
[  231.230670][ T1106]  __submit_merged_write_cond+0x255/0x530
[  231.230689][ T1106]  f2fs_write_data_pages+0x261d/0x3000
[  231.230739][ T1106]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  231.230776][ T1106]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  231.230816][ T1106]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  231.230833][ T1106]  ? look_up_lock_class+0x74/0x170
[  231.230857][ T1106]  ? trace_f2fs_writepages+0x7f/0x200
[  231.230876][ T1106]  ? f2fs_write_node_pages+0x478/0x6e0
[  231.230896][ T1106]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  231.230943][ T1106]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  231.230964][ T1106]  do_writepages+0x32e/0x550
[  231.230987][ T1106]  ? reacquire_held_locks+0x127/0x1d0
[  231.231000][ T1106]  ? writeback_sb_inodes+0x384/0x1010
[  231.231024][ T1106]  __writeback_single_inode+0x145/0xff0
[  231.231040][ T1106]  ? do_raw_spin_unlock+0x4d/0x240
[  231.231059][ T1106]  writeback_sb_inodes+0x6c7/0x1010
[  231.231098][ T1106]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  231.231152][ T1106]  ? rcu_is_watching+0x15/0xb0
[  231.231176][ T1106]  wb_writeback+0x43b/0xaf0
[  231.231200][ T1106]  ? queue_io+0x3c1/0x590
[  231.231218][ T1106]  ? __pfx_wb_writeback+0x10/0x10
[  231.231241][ T1106]  ? _raw_spin_unlock_irq+0x23/0x50
[  231.231262][ T1106]  wb_workfn+0x409/0xef0
[  231.231290][ T1106]  ? __pfx_wb_workfn+0x10/0x10
[  231.231310][ T1106]  ? __lock_acquire+0xab9/0xd20
[  231.231337][ T1106]  ? process_scheduled_works+0x9ef/0x17b0
[  231.231355][ T1106]  ? _raw_spin_unlock_irq+0x23/0x50
[  231.231368][ T1106]  ? process_scheduled_works+0x9ef/0x17b0
[  231.231381][ T1106]  ? process_scheduled_works+0x9ef/0x17b0
[  231.231397][ T1106]  process_scheduled_works+0xae1/0x17b0
[  231.231436][ T1106]  ? __pfx_process_scheduled_works+0x10/0x10
[  231.231464][ T1106]  worker_thread+0x8a0/0xda0
[  231.231502][ T1106]  kthread+0x711/0x8a0
[  231.231519][ T1106]  ? __pfx_worker_thread+0x10/0x10
[  231.231532][ T1106]  ? __pfx_kthread+0x10/0x10
[  231.231551][ T1106]  ? _raw_spin_unlock_irq+0x23/0x50
[  231.231592][ T1106]  ? lockdep_hardirqs_on+0x9c/0x150
[  231.231607][ T1106]  ? __pfx_kthread+0x10/0x10
[  231.231624][ T1106]  ret_from_fork+0x3fc/0x770
[  231.231639][ T1106]  ? __pfx_ret_from_fork+0x10/0x10
[  231.231657][ T1106]  ? __switch_to_asm+0x39/0x70
[  231.231672][ T1106]  ? __switch_to_asm+0x33/0x70
[  231.231685][ T1106]  ? __pfx_kthread+0x10/0x10
[  231.231700][ T1106]  ret_from_fork_asm+0x1a/0x30
[  231.231730][ T1106]  </TASK>
[  231.231736][ T1106] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  231.585037][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  231.590283][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  231.594678][   T12] bond0 (unregistering): Released all slaves
[  231.612059][   T12] bond1 (unregistering): Released all slaves
[  231.728997][   T12] tipc: Left network mode
[  232.130888][   T12] hsr_slave_0: left promiscuous mode
[  232.136929][   T12] hsr_slave_1: left promiscuous mode
[  232.144970][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  232.151534][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  232.674395][   T12] team0 (unregistering): Port device team_slave_1 removed
[  232.729513][   T12] team0 (unregistering): Port device team_slave_0 removed
[  233.771617][T10559] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1566'.
[  233.995279][   T12] IPVS: stop unused estimator thread 0...
[  234.381361][T10575] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  234.386974][T10575] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  235.350439][T10591] loop4: detected capacity change from 0 to 128
[  235.364698][T10591] qnx4: no qnx4 filesystem (no root dir).
[  236.053700][T10602] loop4: detected capacity change from 0 to 32768
[  236.658928][T10632] loop5: detected capacity change from 0 to 32768
[  237.543614][T10657] veth0_to_bridge: entered promiscuous mode
[  237.549177][T10656] veth0_to_bridge: left promiscuous mode
[  237.883541][ T5886] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  238.037666][ T5886] usb 6-1: Using ep0 maxpacket: 16
[  238.042179][ T5886] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  238.049232][ T5886] usb 6-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  238.052061][ T5886] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.070533][ T5886] usb 6-1: config 0 descriptor??
[  238.156987][T10668] loop4: detected capacity change from 0 to 32768
[  238.161882][T10668] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1593 (10668)
[  238.191164][T10668] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  238.195229][T10668] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  238.201268][T10668] BTRFS info (device loop4): using free-space-tree
[  238.324545][ T6458] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  238.535474][ T5886] kye 0003:0458:5016.000A: control desc unexpectedly large
[  238.550047][ T5886] input: HID 0458:5016 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5016.000A/input/input12
[  238.718473][ T5886] input: HID 0458:5016 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5016.000A/input/input13
[  238.775780][ T5886] kye 0003:0458:5016.000A: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.5-1/input0
[  238.824449][ T5886] usb 6-1: USB disconnect, device number 10
[  238.936712][T10697] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1596'.
[  239.031308][T10690] loop4: detected capacity change from 0 to 32768
[  239.035291][T10690] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1594 (10690)
[  239.046518][T10690] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  239.058799][T10690] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  239.062104][T10690] BTRFS info (device loop4): using free-space-tree
[  239.183029][ T6458] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  239.346205][T10716] loop5: detected capacity change from 0 to 2048
[  239.420820][T10716] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  239.426406][T10723] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  239.431817][T10723] overlayfs: missing 'lowerdir'
[  239.441149][T10716] EXT4-fs error (device loop5): ext4_ext_precache:649: inode #2: comm syz.5.1598: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  239.475974][T10716] EXT4-fs (loop5): Remounting filesystem read-only
[  239.516895][ T8164] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.612184][T10727] loop5: detected capacity change from 0 to 2048
[  239.866224][T10735] loop4: detected capacity change from 0 to 512
[  239.872869][T10735] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  239.876978][T10735] EXT4-fs (loop4): external journal device major/minor numbers have changed
[  239.881616][T10735] EXT4-fs (loop4): filesystem has both journal inode and journal device!
[  240.119936][T10737] loop4: detected capacity change from 0 to 32768
[  240.126551][T10737] 
[  240.126551][T10737]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  240.126551][T10737] 
[  240.134340][T10737] ERROR: (device loop4): diWrite: ixpxd invalid
[  240.134340][T10737] 
[  240.139189][T10737] ERROR: (device loop4): txCommit: 
[  240.139189][T10737] 
[  240.158837][ T6458] 
[  240.158837][ T6458]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  240.158837][ T6458] 
[  240.174413][ T6458] 
[  240.174413][ T6458]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  240.174413][ T6458] 
[  240.582094][T10747] loop6: detected capacity change from 0 to 32768
[  240.588095][T10747] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1610 (10747)
[  240.680342][T10751] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  240.770273][T10755] loop5: detected capacity change from 0 to 256
[  240.782629][T10755] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36e06c6e, utbl_chksum : 0xe619d30d)
[  241.004366][T10765] loop5: detected capacity change from 0 to 512
[  241.042595][T10765] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  241.046778][T10765] ext4 filesystem being mounted at /311/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  241.261541][T10765] loop5: detected capacity change from 512 to 64
[  241.523772][T10741] loop4: detected capacity change from 0 to 262144
[  241.527942][T10741] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1607 (10741)
[  241.534061][T10747] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  241.538483][T10747] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  241.546293][T10741] BTRFS info (device loop4): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  241.551009][T10741] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm
[  241.554655][T10741] BTRFS info (device loop4): using free-space-tree
[  241.560342][T10747] BTRFS info (device loop6): disk space caching is enabled
[  241.564371][T10747] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  241.610222][ T8164] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6334: Out of memory
[  241.654346][ T8164] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #2: comm syz-executor: mark_inode_dirty error
[  241.720302][ T1090] BTRFS warning (device loop4): checksum verify failed on logical 22036480 mirror 1 wanted 0x23e101be1e001a29 found 0x09049c5cc74d15fb level 0
[  241.748424][T10741] BTRFS info (device loop4): read error corrected: ino 0 off 22036480 (dev /dev/loop4 sector 43040)
[  241.752967][T10741] BTRFS info (device loop4): read error corrected: ino 0 off 22040576 (dev /dev/loop4 sector 43048)
[  241.759260][T10741] BTRFS info (device loop4): read error corrected: ino 0 off 22044672 (dev /dev/loop4 sector 43056)
[  241.764253][T10741] BTRFS info (device loop4): read error corrected: ino 0 off 22048768 (dev /dev/loop4 sector 43064)
[  241.784194][   T46] BTRFS warning (device loop4): checksum verify failed on logical 30457856 mirror 1 wanted 0x402e75f1de9ccfe6 found 0x42450c21b86dd7c2 level 0
[  241.798267][T10741] BTRFS info (device loop4): read error corrected: ino 0 off 30457856 (dev /dev/loop4 sector 75872)
[  241.803242][T10741] BTRFS info (device loop4): read error corrected: ino 0 off 30461952 (dev /dev/loop4 sector 75880)
[  241.809781][T10741] BTRFS info (device loop4): read error corrected: ino 0 off 30466048 (dev /dev/loop4 sector 75888)
[  241.810654][T10747] BTRFS info (device loop6): rebuilding free space tree
[  241.814300][T10741] BTRFS info (device loop4): read error corrected: ino 0 off 30470144 (dev /dev/loop4 sector 75896)
[  241.841516][T10747] BTRFS info (device loop6): disabling free space tree
[  241.859485][T10747] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  241.863178][T10747] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  241.894986][   T33] audit: type=1800 audit(1755548211.635:349): pid=10741 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1607" name="file1" dev="loop4" ino=260 res=0 errno=0
[  241.962782][ T6458] BTRFS info (device loop4): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  242.001393][ T8164] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  242.041536][ T8915] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  242.294697][   T12] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.339368][T10809] netlink: 88 bytes leftover after parsing attributes in process `syz.6.1622'.
[  242.450815][   T12] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.514640][T10814] sp0: Synchronizing with TNC
[  242.613379][   T12] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.735138][T10816] loop6: detected capacity change from 0 to 4096
[  242.810563][   T12] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.924778][T10818] syzkaller0: entered promiscuous mode
[  242.926707][T10818] syzkaller0: entered allmulticast mode
[  243.009070][   T56] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  243.019242][   T56] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  243.023389][   T56] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  243.029797][   T56] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  243.054975][   T56] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  245.108929][   T56] Bluetooth: hci0: command tx timeout
[  245.363267][T10835] loop6: detected capacity change from 0 to 1024
[  245.424031][T10837] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1633'.
[  245.601919][   T12] bridge_slave_1: left allmulticast mode
[  245.604164][   T12] bridge_slave_1: left promiscuous mode
[  245.606435][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.623664][   T12] bridge_slave_0: left allmulticast mode
[  245.625871][   T12] bridge_slave_0: left promiscuous mode
[  245.635061][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.766999][T10846] loop4: detected capacity change from 0 to 32768
[  245.883082][T10846] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  245.883098][T10846]   allowing incompatible features above 0.0: (unknown version)
[  245.883103][T10846]   features: 
[  245.905833][T10846] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  245.918745][T10846] bcachefs (loop4): initializing new filesystem
[  245.925718][T10846] bcachefs (loop4): going read-write
[  245.942822][T10846] bcachefs (loop4): marking superblocks
[  245.985072][T10846] bcachefs (loop4): initializing freespace
[  245.992185][T10846] bcachefs (loop4): done initializing freespace
[  246.019639][T10846] bcachefs (loop4): reading snapshots table
[  246.022019][T10846] bcachefs (loop4): reading snapshots done
[  246.089831][T10846] bcachefs (loop4): done starting filesystem
[  246.148042][ T5886] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  246.182217][ T6458] bcachefs (loop4): shutting down
[  246.183865][ T6458] bcachefs (loop4): going read-only
[  246.185417][ T6458] bcachefs (loop4): finished waiting for writes to stop
[  246.190319][ T6458] bcachefs (loop4): flushing journal and stopping allocators, journal seq 3
[  246.326385][ T6458] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 4
[  246.332322][ T6458] bcachefs (loop4): clean shutdown complete, journal seq 5
[  246.334859][ T6458] bcachefs (loop4): marking filesystem clean
[  246.337599][ T5886] usb 7-1: Using ep0 maxpacket: 8
[  246.342810][ T5886] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[  246.345946][ T5886] usb 7-1: config 179 has no interface number 0
[  246.350214][ T5886] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  246.354662][ T5886] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  246.359780][ T5886] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  246.365484][ T5886] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  246.371312][ T5886] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  246.376546][ T5886] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  246.380807][ T5886] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.382706][ T6458] bcachefs (loop4): shutdown complete
[  246.386925][T10861] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  246.462911][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  246.469673][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  246.474242][   T12] bond0 (unregistering): Released all slaves
[  246.600347][   T12] tipc: Left network mode
[  246.711290][ T5886] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:179.65/input/input14
[  246.720629][T10823] chnl_net:caif_netlink_parms(): no params data found
[  246.879469][T10861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  246.883296][T10861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  247.070795][   T12] hsr_slave_0: left promiscuous mode
[  247.072936][   T12] hsr_slave_1: left promiscuous mode
[  247.075140][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  247.079178][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  247.082560][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  247.084799][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  247.102384][   T12] veth1_macvtap: left promiscuous mode
[  247.104145][   T12] veth0_macvtap: left promiscuous mode
[  247.105875][   T12] veth1_vlan: left promiscuous mode
[  247.108351][    C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  247.108767][   T12] veth0_vlan: left promiscuous mode
[  247.110836][    C0] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  247.117923][ T5886] usb 7-1: USB disconnect, device number 9
[  247.188554][   T56] Bluetooth: hci0: command tx timeout
[  247.626895][   T12] team0 (unregistering): Port device team_slave_1 removed
[  247.699866][T10877] loop6: detected capacity change from 0 to 2048
[  247.762593][T10877]  loop6: p3 < > p4 < >
[  247.764343][T10877] loop6: partition table partially beyond EOD, truncated
[  247.769725][   T12] team0 (unregistering): Port device team_slave_0 removed
[  247.800778][T10877] loop6: p3 start 4284289 is beyond EOD, truncated
[  247.812990][ T5296]  loop6: p3 < > p4 < >
[  247.814666][ T5296] loop6: partition table partially beyond EOD, truncated
[  247.827587][ T5296] loop6: p3 start 4284289 is beyond EOD, truncated
[  247.884611][ T5948] udevd[5948]: inotify_add_watch(7, /dev/loop6p4, 10) failed: No such file or directory
[  247.910561][ T5948] udevd[5948]: inotify_add_watch(7, /dev/loop6p4, 10) failed: No such file or directory
[  248.196509][T10885] loop4: detected capacity change from 0 to 32768
[  248.200716][T10885] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1645 (10885)
[  248.215620][T10885] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  248.220949][T10885] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  248.224267][T10885] BTRFS info (device loop4): using free-space-tree
[  248.998841][ T6458] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  249.263526][   T56] Bluetooth: hci0: command tx timeout
[  249.288259][T10823] bridge0: port 1(bridge_slave_0) entered blocking state
[  249.291155][T10823] bridge0: port 1(bridge_slave_0) entered disabled state
[  249.293957][T10823] bridge_slave_0: entered allmulticast mode
[  249.301981][T10910] loop4: detected capacity change from 0 to 2048
[  249.324159][T10823] bridge_slave_0: entered promiscuous mode
[  249.328642][T10823] bridge0: port 2(bridge_slave_1) entered blocking state
[  249.331401][T10823] bridge0: port 2(bridge_slave_1) entered disabled state
[  249.353168][T10910] Alternate GPT is invalid, using primary GPT.
[  249.355210][T10910]  loop4: p1 p2 p3
[  249.356416][T10910] loop4: partition table partially beyond EOD, truncated
[  249.358979][T10823] bridge_slave_1: entered allmulticast mode
[  249.362318][T10823] bridge_slave_1: entered promiscuous mode
[  249.475252][T10823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  249.488569][ T5847] udevd[5847]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  249.490412][ T5948] udevd[5948]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  249.500925][T10823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  249.631201][T10823] team0: Port device team_slave_0 added
[  249.638735][T10823] team0: Port device team_slave_1 added
[  249.725815][T10823] batman_adv: batadv0: Adding interface: batadv_slave_0
[  249.735519][T10823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  249.748796][T10823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  249.767381][T10823] batman_adv: batadv0: Adding interface: batadv_slave_1
[  249.769568][T10823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  249.778366][T10823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  249.823580][T10823] hsr_slave_0: entered promiscuous mode
[  249.826286][T10823] hsr_slave_1: entered promiscuous mode
[  249.954116][   T12] IPVS: stop unused estimator thread 0...
[  250.152771][T10934] netlink: 'syz.6.1652': attribute type 1 has an invalid length.
[  250.155852][T10934] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1652'.
[  250.192079][T10823] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  250.216853][T10823] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  250.224791][T10823] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  250.251882][T10823] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  250.315364][T10924] loop4: detected capacity change from 0 to 40427
[  250.335460][T10924] F2FS-fs: heap/no_heap options were deprecated
[  250.339005][T10924] F2FS-fs (loop4): build fault injection rate: 19
[  250.341405][T10924] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  250.374656][T10924] F2FS-fs (loop4): invalid crc value
[  250.404203][T10924] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  250.470463][T10823] 8021q: adding VLAN 0 to HW filter on device bond0
[  250.476369][T10924] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  250.482313][T10924] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  250.488817][T10924] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  250.495979][T10823] 8021q: adding VLAN 0 to HW filter on device team0
[  250.510477][   T54] bridge0: port 1(bridge_slave_0) entered blocking state
[  250.512702][   T54] bridge0: port 1(bridge_slave_0) entered forwarding state
[  250.516022][   T54] bridge0: port 2(bridge_slave_1) entered blocking state
[  250.518320][   T54] bridge0: port 2(bridge_slave_1) entered forwarding state
[  250.535843][T10924] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  250.552989][T10924] F2FS-fs (loop4): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x11a/0xab0
[  250.605688][ T6458] syz-executor: attempt to access beyond end of device
[  250.605688][ T6458] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  250.614732][ T6458] CPU: 1 UID: 0 PID: 6458 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  250.614746][ T6458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  250.614751][ T6458] Call Trace:
[  250.614755][ T6458]  <TASK>
[  250.614759][ T6458]  dump_stack_lvl+0x189/0x250
[  250.614774][ T6458]  ? __pfx_dump_stack_lvl+0x10/0x10
[  250.614784][ T6458]  ? __pfx_queue_work_on+0x10/0x10
[  250.614792][ T6458]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  250.614802][ T6458]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  250.614816][ T6458]  f2fs_handle_critical_error+0x37c/0x540
[  250.614831][ T6458]  f2fs_write_end_io+0x886/0xb60
[  250.614846][ T6458]  __submit_merged_bio+0x27a/0x6a0
[  250.614859][ T6458]  __submit_merged_write_cond+0x255/0x530
[  250.614872][ T6458]  f2fs_write_data_pages+0x261d/0x3000
[  250.614898][ T6458]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  250.614933][ T6458]  ? folios_put_refs+0x559/0x640
[  250.614948][ T6458]  ? __lock_acquire+0xab9/0xd20
[  250.614963][ T6458]  ? do_raw_spin_lock+0x121/0x290
[  250.614977][ T6458]  ? do_raw_spin_unlock+0x4d/0x240
[  250.614986][ T6458]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  250.614997][ T6458]  do_writepages+0x32e/0x550
[  250.615011][ T6458]  ? do_raw_spin_unlock+0x4d/0x240
[  250.615022][ T6458]  filemap_fdatawrite+0x199/0x240
[  250.615037][ T6458]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  250.615068][ T6458]  ? do_raw_spin_unlock+0x4d/0x240
[  250.615079][ T6458]  f2fs_sync_dirty_inodes+0x31f/0x830
[  250.615114][ T6458]  f2fs_write_checkpoint+0x95a/0x1df0
[  250.615134][ T6458]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  250.615163][ T6458]  ? kill_f2fs_super+0x298/0x6c0
[  250.615173][ T6458]  kill_f2fs_super+0x2c3/0x6c0
[  250.615184][ T6458]  ? __pfx_kill_f2fs_super+0x10/0x10
[  250.615190][ T6458]  ? radix_tree_delete_item+0x2b6/0x400
[  250.615203][ T6458]  ? shrinker_free+0x2ce/0x3e0
[  250.615213][ T6458]  deactivate_locked_super+0xbc/0x130
[  250.615224][ T6458]  cleanup_mnt+0x425/0x4c0
[  250.615233][ T6458]  ? lockdep_hardirqs_on+0x9c/0x150
[  250.615244][ T6458]  task_work_run+0x1d4/0x260
[  250.615262][ T6458]  ? __pfx_task_work_run+0x10/0x10
[  250.615276][ T6458]  ? __x64_sys_umount+0x122/0x160
[  250.615295][ T6458]  ? exit_to_user_mode_loop+0x40/0x110
[  250.615316][ T6458]  exit_to_user_mode_loop+0xec/0x110
[  250.615333][ T6458]  do_syscall_64+0x2bd/0x3b0
[  250.615350][ T6458]  ? lockdep_hardirqs_on+0x9c/0x150
[  250.615367][ T6458]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.615381][ T6458]  ? exc_page_fault+0x9f/0xf0
[  250.615397][ T6458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.615404][ T6458] RIP: 0033:0x7f498cd8ff17
[  250.615413][ T6458] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  250.615420][ T6458] RSP: 002b:00007ffc93276c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  250.615429][ T6458] RAX: 0000000000000000 RBX: 00007f498ce11c05 RCX: 00007f498cd8ff17
[  250.615434][ T6458] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc93276d30
[  250.615439][ T6458] RBP: 00007ffc93276d30 R08: 0000000000000000 R09: 0000000000000000
[  250.615443][ T6458] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc93277dc0
[  250.615448][ T6458] R13: 00007f498ce11c05 R14: 000000000003d260 R15: 00007ffc93277e00
[  250.615461][ T6458]  </TASK>
[  250.615465][ T6458] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  250.684288][T10823] 8021q: adding VLAN 0 to HW filter on device batadv0
[  250.735708][ T5886] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  250.919153][ T5886] usb 7-1: Using ep0 maxpacket: 32
[  250.922213][ T5886] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  250.925605][ T5886] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[  250.932447][ T5886] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.937454][ T5886] usb 7-1: config 0 descriptor??
[  251.139038][T10823] veth0_vlan: entered promiscuous mode
[  251.158444][T10823] veth1_vlan: entered promiscuous mode
[  251.183007][T10823] veth0_macvtap: entered promiscuous mode
[  251.190953][T10823] veth1_macvtap: entered promiscuous mode
[  251.203267][T10823] batman_adv: batadv0: Interface activated: batadv_slave_0
[  251.218679][T10823] batman_adv: batadv0: Interface activated: batadv_slave_1
[  251.230684][ T5861] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  251.248679][ T5861] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  251.286254][ T5861] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  251.292272][ T5861] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  251.347428][   T56] Bluetooth: hci0: command tx timeout
[  251.354118][ T5886] koneplus 0003:1E7D:2D51.000B: unknown main item tag 0x0
[  251.356506][ T5886] koneplus 0003:1E7D:2D51.000B: unknown main item tag 0x0
[  251.373622][ T5886] koneplus 0003:1E7D:2D51.000B: unknown main item tag 0x0
[  251.376160][ T5886] koneplus 0003:1E7D:2D51.000B: unknown main item tag 0x0
[  251.384337][T10994] program syz.4.1657 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  251.387216][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  251.390632][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  251.397734][ T5886] koneplus 0003:1E7D:2D51.000B: unknown main item tag 0x0
[  251.410849][ T5886] koneplus 0003:1E7D:2D51.000B: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.6-1/input0
[  251.437779][ T3547] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  251.440408][ T3547] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  251.632492][ T5886] koneplus 0003:1E7D:2D51.000B: couldn't init struct koneplus_device
[  251.635213][ T5886] koneplus 0003:1E7D:2D51.000B: couldn't install mouse
[  251.644766][ T5886] koneplus 0003:1E7D:2D51.000B: probe with driver koneplus failed with error -71
[  251.663645][ T5886] usb 7-1: USB disconnect, device number 10
[  251.925477][T11037] netlink: 'syz.4.1671': attribute type 1 has an invalid length.
[  251.934730][T11037] netlink: 'syz.4.1671': attribute type 1 has an invalid length.
[  252.197509][ T5886] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  252.300727][T11060] loop6: detected capacity change from 0 to 256
[  252.320927][T11060] FAT-fs (loop6): Directory bread(block 64) failed
[  252.324299][T11060] FAT-fs (loop6): Directory bread(block 65) failed
[  252.327693][T11060] FAT-fs (loop6): Directory bread(block 66) failed
[  252.332851][T11060] FAT-fs (loop6): Directory bread(block 67) failed
[  252.341005][T11060] FAT-fs (loop6): Directory bread(block 68) failed
[  252.346361][T11060] FAT-fs (loop6): Directory bread(block 69) failed
[  252.349096][T11060] FAT-fs (loop6): Directory bread(block 70) failed
[  252.351256][T11060] FAT-fs (loop6): Directory bread(block 71) failed
[  252.353475][T11060] FAT-fs (loop6): Directory bread(block 72) failed
[  252.355704][T11060] FAT-fs (loop6): Directory bread(block 73) failed
[  252.376065][   T33] audit: type=1800 audit(1755548222.115:350): pid=11060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1676" name="bus" dev="loop6" ino=1048666 res=0 errno=0
[  252.385614][ T5886] usb 5-1: Using ep0 maxpacket: 16
[  252.393083][ T5886] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  252.396369][ T5886] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  252.402345][ T5886] usb 5-1: config 0 has no interface number 0
[  252.414892][ T5886] usb 5-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28
[  252.418800][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.421819][ T5886] usb 5-1: Product: syz
[  252.426706][ T5886] usb 5-1: Manufacturer: syz
[  252.433676][ T5886] usb 5-1: SerialNumber: syz
[  252.444560][ T5886] usb 5-1: config 0 descriptor??
[  252.465654][ T5886] uvcvideo 5-1:0.105: probe with driver uvcvideo failed with error -22
[  252.488933][T11067] batadv_slave_0: entered promiscuous mode
[  252.495897][T11067] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1677'.
[  252.500849][T11067] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  252.530051][T11067] batadv_slave_0 (unregistering): left promiscuous mode
[  252.532543][T11067] batman_adv: batadv0: Removing interface: batadv_slave_0
[  252.670827][ T5886] usb 5-1: USB disconnect, device number 14
[  253.509309][T11109] loop4: detected capacity change from 0 to 128
[  253.552246][T11109] ufs: You didn't specify the type of your ufs filesystem
[  253.552246][T11109] 
[  253.552246][T11109] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  253.552246][T11109] 
[  253.552246][T11109] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  253.575465][T11109] ufs: ufstype=old is supported read-only
[  253.601604][T11109] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2
[  253.982186][T11118] loop4: detected capacity change from 0 to 8
[  254.003000][T11118] unable to read id index table
[  254.300331][T11121] dummy0: entered promiscuous mode
[  254.302992][T11121] dummy0: entered allmulticast mode
[  255.264801][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  255.269002][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  255.609285][T11163] netlink: 'syz.6.1704': attribute type 10 has an invalid length.
[  255.613101][T11163] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.616652][T11163] bridge0: port 1(bridge_slave_0) entered disabled state
[  255.627514][T11163] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.630114][T11163] bridge0: port 2(bridge_slave_1) entered forwarding state
[  255.633505][T11163] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.635859][T11163] bridge0: port 1(bridge_slave_0) entered forwarding state
[  255.642860][T11163] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  255.933417][T11178] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  256.054477][T11183] loop7: detected capacity change from 0 to 512
[  256.076322][T11183] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  256.090559][T11183] EXT4-fs (loop7): ext4_check_descriptors: Inode table for group 0 not in group (block 34)!
[  256.107597][T11183] EXT4-fs (loop7): group descriptors corrupted!
[  256.121318][T11187] netlink: 392 bytes leftover after parsing attributes in process `syz.4.1715'.
[  256.125020][T11187] ==================================================================
[  256.128341][T11187] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x570/0xf30
[  256.131478][T11187] Read of size 4 at addr ffff888031778e44 by task syz.4.1715/11187
[  256.135566][T11187] 
[  256.137037][T11187] CPU: 0 UID: 0 PID: 11187 Comm: syz.4.1715 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  256.137059][T11187] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  256.137069][T11187] Call Trace:
[  256.137077][T11187]  <TASK>
[  256.137084][T11187]  dump_stack_lvl+0x189/0x250
[  256.137107][T11187]  ? __kasan_check_byte+0x12/0x40
[  256.137130][T11187]  ? __pfx_dump_stack_lvl+0x10/0x10
[  256.137146][T11187]  ? lock_release+0x4b/0x3e0
[  256.137165][T11187]  ? __virt_addr_valid+0x4a5/0x5c0
[  256.137186][T11187]  print_report+0xca/0x240
[  256.137200][T11187]  ? xfrm_alloc_spi+0x570/0xf30
[  256.137217][T11187]  kasan_report+0x118/0x150
[  256.137237][T11187]  ? xfrm_alloc_spi+0x570/0xf30
[  256.137254][T11187]  xfrm_alloc_spi+0x570/0xf30
[  256.137267][T11187]  ? xfrm_alloc_spi+0x2a0/0xf30
[  256.137287][T11187]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  256.137301][T11187]  ? xfrm_find_acq+0x87/0xa0
[  256.137318][T11187]  xfrm_alloc_userspi+0x70b/0xc90
[  256.137340][T11187]  ? apparmor_capable+0x137/0x1b0
[  256.137356][T11187]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  256.137373][T11187]  ? __nla_parse+0x40/0x60
[  256.137396][T11187]  xfrm_user_rcv_msg+0x7a3/0xab0
[  256.137413][T11187]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  256.137438][T11187]  ? __pfx___mutex_trylock_common+0x10/0x10
[  256.137454][T11187]  ? rcu_is_watching+0x15/0xb0
[  256.137467][T11187]  ? trace_contention_end+0x39/0x120
[  256.137481][T11187]  ? __mutex_lock+0x335/0x1360
[  256.137501][T11187]  netlink_rcv_skb+0x208/0x470
[  256.137520][T11187]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  256.137536][T11187]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  256.137557][T11187]  ? netlink_deliver_tap+0x2e/0x1b0
[  256.137574][T11187]  ? netlink_deliver_tap+0x2e/0x1b0
[  256.137592][T11187]  xfrm_netlink_rcv+0x79/0x90
[  256.137606][T11187]  netlink_unicast+0x82f/0x9e0
[  256.137625][T11187]  ? __pfx_netlink_unicast+0x10/0x10
[  256.137641][T11187]  ? netlink_sendmsg+0x642/0xb30
[  256.137659][T11187]  ? skb_put+0x11b/0x210
[  256.137671][T11187]  netlink_sendmsg+0x805/0xb30
[  256.137723][T11187]  ? __pfx_netlink_sendmsg+0x10/0x10
[  256.137743][T11187]  ? aa_sock_msg_perm+0xf1/0x1d0
[  256.137764][T11187]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  256.137780][T11187]  ? __pfx_netlink_sendmsg+0x10/0x10
[  256.137799][T11187]  __sock_sendmsg+0x21c/0x270
[  256.137822][T11187]  ____sys_sendmsg+0x505/0x830
[  256.137838][T11187]  ? __pfx_____sys_sendmsg+0x10/0x10
[  256.137854][T11187]  ? import_iovec+0x74/0xa0
[  256.137870][T11187]  ___sys_sendmsg+0x21f/0x2a0
[  256.137884][T11187]  ? __pfx____sys_sendmsg+0x10/0x10
[  256.137908][T11187]  ? __fget_files+0x2a/0x420
[  256.137920][T11187]  ? __fget_files+0x3a0/0x420
[  256.137934][T11187]  __x64_sys_sendmsg+0x19b/0x260
[  256.137947][T11187]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  256.137963][T11187]  ? rcu_is_watching+0x15/0xb0
[  256.137976][T11187]  ? do_syscall_64+0xbe/0x3b0
[  256.137995][T11187]  do_syscall_64+0xfa/0x3b0
[  256.138013][T11187]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.138029][T11187]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.138042][T11187]  ? exc_page_fault+0x9f/0xf0
[  256.138059][T11187]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.138072][T11187] RIP: 0033:0x7f498cd8ebe9
[  256.138084][T11187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  256.138096][T11187] RSP: 002b:00007f498dca5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  256.138111][T11187] RAX: ffffffffffffffda RBX: 00007f498cfb5fa0 RCX: 00007f498cd8ebe9
[  256.138121][T11187] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[  256.138130][T11187] RBP: 00007f498ce11e19 R08: 0000000000000000 R09: 0000000000000000
[  256.138139][T11187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  256.138147][T11187] R13: 00007f498cfb6038 R14: 00007f498cfb5fa0 R15: 00007ffc932779e8
[  256.138163][T11187]  </TASK>
[  256.138168][T11187] 
[  256.273749][T11187] Allocated by task 10070:
[  256.275370][T11187]  kasan_save_track+0x3e/0x80
[  256.277021][T11187]  __kasan_slab_alloc+0x6c/0x80
[  256.278949][T11187]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  256.280652][T11187]  xfrm_state_alloc+0x24/0x2f0
[  256.282283][T11187]  __find_acq_core+0x8a7/0x1c00
[  256.283833][T11187]  xfrm_find_acq+0x78/0xa0
[  256.285242][T11187]  xfrm_alloc_userspi+0x6b3/0xc90
[  256.287088][T11187]  xfrm_user_rcv_msg+0x7a3/0xab0
[  256.288943][T11187]  netlink_rcv_skb+0x208/0x470
[  256.290770][T11187]  xfrm_netlink_rcv+0x79/0x90
[  256.292427][T11187]  netlink_unicast+0x82f/0x9e0
[  256.294164][T11187]  netlink_sendmsg+0x805/0xb30
[  256.296029][T11187]  __sock_sendmsg+0x21c/0x270
[  256.297907][T11187]  ____sys_sendmsg+0x505/0x830
[  256.299806][T11187]  ___sys_sendmsg+0x21f/0x2a0
[  256.301614][T11187]  __x64_sys_sendmsg+0x19b/0x260
[  256.303509][T11187]  do_syscall_64+0xfa/0x3b0
[  256.305250][T11187]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.307509][T11187] 
[  256.308442][T11187] Freed by task 5886:
[  256.309980][T11187]  kasan_save_track+0x3e/0x80
[  256.311764][T11187]  kasan_save_free_info+0x46/0x50
[  256.313700][T11187]  __kasan_slab_free+0x5b/0x80
[  256.315524][T11187]  kmem_cache_free+0x18f/0x400
[  256.317379][T11187]  xfrm_state_gc_task+0x52d/0x6b0
[  256.319296][T11187]  process_scheduled_works+0xae1/0x17b0
[  256.321391][T11187]  worker_thread+0x8a0/0xda0
[  256.323169][T11187]  kthread+0x711/0x8a0
[  256.324744][T11187]  ret_from_fork+0x3fc/0x770
[  256.326528][T11187]  ret_from_fork_asm+0x1a/0x30
[  256.328372][T11187] 
[  256.329290][T11187] The buggy address belongs to the object at ffff888031778d80
[  256.329290][T11187]  which belongs to the cache xfrm_state of size 928
[  256.333920][T11187] The buggy address is located 196 bytes inside of
[  256.333920][T11187]  freed 928-byte region [ffff888031778d80, ffff888031779120)
[  256.338496][T11187] 
[  256.339357][T11187] The buggy address belongs to the physical page:
[  256.341580][T11187] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888031778900 pfn:0x31778
[  256.345086][T11187] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  256.347777][T11187] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  256.350231][T11187] page_type: f5(slab)
[  256.351694][T11187] raw: 00fff00000000040 ffff888104ccac80 dead000000000122 0000000000000000
[  256.354727][T11187] raw: ffff888031778900 00000000800e000d 00000000f5000000 0000000000000000
[  256.357557][T11187] head: 00fff00000000040 ffff888104ccac80 dead000000000122 0000000000000000
[  256.360642][T11187] head: ffff888031778900 00000000800e000d 00000000f5000000 0000000000000000
[  256.363483][T11187] head: 00fff00000000002 ffffea0000c5de01 00000000ffffffff 00000000ffffffff
[  256.366191][T11187] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  256.368804][T11187] page dumped because: kasan: bad access detected
[  256.370740][T11187] page_owner tracks the page as allocated
[  256.372652][T11187] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6140, tgid 6139 (syz.1.84), ts 74340950713, free_ts 67029927208
[  256.379287][T11187]  post_alloc_hook+0x240/0x2a0
[  256.380977][T11187]  get_page_from_freelist+0x21e4/0x22c0
[  256.382689][T11187]  __alloc_frozen_pages_noprof+0x181/0x370
[  256.384552][T11187]  alloc_pages_mpol+0x232/0x4a0
[  256.386453][T11187]  allocate_slab+0x8a/0x370
[  256.388043][T11187]  ___slab_alloc+0xbeb/0x1410
[  256.389569][T11187]  kmem_cache_alloc_noprof+0x283/0x3c0
[  256.391582][T11187]  xfrm_state_alloc+0x24/0x2f0
[  256.393415][T11187]  pfkey_add+0x6e4/0x2e00
[  256.395023][T11187]  pfkey_sendmsg+0xbfe/0x1090
[  256.396627][T11187]  __sock_sendmsg+0x21c/0x270
[  256.398116][T11187]  ____sys_sendmsg+0x505/0x830
[  256.399590][T11187]  ___sys_sendmsg+0x21f/0x2a0
[  256.401045][T11187]  __x64_sys_sendmsg+0x19b/0x260
[  256.402567][T11187]  do_syscall_64+0xfa/0x3b0
[  256.404058][T11187]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.406187][T11187] page last free pid 5859 tgid 5859 stack trace:
[  256.408433][T11187]  __free_frozen_pages+0xbc4/0xd30
[  256.410198][T11187]  __put_partials+0x156/0x1a0
[  256.411809][T11187]  put_cpu_partial+0x17c/0x250
[  256.413731][T11187]  __slab_free+0x2d5/0x3c0
[  256.415326][T11187]  qlist_free_all+0x97/0x140
[  256.416920][T11187]  kasan_quarantine_reduce+0x148/0x160
[  256.418754][T11187]  __kasan_slab_alloc+0x22/0x80
[  256.420682][T11187]  __kmalloc_noprof+0x224/0x4f0
[  256.422352][T11187]  tomoyo_realpath_from_path+0xe3/0x5d0
[  256.424210][T11187]  tomoyo_path_perm+0x213/0x4b0
[  256.425967][T11187]  security_inode_getattr+0x12f/0x330
[  256.427779][T11187]  vfs_fstatat+0xb1/0x170
[  256.429242][T11187]  __x64_sys_newfstatat+0x116/0x190
[  256.431078][T11187]  do_syscall_64+0xfa/0x3b0
[  256.432824][T11187]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.435069][T11187] 
[  256.436009][T11187] Memory state around the buggy address:
[  256.438153][T11187]  ffff888031778d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  256.441184][T11187]  ffff888031778d80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  256.443799][T11187] >ffff888031778e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  256.446478][T11187]                                            ^
[  256.448508][T11187]  ffff888031778e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  256.451321][T11187]  ffff888031778f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  256.453898][T11187] ==================================================================
[  256.456898][    C0] vkms_vblank_simulate: vblank timer overrun
[  256.458947][T11187] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  256.461093][T11187] CPU: 0 UID: 0 PID: 11187 Comm: syz.4.1715 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  256.464787][T11187] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  256.468030][T11187] Call Trace:
[  256.469067][T11187]  <TASK>
[  256.470098][T11187]  dump_stack_lvl+0x99/0x250
[  256.471767][T11187]  ? __asan_memcpy+0x40/0x70
[  256.473282][T11187]  ? __pfx_dump_stack_lvl+0x10/0x10
[  256.475042][T11187]  ? __pfx__printk+0x10/0x10
[  256.476769][T11187]  vpanic+0x281/0x750
[  256.478003][T11187]  ? __pfx_vpanic+0x10/0x10
[  256.479409][T11187]  ? irqentry_exit+0x74/0x90
[  256.481327][T11187]  panic+0xb9/0xc0
[  256.482643][T11187]  ? __pfx_panic+0x10/0x10
[  256.484164][T11187]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  256.486308][T11187]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  256.488588][T11187]  ? xfrm_alloc_spi+0x570/0xf30
[  256.490303][T11187]  check_panic_on_warn+0x89/0xb0
[  256.491822][T11187]  ? xfrm_alloc_spi+0x570/0xf30
[  256.493331][T11187]  end_report+0x78/0x160
[  256.494773][T11187]  kasan_report+0x129/0x150
[  256.496296][T11187]  ? xfrm_alloc_spi+0x570/0xf30
[  256.498029][T11187]  xfrm_alloc_spi+0x570/0xf30
[  256.499697][T11187]  ? xfrm_alloc_spi+0x2a0/0xf30
[  256.501208][T11187]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  256.502862][T11187]  ? xfrm_find_acq+0x87/0xa0
[  256.504359][T11187]  xfrm_alloc_userspi+0x70b/0xc90
[  256.506104][T11187]  ? apparmor_capable+0x137/0x1b0
[  256.507762][T11187]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  256.509804][T11187]  ? __nla_parse+0x40/0x60
[  256.511193][T11187]  xfrm_user_rcv_msg+0x7a3/0xab0
[  256.512749][T11187]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  256.514444][T11187]  ? __pfx___mutex_trylock_common+0x10/0x10
[  256.516280][T11187]  ? rcu_is_watching+0x15/0xb0
[  256.517947][T11187]  ? trace_contention_end+0x39/0x120
[  256.519741][T11187]  ? __mutex_lock+0x335/0x1360
[  256.521244][T11187]  netlink_rcv_skb+0x208/0x470
[  256.522766][T11187]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  256.524516][T11187]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  256.526164][T11187]  ? netlink_deliver_tap+0x2e/0x1b0
[  256.527877][T11187]  ? netlink_deliver_tap+0x2e/0x1b0
[  256.529724][T11187]  xfrm_netlink_rcv+0x79/0x90
[  256.531369][T11187]  netlink_unicast+0x82f/0x9e0
[  256.533109][T11187]  ? __pfx_netlink_unicast+0x10/0x10
[  256.535032][T11187]  ? netlink_sendmsg+0x642/0xb30
[  256.536941][T11187]  ? skb_put+0x11b/0x210
[  256.538573][T11187]  netlink_sendmsg+0x805/0xb30
[  256.540369][T11187]  ? __pfx_netlink_sendmsg+0x10/0x10
[  256.542078][T11187]  ? aa_sock_msg_perm+0xf1/0x1d0
[  256.543833][T11187]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  256.545516][T11187]  ? __pfx_netlink_sendmsg+0x10/0x10
[  256.547173][T11187]  __sock_sendmsg+0x21c/0x270
[  256.548682][T11187]  ____sys_sendmsg+0x505/0x830
[  256.550567][T11187]  ? __pfx_____sys_sendmsg+0x10/0x10
[  256.552528][T11187]  ? import_iovec+0x74/0xa0
[  256.554014][T11187]  ___sys_sendmsg+0x21f/0x2a0
[  256.555543][T11187]  ? __pfx____sys_sendmsg+0x10/0x10
[  256.557248][T11187]  ? __fget_files+0x2a/0x420
[  256.558878][T11187]  ? __fget_files+0x3a0/0x420
[  256.560468][T11187]  __x64_sys_sendmsg+0x19b/0x260
[  256.562066][T11187]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  256.563810][T11187]  ? rcu_is_watching+0x15/0xb0
[  256.565367][T11187]  ? do_syscall_64+0xbe/0x3b0
[  256.566837][T11187]  do_syscall_64+0xfa/0x3b0
[  256.568324][T11187]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.570420][T11187]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.572595][T11187]  ? exc_page_fault+0x9f/0xf0
[  256.574080][T11187]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.576022][T11187] RIP: 0033:0x7f498cd8ebe9
[  256.577440][T11187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  256.583526][T11187] RSP: 002b:00007f498dca5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  256.586149][T11187] RAX: ffffffffffffffda RBX: 00007f498cfb5fa0 RCX: 00007f498cd8ebe9
[  256.588707][T11187] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[  256.591616][T11187] RBP: 00007f498ce11e19 R08: 0000000000000000 R09: 0000000000000000
[  256.594082][T11187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  256.596586][T11187] R13: 00007f498cfb6038 R14: 00007f498cfb5fa0 R15: 00007ffc932779e8
[  256.599094][T11187]  </TASK>
[  256.600597][T11187] Kernel Offset: disabled
[  256.601988][T11187] Rebooting in 86400 seconds..

VM DIAGNOSIS:
20:17:06  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000015aa RDI=00000000000015ab RBP=00000000000003f8 RSP=ffffc900044469f0
R8 =ffff888107b70237 R9 =1ffff11020f6e046 R10=dffffc0000000000 R11=ffffffff854efeb0
R12=dffffc0000000000 R13=ffffffff99af9907 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854eff2c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f498dca56c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c3213d3 CR3=000000003cbc4000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f498cf87498 00007f498cf87470 XMM03=00007f498cf874a8 00007f498cf874a0
XMM04=00007f498daed100 00007f498cf87460 XMM05=00007f498cf87478 00007f498cf874c0
XMM06=00007f498cf874b8 00007f498cf874b0 XMM07=00007f498cf874a8 00007f498cf874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f498ce12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=1ffff11009608341 RCX=ffff888106bf9cc0 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=ffffc90006e8f7e0 RSP=ffffc90006e8f660
R8 =ffffffff8fa37e37 R9 =1ffffffff1f46fc6 R10=dffffc0000000000 R11=fffffbfff1f46fc7
R12=ffff88804b041a08 R13=dffffc0000000000 R14=ffff88813663b1c0 R15=0000000000000000
RIP=ffffffff81b44d38 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000080 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=00ff000000000000 ff00000000000000 XMM05=000000000000021d 000000001a30312e
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffffffffffff0000 ffffffff00000000 XMM09=00000000000002c1 000000003530312e
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
