last executing test programs:

1m42.202400705s ago: executing program 3 (id=2978):
fsopen(&(0x7f0000000340)='ext4\x00', 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m41.915719908s ago: executing program 3 (id=2980):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000240)="aabbcc", 0x3}], 0x1}}], 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x10, 0x34, 0x1}, 0x10}], 0x1}, 0x0)
r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400000000000000", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1m40.190457318s ago: executing program 3 (id=2991):
socket$packet(0x11, 0x3, 0x300) (async)
syz_emit_ethernet(0x36, &(0x7f0000000040)=ANY=[], 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @empty, 0x20000007}, 0x1c) (async)
sendto$inet6(r0, &(0x7f00000007c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac2e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f232b81bc5c398be3bbddb23a1edaa79b651480289b9eb571b2b9cc61c3e6e8aab7d91dddada2bca1dd275bca7d4111161ed4e95aacb80000000000", 0xd1, 0x40000, 0x0, 0xfffffffffffffe6a) (async)
setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000080), 0x4) (async)
r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_submit(r2, r3, &(0x7f00000003c0)=@IORING_OP_RECVMSG={0xa, 0x32, 0x0, r4, 0x0, 0x0, 0x0, 0xf70948170f5b281b, 0x0, {0x1}}) (async)
r5 = memfd_secret(0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0xfd, 0x0, 0x7fff0000}]}) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x10000000) (async)
futimesat(r5, 0x0, 0x0) (async)
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) (async)
r6 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000040)={0x0, 0x0, 0x1}, 0x10) (async)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000300)={[{@test_dummy_encryption_v1}, {@journal_checksum}, {@max_batch_time={'max_batch_time', 0x3d, 0x1}}], [{@audit}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==")
r7 = socket$l2tp(0x2, 0x2, 0x73)
bind$l2tp(r7, &(0x7f0000000200)={0x2, 0x0, @multicast1, 0x1}, 0x10)
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') (async)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804071, 0x0, 0x0, 0x0, &(0x7f0000000140))
mknod$loop(&(0x7f0000000380)='./mnt\x00', 0x2000, 0x1) (async)
creat(&(0x7f0000000d80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) (async)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYRES16=r1], &(0x7f0000000440)='GPL\x00', 0x4, 0x99, &(0x7f0000000480)=""/153}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10) (async)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) (async)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r10, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x4c, r9, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x8, 0x8e, 0x1}}]}, 0x96}}, 0x0) (async)
r11 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
flock(r11, 0x5)

1m40.147529692s ago: executing program 3 (id=2992):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x28, 0x0, 0x2, 0x401, 0x0, 0x0, {0x2}, [@CTA_EXPECT_HELP_NAME={0xe, 0x6, 'snmp_trap\x00'}, @CTA_EXPECT_MASK={0x4}]}, 0x28}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x1210080, &(0x7f0000000200)={[{@uid}, {@umask={'umask', 0x3d, 0x97}}, {@iocharset={'iocharset', 0x3d, 'iso8859-7'}}, {@creator={'creator', 0x3d, "0691aaf6"}}, {@umask={'umask', 0x3d, 0x472}}, {@dir_umask={'dir_umask', 0x3d, 0x400}}, {@codepage={'codepage', 0x3d, 'maccroatian'}}, {@uid}]}, 0x7, 0x318, &(0x7f00000004c0)="$eJzs3U1rE08cB/Dv7CZp8m/pf20rBY/VgqfS1oPixSLFi2/AgxRrm0LpWkEraEGMnkW8CYJHb55F34JexDegpx7Ek16CB1dmZmcf0tnNQ9tsQr4faJrszsNvdnayMynpgohG1tXVb28vHMgfUQbgArgMOACqQAnAacxWH+zube/59c28glyVQ/4I6JziUJqN3botq8yncoQ8+aqEieQ2OhlBEATf26b61ZdYqDhCj/1DHGAsHJ1qf7XvkZ2Mhm7XaEn0sGiiiYeYLDIcIiIqXnj9d8KrxEQ4f3ccYD6chw/79T81v2kWF8dAiK7/jn4dCHl8/le74vWeWsLJ3nfMKtFWlvWcCOLDXYE+s1IdINqtKlUsTm1r268vNFQBz3AllEg2ox43YRqiZEVb0b/mLGvTHHltzzeu2lCWbVjOiH+66xo//sAre3VrnzuISXwSX8Sa8PAam9H8rxQIeXDU8fFaekrHv5hdomqlp1OlWhmv30+pSs6YHvjwLm5lLeu4VuHKWGxkKaJ1/u6ZOF9WsnNhCumPFXTrlrJbp3JNW3MtR6//WHPNtOaqbZX9+sLGXT/3o5RjY13RiRfihpjDT7zHamL+78jU88gemalRLlTK8MzIbU9JpczoxxQ1gO90NTJJuWbt6HzPcRuXMHn/0f7Ouu/X7xX/xAyVAYlHn4jh6Si3yN+JNKjKJ2UAx1bp3yAIrLtK6EeTy6qpF9/ETd7fWRcN/fJoVaARFWh2rWQnBrACINxi3hF6qf1JlGssLrCj7L9lb6st9hPSRNWHE9JUldrlYqyjkVLrodLrj3fW/Z7eiWjIxJ2O2ZtFB0NFkPMuodd/ifXKonrXkQ9ezmokaFd4osSljBXQlHr8r7MVXFRs5jxx3Dxps+Y6ex4411KjA1Pj09ZivTBODOJfJbv/U4ZYxVfc4uf/RERERERERERERERERERERERERETDpttvI/TydYJ0jQcj+I83iIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiOJnH/X8BVd4ypFH7/X7eD+/+a+1IQUc/+BQAA//8KX2Ch")
mount$nfs(&(0x7f0000000540)='\xb2\x83\x87J9I\xc3i\xe4\x81\xc5:\xccLD\x9d\xd8\xc7\x90v\x8b\x82\x90\xa4\xdd\x98\xb8\rQh#\xfacl\x01\x8cC\x1f|\xa5\xcb\x8f\xe5WJ\x00>\xf2\xd6\t\xf4IE\xcb\x15A\xb5\xbbG\xa0\xea\xc4\x03\xf2\xf5\xf4\xa1\x98', &(0x7f0000000240)='./file0\x00', 0x0, 0x201008, 0x0)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r1, 0x0, 0x80000000, &(0x7f0000000300))
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
shutdown(r2, 0x2000000)

1m39.884043433s ago: executing program 3 (id=2997):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000240)="aabbcc", 0x3}], 0x1}}], 0x2, 0x0)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x10, 0x34, 0x1}, 0x10}], 0x1}, 0x0)
r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a", 0x2, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000000000", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1m39.403956612s ago: executing program 3 (id=3001):
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1000801, &(0x7f0000000240)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES32, @ANYRES8, @ANYBLOB="c2e94ee0f66d0c86acff85da"], 0x2, 0x1ff, &(0x7f00000003c0)="$eJzsmTGLE0EUx/8zu0nOIIqNhSgWBozobXY3KtdcoWApCKeolQRvPU73LrJZ4RIQDDY2lhaCrV/AwiKVhV0+ghYqCBamtF6Z2dnsZDcJCYmxuPeDTP77ZubNe2+H1ywIgji0/Pj+59vr6xu3LwE4igpKyv7LSNdwbf3Xt88uvtm88e7Dl/ef948972X9MQBRNPv5awA+nTGAF8flcxSN7q6AS5swV5TtDjguKH0XDFYSa5Tu9sBwX5kfS82kbh5RRt9jD5v+9qNd37PF4IjBFUMdSEMwAQy6DNsqVnEC0+JrtTtPGj4QxML3ElGIknNyU5OF8JyfmlY/Gd81jk2tBOJ93Xv1siueLWW3wYf1c8DhKF0Hw5bSGyjBsqy0JFr+p8zUv5HLf64kVydOrP8jz0n2y3dYWLbn1QiMvbiLiNO6hWOZMbOshekFPzno9fO7fnpB60HGj3hX/7fyxZlui2xcQK6GfZR9/+YCYSTHj05Vy5n+xEzgvNafTJjD+Vq497TWanfWd/caO96Ot++69av2Zdu+4tZkI4rHKf1vTfansua/MGFtkRVx0AjDwDkAwsAZPrvxqHXcrY/N33IPl/2Po3ou9iGuiky7NP4Mpn5c/gtVNSYGTxAEQRAEQRAEQRAEQRAEMRdnwZIvZiz5JjYG95Zc/TcAAP//Gulcrg==")
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80041, 0x0)
write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"})
r1 = syz_open_pts(r0, 0x80)
r2 = dup3(r1, r0, 0x80000)
read(r2, &(0x7f00000000c0)=""/226, 0xe2)
read$watch_queue(r2, &(0x7f0000001d40)=""/4095, 0xfff)
r3 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x207, &(0x7f00000005c0)={[{@errors_remount}]}, 0x1, 0x46b, &(0x7f0000000600)="$eJzs3M+PE1UcAPDvtF1Wfm5F/AGiomgk/thlF1QOXjQx8aCJiR7wuC4LQQprYE2EbNzFELyYKAl3Y+LFxL/AEyeinky84t2QEMMF9FQzdFq63XYpbWlZ+vkkw87bvvZ9vzPzOm/eMBvA0NqV/pNEbIqIKxExFhG5+grrK0ta7+b1hZl/ry/MJFEuf/hPkr4tblxfmKlWTbKfGyuFQvpBuXNJFJu0e+r0mWPTpdLsyaw8MX/8s4lTp8+8evT49JHZI7Mnpg4c2L9v8o3Xp17rSZ5pTDd2fDm3c/u7H194f+bghU9++7kSb7l88fLeZXn0xkhELNS2SaMXetvYwG2uW08KAwyEuzIaEYXsaL0SY5E/t6X22li889VAgwPuqXK5XJ5q/fJSGXiAJTHoCIDBqJ7o0+vf6tKnocd94dpblQugNO+b2VJ5pRBnszojDde3vbQrIg4u/fd9ukTDfAoAwL1wKR3/vNJk/FeMeKyu3pbs3lAxIh6OiK0R8UhEbIuIR6NS9/GIeOIu29/VUF45/sld7Syz9qTjvzeze1vLx3+1u2DFfFbafCv/keTw0dLs3myb7ImR0bQ82fTTk4il9Oef37Zqv378ly5p+9WxYBbH1cLo8vccmp6f7jrxzLWzETsKzfJPonA7i9geETs6bOPoSz/tXP6bfG3tzvmvogf3mco/RLxY2f9L0ZB/VbL6/cmJh6I0u3eielQ0uhS//3H+g1btd5V/D6T7f0PT47+WfzGpv1+bX/ER6+7Uxvm/vm55TdPp8b8u+WhZ419Mz8+fnIxYl7y38vd1E9zVcrV+mv+e3c37/9a4vSWejIj0IH4qIp6OiGey2J+NiOciYvcq+f/69vOfdp7/vZXmv3g3+7+Dlfyxy7+0ar+9/b+/WrgVVDvff+0G2M22AwAAgLUiFxGbIsmN19ZzufHxyv+X3xYbcqW5U/MvH577/MShyjMCxRjJVWe6xurmQyezueFqeSorL2blfdm88cX8+lvl8Zm50qFBJw9DbmOL/p/6e+VcL/Cg8bwWDC/9H4ZX5/3fNwesdXfoxbl+xQH0n7M4DK9m/X9xAHEA/ef8D8Or1v+/a6Ny3eNejQ9vAmuP8z8ML/0fhlI3z/XfFyvxY8TqdZLumhgdTF7fdPP2Qh8ijNz9cQD0cWUqHzHAMArt/lWLOF1e7LrRQX8zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Mb/AQAA///8/efZ")
r4 = signalfd4(r3, &(0x7f0000000080)={[0x2]}, 0x8, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000140), 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000100)=0x3c, 0x12)
ftruncate(r5, 0xa)
ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f00000000c0)={0x0, r6, 0xfffffffe, 0x0, 0x0, 0xffffffffffff8001})
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000100)={0x6, 0x4004, 0x7, 0x0, <r8=>0x0})
listxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0)
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r7, 0xc01064b3, &(0x7f0000000040)={r8})
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r4, 0xc01064b3, &(0x7f0000000100)={r8})

1m39.136574914s ago: executing program 32 (id=3001):
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1000801, &(0x7f0000000240)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES32, @ANYRES8, @ANYBLOB="c2e94ee0f66d0c86acff85da"], 0x2, 0x1ff, &(0x7f00000003c0)="$eJzsmTGLE0EUx/8zu0nOIIqNhSgWBozobXY3KtdcoWApCKeolQRvPU73LrJZ4RIQDDY2lhaCrV/AwiKVhV0+ghYqCBamtF6Z2dnsZDcJCYmxuPeDTP77ZubNe2+H1ywIgji0/Pj+59vr6xu3LwE4igpKyv7LSNdwbf3Xt88uvtm88e7Dl/ef948972X9MQBRNPv5awA+nTGAF8flcxSN7q6AS5swV5TtDjguKH0XDFYSa5Tu9sBwX5kfS82kbh5RRt9jD5v+9qNd37PF4IjBFUMdSEMwAQy6DNsqVnEC0+JrtTtPGj4QxML3ElGIknNyU5OF8JyfmlY/Gd81jk2tBOJ93Xv1siueLWW3wYf1c8DhKF0Hw5bSGyjBsqy0JFr+p8zUv5HLf64kVydOrP8jz0n2y3dYWLbn1QiMvbiLiNO6hWOZMbOshekFPzno9fO7fnpB60HGj3hX/7fyxZlui2xcQK6GfZR9/+YCYSTHj05Vy5n+xEzgvNafTJjD+Vq497TWanfWd/caO96Ot++69av2Zdu+4tZkI4rHKf1vTfansua/MGFtkRVx0AjDwDkAwsAZPrvxqHXcrY/N33IPl/2Po3ou9iGuiky7NP4Mpn5c/gtVNSYGTxAEQRAEQRAEQRAEQRAEMRdnwZIvZiz5JjYG95Zc/TcAAP//Gulcrg==")
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80041, 0x0)
write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"})
r1 = syz_open_pts(r0, 0x80)
r2 = dup3(r1, r0, 0x80000)
read(r2, &(0x7f00000000c0)=""/226, 0xe2)
read$watch_queue(r2, &(0x7f0000001d40)=""/4095, 0xfff)
r3 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x207, &(0x7f00000005c0)={[{@errors_remount}]}, 0x1, 0x46b, &(0x7f0000000600)="$eJzs3M+PE1UcAPDvtF1Wfm5F/AGiomgk/thlF1QOXjQx8aCJiR7wuC4LQQprYE2EbNzFELyYKAl3Y+LFxL/AEyeinky84t2QEMMF9FQzdFq63XYpbWlZ+vkkw87bvvZ9vzPzOm/eMBvA0NqV/pNEbIqIKxExFhG5+grrK0ta7+b1hZl/ry/MJFEuf/hPkr4tblxfmKlWTbKfGyuFQvpBuXNJFJu0e+r0mWPTpdLsyaw8MX/8s4lTp8+8evT49JHZI7Mnpg4c2L9v8o3Xp17rSZ5pTDd2fDm3c/u7H194f+bghU9++7kSb7l88fLeZXn0xkhELNS2SaMXetvYwG2uW08KAwyEuzIaEYXsaL0SY5E/t6X22li889VAgwPuqXK5XJ5q/fJSGXiAJTHoCIDBqJ7o0+vf6tKnocd94dpblQugNO+b2VJ5pRBnszojDde3vbQrIg4u/fd9ukTDfAoAwL1wKR3/vNJk/FeMeKyu3pbs3lAxIh6OiK0R8UhEbIuIR6NS9/GIeOIu29/VUF45/sld7Syz9qTjvzeze1vLx3+1u2DFfFbafCv/keTw0dLs3myb7ImR0bQ82fTTk4il9Oef37Zqv378ly5p+9WxYBbH1cLo8vccmp6f7jrxzLWzETsKzfJPonA7i9geETs6bOPoSz/tXP6bfG3tzvmvogf3mco/RLxY2f9L0ZB/VbL6/cmJh6I0u3eielQ0uhS//3H+g1btd5V/D6T7f0PT47+WfzGpv1+bX/ER6+7Uxvm/vm55TdPp8b8u+WhZ419Mz8+fnIxYl7y38vd1E9zVcrV+mv+e3c37/9a4vSWejIj0IH4qIp6OiGey2J+NiOciYvcq+f/69vOfdp7/vZXmv3g3+7+Dlfyxy7+0ar+9/b+/WrgVVDvff+0G2M22AwAAgLUiFxGbIsmN19ZzufHxyv+X3xYbcqW5U/MvH577/MShyjMCxRjJVWe6xurmQyezueFqeSorL2blfdm88cX8+lvl8Zm50qFBJw9DbmOL/p/6e+VcL/Cg8bwWDC/9H4ZX5/3fNwesdXfoxbl+xQH0n7M4DK9m/X9xAHEA/ef8D8Or1v+/a6Ny3eNejQ9vAmuP8z8ML/0fhlI3z/XfFyvxY8TqdZLumhgdTF7fdPP2Qh8ijNz9cQD0cWUqHzHAMArt/lWLOF1e7LrRQX8zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Mb/AQAA///8/efZ")
r4 = signalfd4(r3, &(0x7f0000000080)={[0x2]}, 0x8, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000140), 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000100)=0x3c, 0x12)
ftruncate(r5, 0xa)
ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f00000000c0)={0x0, r6, 0xfffffffe, 0x0, 0x0, 0xffffffffffff8001})
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000100)={0x6, 0x4004, 0x7, 0x0, <r8=>0x0})
listxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0)
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r7, 0xc01064b3, &(0x7f0000000040)={r8})
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r4, 0xc01064b3, &(0x7f0000000100)={r8})

6.685805999s ago: executing program 4 (id=3433):
syz_mount_image$ext4(&(0x7f0000000ac0)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x1a11344, &(0x7f0000000780)={[{@discard}, {@user_xattr}, {@dioread_nolock}, {}, {@nodiscard}, {@sysvgroups}, {@nojournal_checksum}, {@journal_async_commit}, {@test_dummy_encryption}, {@jqfmt_vfsv1}, {@max_batch_time}, {@acl}]}, 0x1, 0x47e, &(0x7f0000000b00)="$eJzs281vVFUbAPDn3s5QXuClFfEDRK2isfGjpQWVhRuNJi40MdEFLmspBBmsoTURQmQ0BpeGxD0xrvwXXLkyxpWJW90aQ0KUmIBsHHNn7oWZ6cxAy8BA5/dLhjln7jn33Idzz8y59/QGMLQmsn+SiC0R8WtEjDWyrQUmGm+XL56a/+fiqfkkarW3/0zq5S5dPDVfFC3qbc4zk2lE+nmSN9Jq6cTJo3OVysLxPD+9fOzD6aUTJ587cmzu8MLhhQ9m9+/ft3fmxRdmn+9LnNkxXdr5yeKuHa+/e/bN+QNn39vYsr05jn6ZyAL/q1bXvu3Jfjc2YP/WrsWZlAZ9NNyokYjIuqtcH/9jMRLXOm8sXvtsoAcH3FLZd/bv7R+Wr6aqNWAdS2JN1WJt1YA7R/FDn13/Fq/bOP0YuAsvNy6Asrgv56/GllKk+X9Q+Ra2PxERB6pXzmWvaLsPUetw3wAA4GZ9n81/nl05/0si4v6mckm+NjQeEfdExLaIuDcitkfEfXnZByLiwVW23740tHL+mZ5fY2g3JJv/vZSvbbXO/9KiyPhInvt/Pf5ycuhIZWFPRGyNiMkoj2b5mU47L3bx6i9fdmu/ef53oNo4jmIumO/kfGm0qcLpbxrvfZqUXvg0YmepU/xJfSUgiVot6/sdEbFzdbveWiSOPP3trm6FWuO/cm5l/D30YZ2p9nXEU43+r0Zb/IWk9/rk9MaoLOyZLs6KlX76+cxb3dq/qfj7IOv/Ta3nf1uJsb+T5vXapdW3cea3L7peU5auG3/b+R8RB+eW5zYk79TXrDfkn308t7x8fCZiQ/JGPd/y+ey1ukW+KJ/FP7m78/jfltfJ4n8oIrKT+OGIeCQiHs377rGIeDwidveI/8dXnni/27Y7of8Pdvz+u3r+j7f2/+oTI0d/+K5b+9ePP+v/ffXUZP5J1v+N1MaucXU/nKLOWs9mAAAAuPukEbElknTqajpNp6Yafy+/PTallcWl5WcOLX4U0XhGYDzKaXGna6zpfuhMUs332MjP5veKi+178/vGX438r56fml+sHBxs6DD0NncZ/5k/RgZ9dMAt53ktGF7t4z8d0HEAt5/ffxheax3/5glw9/P7D8Or0/g/3Za3FgDrk99/GF7GPwwv4x+GV8/x78If1qubea6/D4mt0WFTqcfT+xIDTowWiUhvsNZoRKde7pGo3hGR3sWJUh9G94C/mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPrkvwAAAP//IwrvWg==")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
pipe2(0x0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x407, 0xa0018ce0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x10)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000100)='asymmetric\x00', 0x0, &(0x7f0000000140)="1081", 0x5b, r4)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0xfeffffff, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newroute={0x3c, 0x18, 0x1ef, 0x0, 0x0, {}, [@RTA_MULTIPATH={0xc, 0x9, {0x8}}, @RTA_GATEWAY={0x14, 0x5, @loopback={0x0, 0x2}}]}, 0x3c}, 0x1, 0x11}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
r5 = socket(0x10, 0x3, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xa, 0x4, 0x7fe2, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0x2000000000000111, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000040000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080004afc54ee07b8af8ff00000000bfa200750a83973d213f94a5000000000007020000f8ffffffb703000008000000b704000000000000e7ab85000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="440000001000010400000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800040000000000050017"], 0x44}, 0x1, 0x0, 0x0, 0x20048001}, 0x4000)

5.68329192s ago: executing program 5 (id=3438):
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0})
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000000000", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

5.207942139s ago: executing program 2 (id=3442):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}], 0x1, 0x0)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x10, 0x34, 0x1}, 0x10}], 0x1}, 0x0)
r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000000000", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

4.716714478s ago: executing program 5 (id=3445):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}], 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000000000", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

4.69563901s ago: executing program 1 (id=3446):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000240)="aabbcc", 0x3}], 0x1}}], 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0)
r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000000000", @ANYBLOB="ebffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

4.476815997s ago: executing program 4 (id=3448):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x458, 0x5019, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0xfd, 0xfd}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x100c007, &(0x7f0000001a80)=ANY=[@ANYBLOB='gid=', @ANYRESDEC=0x0, @ANYBLOB="2c6c617374626c6f636b3d30303030303030303030303030303030303030372c73686f727461642c6164696e696362006e6f6164696e6963622c6c617374626c6f636b3d30303030303030303030303030303034373636352c66696c657365743d30303030303030303030303030303030303030332c646d6f64653d30303030303030303030303030303030303030303031302c7569643d666f726765742c646566636f6e746578743d757365725f756f6e746578743d726f6f742c736d61636b66737472616e736d7574653d0000002c736d61636b6673726f6f743d676964e5a25901000000592c07570251673152a7487263e6077c4cdd6aa6f3fcb89c49ee57c5aa34b48ac42e0e9e808ee17c2f8e2338ab57487f2bb733db658a182d4d47b72c002ef062dc394d3a3ee4ddd638e35c872544f69db83cf2f5efaff2419d514499796b8f9b00af99b8fcc09690002f8e6531"], 0xfd, 0xc2f, &(0x7f0000000280)="$eJzs3UFsHNd9B+D/G5IiaTcVEyeK3cbFui1SmbFcWVJMxSrcVU2zDSDLRCjmFoArcqUuTJEESTWykbZMLz30EKAoesiJQGsUSNHAqIugR7Z1geTiQ5FTT0QLG0HRA1sEyMlgMLNvpSVFWYxISpT1fTb12515b+bNm+EMJfDtCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAg4vdePX/yhfSgWwEA3E8XJ7528pTnPwA8Ui75+z8AAAAAAAAAAAAAABx2KYp4IlIsXNxIU9X7toELrbnrNyZHx3auNpiqmj1V+fJr4IVTp898+cWRs538+Pr77al4feLS+dor89cWFptLS82Z2uRca3p+ptj1Fnau37znFg2XHdAfEddnrlxZqp16/vSW1TeGPux//NjQuZFnTzzdLnujNjk6NjbRVaa37573fps7jfA4EkWciBTPff8nqRERVYftsS/ucu0ctMHqIIarg5gcHasOZLbVmFsuV453OqKIqHVVqnf66D6ciz2pR6yUzS8bPFwe3sRCY7FxebZZG28sLreWW/Nz46nd2vJ4alHE2RSxGhHr/bdvri+K6I0U3z26kS5HRE+nH75UDQy+czt2/511IMp21voiVouH4JwdYv1RxGuR4qfvHY/pss/yV3wx4rUyfxDxdpkvR6TywjgT8cEO1xEPp94o4i/K839uI81U94POfeXC12tfnbsy31W2c1/Z2/NhM1899/35MLgt749Dfm8aiCIa1R1/I937DzsAAAAAAAAAAAAAAAAA7LfBKOKpSPHqf/xRNa44qnHpR8+N/P7Qp7qH+D55l+2kiHg+IlaK3Y3JPZKHEI+n8ZQe8FjiR9lAFPHHefzftx90YwAAAAAAAAAAAAAAAAAAAB5pRfw4Urz0/vG0Gt1zirfmrtYuNS7PtmeF7cz925kzfXNzc7OW2lnPOZVzJedqzrWc6zmjyPVz1nNO5VzJuZpzLed6zujJ9XPWc07lXMm5mnMt53rO6M31c9ZzTuVcybmacy3nes44JHP3AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8khRRxEeR4jvf3EiRIqIeMRXtXOt/0K0DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEr9qYh3I0XtD+o3l/VGRKr+bzte/nEm6kfK/EzUR8p8Oernczaq7K1/+wG0n73pS0X8KFL0D7xz84R/qn3++9rvbl4G8fa3br37ld529nRWDn3Y//ixo+dGxn7tyTu9Tjs1YPhCa+76jdrk6NjYRNfi3rz3z3QtG8r7Lfbn0ImIpTffeqMxO9tcvPcX5SWwh+pe7PrFEf18by8289X+i1aP3kPQ+Af04gHfmLgvyuf/B5Hit9//z84Dv/Pz3y+13918wsfP/uTW8/+l7Rs6oOf/E13LXso/jfT1RgwsX1voOxYxsPTmWyda1xpXm1ebc2dOnvzKyMhXTp/sOxIxcKU12+x6teeuAgAAAAAAAAAAAAAAALi/UhG/GykaP9pItYi4UY3XGjo38uyJp3uipxpvtWXc1usTl87XXpm/trDYXFpqztQm51rT8zPN3e5uoBruNTk6diAHc1eDB9z+wYFX5hfeXGxd/cPlHdc/NnD+8tLyYmN659UxGEVEvXvJcNXgydGxqtGzrcZcVXV8x8F0v7i+VMR/RYrpM7X0TF6Wx/9tH+G/Zfz/yvYNHdD4v093LSv3mVIRP4sUv/WXT8YzVTsfi9v6LJf720gxfPYLuVwcKct12tD+XIH2yMCy7P9Fin/8aGvZznjIJ26VfWHXHfuQKM//0Ujx7p9/L349L+vd8vkPO5//x7ZvaJfnf/NPt9W7y/n/bNeyx7Z8XsH+HP+jrjz/JyLFy0+8E7+Rl/V+zOd/dD5743gufPPzOQ7o+/9zXcuG8n5/c38OHQAAAAAAAAAA4KHWl4r4u0jx9FhvejEv283v/81s39AB/f7X57uWzezPfEV3fbHnTgUAAACAQ6IvFfHjSHF1+Z2bY6i3jv/uGv/5O7fGf46mbWurf+f75epzA/bz3/+6DeX9Tu39sAEAAAAAAAAAAAAAAAAAAOBQSamIF/N86lN3mU99LVK8+j/P5XLpWFmuMw/8UPXnwMX5uRPnZ2fnpxvLjcuzzdrEQmO6Wdb9bKTY+Jsv5LpFNb/6M9v20ZmLfTFSjP19p2x7LvbO3OTt+cDbc7GXZT8dKf77H7aW7cxj/blbZU+VZf86Unzjn3cue+xW2dNl2e9Fih9+o9Yp+1hZtvP5qJ+/Vfb56fliX88HAAAAAAAAAAAAAAAAAAAAj6a+VMSfRYr/vbZ6cyx/nv+/r+tt5e1vdc33v82Nap7/oWr+/zu9vpf5/4dur/HRZlvE5tF7PGoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjcUhTxVqRYuLiR1vrL920DF1pz129Mjo7tXG0wVTV7qvLl18ALp06f+fKLI2c7+fH199tT8frEpfO1V+avLSw2l5aaM7XJudb0/Exz11vYa/3thqsOqF174/rMlStLtVPPn96y+sbQh/2PHxs6N/Lsiac7ZSdHx8Ymusr09t3z3m+T7rD8SBTxV5Hiue//JP1Lf0QRe++Lu1w7B22wOojh6iAmR8eqA5ltNeaWy5XjnY4oImpdleqdProP52JP6hErZfPLBg+Xhzex0FhsXJ5t1sYbi8ut5db83Hhqt7Y8nloUcTZFrEbEev/tm+uLIt6IFN89upH+tT+ip9MPX7o48bWTp+7cjuIAj3EXynbW+iJWi4fgnB1i/VHEP0WKn753PP6tP6I32l/xxYjXyvxBxNvRPt+pvDDORHyww3XEw6k3ivj/8vyf20jv9Zf3g8595cLXa19dfre7bOe+8tA/H+6nQ35vGogifljd8TfSv/u+BgAAAAAAAAAAAAAAADhEivjVSPHS+8dTNT64Myh6sTV3tXapcXm2PayvM/avs3pzc3OzltpZzzmVcyXnas61nOs5o8j1c9bLHNjcnMrvV3Ku5lzLuZ4zenL9nPWcUzlXcq7mXMu5njN6c/2c9ZxTOVdyruZcy7meMw7J2D0AAAAAAAAAAAAAAAAAAOCTpaj+S/Gdb26kzf72/NJT0c4184F+4v08AAD//4Yq++M=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async)
unshare(0x2c020400) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x25, &(0x7f0000000000)={0x1}) (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x7, &(0x7f0000000380)={0x0, 0x2, 0x2000008, 0xffffffffffffffff})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r3, 0x26, &(0x7f0000000140)={0x0, 0x0, 0x10, 0x1}) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[], 0x118) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)
fcntl$lock(r4, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x12, 0x10}) (async)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, &(0x7f0000000140)={0x40, 0x2, 0x2, {0x2, 0x23}}, 0x0, &(0x7f0000000240)={0x0, 0x22, 0x6, {[@main=@item_4={0x3, 0x0, 0xb, "8f55f60e"}, @local]}}, 0x0}, 0x0)

4.418904392s ago: executing program 0 (id=3449):
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

4.263930095s ago: executing program 1 (id=3450):
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)}, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000000000", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

4.217177129s ago: executing program 2 (id=3451):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000240)="aabbcc", 0x3}], 0x1}}], 0x2, 0x0)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0)
r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

4.191861611s ago: executing program 5 (id=3452):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}], 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_emit_ethernet(0x52, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000000000", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

3.936889961s ago: executing program 2 (id=3453):
syz_open_dev$sndpcmc(&(0x7f0000000140), 0x0, 0x2)
io_setup(0xea, &(0x7f00000000c0)=<r0=>0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='fd/3\x00')
r2 = fanotify_init(0x0, 0x2)
fanotify_mark(r2, 0x1, 0x8000039, r1, 0x0)
io_submit(r0, 0x1, &(0x7f0000000940)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x7, 0x8, r1, 0x0}])

3.862408888s ago: executing program 5 (id=3454):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f00000000c0)='./file4\x00', 0x0, &(0x7f0000000300)={[{@disable_ext_identify}, {@four_active_logs}, {@six_active_logs}, {@fault_injection={'fault_injection', 0x3d, 0xa0c8}}, {@fault_type={'fault_type', 0x3d, 0x6}}, {@noextent_cache}, {@inline_data}, {@fastboot}, {@fsync_mode_strict}, {@discard_unit_section}], [{@measure}]}, 0x21, 0x5548, &(0x7f00000058c0)="$eJzs3E1vG1UXAOBjp2nffrwlQizYdVCFlEi1Vacfgl2BVny2qgosWIFju5Zb2xPFrhu66oIlYsE/QSCxYslvYMGaHWIBYocE8txJoS2VKsWOSfM80vjMvXPnzL2jJNKZiRzAgbWS/f5rJU7G0YhYiogTEcV+pdwKl1J4MSJORUT1H1ul7H/QcTgijkXEyWnylLNSHvryzOT0hV/e+e27H44cOv7Vtz8ubtXAor0cEYPNtH93kGLeTfFW2d+c9Io4OD8pYzowuF228xTvdjaKDHebO+OaRTzXTePzzTujabzZb7amsdu7WfRvDtMFR5PuTp7ihFvNraLd7mwUsTfKi9i9l+a1fS/9bbs3Gqc87TLfp0X6GI93YurvbHfSejZvF7E1HJf9KW/e7mxP46SM5eWilffbxTw2dnOn/9Neeq83vLOdTTpbo14+zC7UG6/UGxdrja283Rl3zteag/bF89lqtz8dVht3moNL3Tzv9jv1Vj5Yy1a7rVat0chWL3c2es3h/Uajfq5+tnZhLUt7Z7I3r32Y9dvZ6jS+3hveGff6o+xmvpWlM9ay9fq5V9ey043s/avXs+s3rly5ev2Djy9/dO21q2+/UQ56bFrZ6vrZ9fVa42xtvbG2uxsw0/Vnc17/Z+WkZ7h+2JXKoicAsP+o/4FFmF/9v3Uj4vH6vzrj+j/U/zOxr+rfg17/z2H9sCvqfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA+un5a/fKnZWUvt42f//suv5sl2JiGpE/PkvluLwQzmXyjzLTxi//Mgcvq9EkWF6jSPldiwiLpXbH8/N+y4AAADAs+ub+6e+SNV6+lh5qrOOznlW7JH00KZ64pMZ5atExPLKzzPKVp1+vDCjZMXP96HYnlG24gHW/2aULD1yOzSrbE+l+HV/N4UHKylCJYXqo2fMbLUAAMDCLD0U9rYKAQAAYC99/sQjt/d0HuyxSuy8ytx5F1z85/3fL/uOprZXfwAAALB/VRY9AQAAAGDuivrf9/8BAADAsy19/x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBf7NxNbtpAGAbgz8Yu9E9FVfe9SndwjB6hyy4rDtBLcAR6hV6AM5BdjhBBhMdBISIJxGNQoueR7MGWeT3mZzEz0gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECfrurF9N+f73+75qw33eR5GgAAAOCQVb2YNi/G6fhje/5ze+pre1xERBkRh8bug3i3lzloc+pHrq8f9OF/RJOwvcew3T5ExI+0beJL358CAAAAvEnVdreczSdptJ5240v3is5O+A7TpE356WemWxcRUY+vM6WV27xvmcKa33cVvzOlNRNYo0xhacqtypV2lObvvpu1G91ritSUT78/27MDAABnNNhrzjsKAQAA4Jx+XboD9OH9s1cUcbeUuVsKHKZmtBdhsQ8AAABer+LSHQAAAAB614z/T6n/F8fU/6uy1/+LG/X/AAAA4MVS/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6tKoX0+VsPumas950k+dpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALhlf95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN787i//J6bGmWTutbH0PJKsnRpbp8beuXH0h/H1awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdL/8npsaZZO60sXQ8kqxdNbauGnsPGkcPxtu/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmf7Q8U1yh4iouBBL3a7ra29iQclePBPEEK6rbFbf7Q52FKEXLxJzr2IHkUEJd76D3jqTWihl3rrYQ8VRPCyMrMz2UkTcGPIzJp8PvDmfXcymfd9MxDynTcJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURu9M4yTbdCZxXOy79/jWStbff6LP3Nl4sJi1LI7qTPr/4aXqh6jbXCIAAAAcHUlZ34cQHqabS1kfd/L6Py2PyWr+b5+ZxGU9/2TdX/Zl7Z+1X35+9MLWQJ3JONlJL60OB6d3ptI6uFnOt2f/9YhWfuXzZy9JfkPi99efH6X59Yy+vnv33XYeHqsjWwDgvzhV9kVQ/j6U9f0mEwPgyGhVCu+i/v8r6TScFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEANRuvhqTKOQgiLrWmcuf/41spu/Z2NB4tlO3/79kb1nNkp0hDCpdXh4HSNc5l312/cvLI8HA6u1R+8HEJoavS3i+lf+XCGg0No5PocVPD3eDze03cdbz7nfQVxcbNnOLg9Lzk3HzT4QwkAgEMpLVpW1z9MN5eyfdFCCOPvttf/r1XiMGP9/+ij8/eqY1Xr/35tM5x/vbWrn/Wu37j5xurV5cuDy4NP3jzTf6t/9sK5cxd6+bOSnicmAAAA7E+7aNX6P17Yuf5/shKHGev/z7/pfzkd6bd8q/7fabro13QmAAAAR9tzr/z5R7TL/qjdDl8sr61d60+2W5/PTLYNpLpnx4pWrf+ThaazAgAAAOowWo+2rf9frMRhxvX/p79/8cfqOZMQwoli/f/UyqfDi/VNZ67V8efETc8RAACAZp0oWnX9P83f/4+3XnmIQwivvzqJi38DOFP9n7z31Q/VsZLK+/9n65viXIq7k+uR990QWt1tX/61scQAAAA4lI4XLSv2f083lz7+6eQHbe//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANTtnwAAAP//gQBD5A==")
r0 = open(&(0x7f00000002c0)='./file0\x00', 0x14937e, 0x0)
close_range(r0, r0, 0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x103042, 0x0)
socket$netlink(0x10, 0x3, 0x9)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x2, 0x4, 0x6})
ioctl$PPPIOCUNBRIDGECHAN(r1, 0x7434)

3.779464804s ago: executing program 2 (id=3455):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000240)="aabbcc", 0x3}], 0x1}}], 0x2, 0x0)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)}, 0x0)
r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000000000", @ANYBLOB="ebffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

3.468242389s ago: executing program 0 (id=3456):
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0})
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000000000", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

3.327049141s ago: executing program 1 (id=3457):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000040)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="080240005013c21f5248344a975cb18fda0c577a00"/32], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x46, &(0x7f0000000500)={@multicast, @empty, @val={@void, {0x8100, 0x7, 0x1, 0x1}}, {@ipv4={0x800, @igmp={{0xb, 0x4, 0x0, 0x1, 0x34, 0x65, 0x0, 0x8, 0x2, 0x0, @broadcast, @multicast1, {[@rr={0x7, 0x3, 0x3a}, @rr={0x7, 0x3, 0xab}, @ssrr={0x89, 0xf, 0x5d, [@multicast1, @loopback, @multicast1]}]}}, {0x8, 0x8, 0x0, @broadcast}}}}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
close(0xffffffffffffffff)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r1, 0x0) (fail_nth: 1)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
write(r2, &(0x7f00000002c0)="240000001a005f0214f9d4010400000004000000000000000009000000000400012a46cdd3", 0x25)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx2\x00'}, 0x58)
write(0xffffffffffffffff, &(0x7f0000000040)="cb", 0xfffffdef)

2.745800558s ago: executing program 2 (id=3458):
syz_mount_image$ext4(&(0x7f0000000ac0)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x1a11344, &(0x7f0000000780)={[{@discard}, {@user_xattr}, {@dioread_nolock}, {}, {@nodiscard}, {@sysvgroups}, {@nojournal_checksum}, {@journal_async_commit}, {@test_dummy_encryption}, {@jqfmt_vfsv1}, {@max_batch_time}, {@acl}]}, 0x1, 0x47e, &(0x7f0000000b00)="$eJzs281vVFUbAPDn3s5QXuClFfEDRK2isfGjpQWVhRuNJi40MdEFLmspBBmsoTURQmQ0BpeGxD0xrvwXXLkyxpWJW90aQ0KUmIBsHHNn7oWZ6cxAy8BA5/dLhjln7jn33Idzz8y59/QGMLQmsn+SiC0R8WtEjDWyrQUmGm+XL56a/+fiqfkkarW3/0zq5S5dPDVfFC3qbc4zk2lE+nmSN9Jq6cTJo3OVysLxPD+9fOzD6aUTJ587cmzu8MLhhQ9m9+/ft3fmxRdmn+9LnNkxXdr5yeKuHa+/e/bN+QNn39vYsr05jn6ZyAL/q1bXvu3Jfjc2YP/WrsWZlAZ9NNyokYjIuqtcH/9jMRLXOm8sXvtsoAcH3FLZd/bv7R+Wr6aqNWAdS2JN1WJt1YA7R/FDn13/Fq/bOP0YuAsvNy6Asrgv56/GllKk+X9Q+Ra2PxERB6pXzmWvaLsPUetw3wAA4GZ9n81/nl05/0si4v6mckm+NjQeEfdExLaIuDcitkfEfXnZByLiwVW23740tHL+mZ5fY2g3JJv/vZSvbbXO/9KiyPhInvt/Pf5ycuhIZWFPRGyNiMkoj2b5mU47L3bx6i9fdmu/ef53oNo4jmIumO/kfGm0qcLpbxrvfZqUXvg0YmepU/xJfSUgiVot6/sdEbFzdbveWiSOPP3trm6FWuO/cm5l/D30YZ2p9nXEU43+r0Zb/IWk9/rk9MaoLOyZLs6KlX76+cxb3dq/qfj7IOv/Ta3nf1uJsb+T5vXapdW3cea3L7peU5auG3/b+R8RB+eW5zYk79TXrDfkn308t7x8fCZiQ/JGPd/y+ey1ukW+KJ/FP7m78/jfltfJ4n8oIrKT+OGIeCQiHs377rGIeDwidveI/8dXnni/27Y7of8Pdvz+u3r+j7f2/+oTI0d/+K5b+9ePP+v/ffXUZP5J1v+N1MaucXU/nKLOWs9mAAAAuPukEbElknTqajpNp6Yafy+/PTallcWl5WcOLX4U0XhGYDzKaXGna6zpfuhMUs332MjP5veKi+178/vGX438r56fml+sHBxs6DD0NncZ/5k/RgZ9dMAt53ktGF7t4z8d0HEAt5/ffxheax3/5glw9/P7D8Or0/g/3Za3FgDrk99/GF7GPwwv4x+GV8/x78If1qubea6/D4mt0WFTqcfT+xIDTowWiUhvsNZoRKde7pGo3hGR3sWJUh9G94C/mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPrkvwAAAP//IwrvWg==")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
pipe2(0x0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x407, 0xa0018ce0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x10)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000100)='asymmetric\x00', 0x0, &(0x7f0000000140)="1081", 0x5b, r4)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0xfeffffff, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newroute={0x3c, 0x18, 0x1ef, 0x0, 0x0, {}, [@RTA_MULTIPATH={0xc, 0x9, {0x8}}, @RTA_GATEWAY={0x14, 0x5, @loopback={0x0, 0x2}}]}, 0x3c}, 0x1, 0x11}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
r5 = socket(0x10, 0x3, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xa, 0x4, 0x7fe2, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0x2000000000000111, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000040000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080004afc54ee07b8af8ff00000000bfa200750a83973d213f94a5000000000007020000f8ffffffb703000008000000b704000000000000e7ab85000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="440000001000010400"/18, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800040000000000050017"], 0x44}, 0x1, 0x0, 0x0, 0x20048001}, 0x4000)

2.47209537s ago: executing program 1 (id=3459):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000240)="aabbcc", 0x3}], 0x1}}], 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0)
r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

2.34342464s ago: executing program 0 (id=3460):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000240)="aabbcc", 0x3}], 0x1}}], 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0)
r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000000000", @ANYBLOB="ebffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

2.043488045s ago: executing program 5 (id=3461):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}], 0x1, 0x0)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x10, 0x34, 0x1}, 0x10}], 0x1}, 0x0)
r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000000000", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1.864138929s ago: executing program 1 (id=3462):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000000)='efivarfs\x00', 0x189, 0x0)
r2 = syz_open_procfs(r0, &(0x7f0000000200)='fdinfo\x00')
fchdir(r2)
r3 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50)
getdents(r3, &(0x7f0000001fc0)=""/184, 0xb8)

1.863831399s ago: executing program 4 (id=3463):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0)
r2 = syz_open_procfs(r0, &(0x7f0000000200)='fdinfo\x00')
fchdir(r2)
r3 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50)
getdents(r3, &(0x7f0000001fc0)=""/184, 0xb8) (fail_nth: 1)

1.770132127s ago: executing program 0 (id=3464):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000240)="aabb", 0x2}], 0x1}}], 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0)
r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000100005040000000000000000", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1.630166408s ago: executing program 4 (id=3465):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}], 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_emit_ethernet(0x52, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000000000", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1.536002296s ago: executing program 1 (id=3466):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x2, 0x2, 0x0, 0x2, 0xf, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0xfb}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote}}, @sadb_key={0x1, 0x8}]}, 0x78}, 0x1, 0x7}, 0x0) (fail_nth: 1)
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000a7a9464048e79876cc38"], 0x0)

1.099846961s ago: executing program 0 (id=3467):
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1.013774718s ago: executing program 4 (id=3468):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000000000", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1.001531259s ago: executing program 5 (id=3469):
r0 = syz_mount_image$ocfs2(&(0x7f00000026c0), &(0x7f0000004780)='./file0\x00', 0x200000, &(0x7f0000000340)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c636f686572656e63793d66756c6c2c6572726f72733d636f6e74696e75652c6865617274626561743d6e6f6e652c6572726f72733d636f6e74696e75652c6e6f696e74722c67727071756f74612c001796fa694353e3807803df5ea6fd4d6e6a2613d336eb62b863dcd89e37b45f8bd04199a14c48b3e553e035ab300ba3c60c27682a8ab5656969d829535c0862f6e3a35f15fe4d50c0d5c74631344625d6224c436474bb101ff47a14c51e342ca291c09c35d9d31b06b6b86cb9dccae387b5f1e7c5e1d445d52845a3fa4c77234ea9d37c8a277c85e69a85cc6ffeb225bebbca91b569b80ee303c9a21c58db5d96fb87f1713e0e9b896e37becae2e7a978259a0847e9fb08dcb8b9f84f616463da2507db1b3489769e99"], 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzZ1ezmybb/UibpOnHJBFctCybPlXrQ1yrNpo2H9pWU2Wd3Ww3q7M76+6MFgxSgyAKghIEFT+oCqUvtSAG+lKLUPADaRVKRdH6IlKogg8GbaArM3Nvdu6d2d7JTtLS9veDdvaee8+5Z/a/99w590wKseqphdXiwmqxtFSszN6/ekvxc5VybXEuFF4lr/X56c6VyEn2r50j7/vAR+65JYQ/HPvah9bW1tZC3XDo6EDLz+f/fXq29TVRyNSpt9u5taY/1h556edveaUj8pwIIexo61ddXwjhY78IYUsIYSQuG41fB0MI20IIUQjh0d/868cDvXShxdl7X3ju2JnD+85MPf7YMxfmj254YBTCd8u7b55ffHF/323Pv+MynR4AAF7RB48fufvo5IHwZBSGzvW3f17fGb8mn4/vfNun7nq4f33/Gt3pexVDBQAAgIz1+f9w9HKH9bpkZS1ZEnzigRN3PxWt7zexfX07dNeR298/eSBe/43a9t8aF/3zvX2NNdTsum92/XckU7/z+u/6eR7+6rO/XHrr5vuf9C8573CIChOp7UJhYiKEY1PN7V3R1kK5slp95/2V2tLJzZ/3jSKdf3b1fn1Bv9v8RzPV89b/d3/i8z8b7O/lHYyF7F9tfbvY/qdMB+n8Nx7Lf/KlqKv8xzL18vK/4+nt53+1pZd3kD0jlyKdf/NC3Nd6QLE5ANTz/2Z/fv47Mu3n5f/9qXOPntjE93/q48xwVO/rQGoEeDku3+ArTGSk828GkRo641/kRtf//zL5X5NpPy//Oyv/+N3ferj/bzT+j0/10uabRzr/ZhDF1BHr1/9IIf/6vzbTfl7+vz3152c/2dO9uj3/ev/H3f+7ks4/vhGnB8/Gb7Lb8X9npv28/HeN3ffQwib6/eHBuJ9DURhr+dbpufotbGh9vboxpanvXt7ESd4E0vk3f2upS2eo+dK4/ofzx/9dmfbz8n9oz9ffc7qn7/92Hv8njf9dSec/2Ci7lPxfyuS/O9N+Xv4/PP33v9x3mcf/+vZB+Xclnf/Wtv3rz38KXc3/rsvUz3v+s2/0qUf+2sP8P+lfct7k+U/yHGI8aj7/obN0/ldteFy39/89mXp51/+3/vP80/t7Gf+jAU8AepDOf1uzsMMEsNv8r8+0n5f/F+758sf/tIn5X+MT30CSf8v8f0uz/Kjxvyvp/Lc3C1P/GOrBxv8b9/+oPff/ZvK/IdN+Xv4XDk30f+Uy3//r/R/v8Cibdun8hzY8rp7/77u4/9+YqZeX/xf3/vTFm3v6/B/CpLn+pqXzv3rD4xrX/0B+/jdl6uXl/51v/PqJB3vo/9t7qEs2/+a9PnU5xZ/Nu53/FzPt5+X/o/HzZ/dfgfnfre7/XUnn31w1v5T8s/P/vZn28/L/3pEfrPRfgec/d8gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgU0bj1+EQFSZS24XCxEQIY/H2rrA1mimdnJ4pV2Y/sxrCjri8GEaj+XJlplSeXliqnJybLpXLldkQron37wgD0Wq5Up1eLC1fe7GtwejUXGmlOjNXqoYQdsbl14ftSVszC9XF0nLj2KTOVVHps7VKtTRRW51bCbsvlm9LyudXKrXl6y62dXWhsrJ8qrQ0fXJh5d2Tk5OTYc/FPo9Ecw9U55aqzd4299brJHWHo5Y309h9Q8v5Pl2prSyVyo3yG1vqlCuzpXJLnZtazlddqS3Nlqpz0+XKfHK+YkvdlvfW2L033jceRlLvL6mbdTB+vf3Q8Y8eP3ygbX8xSue9VFucm9ze+W8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDeuJ29717dDCH3NrUII4WDyQxT/l3L23heeO3bm8L4zU48/9syF+aOdjgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh535equjiOACfGd/7WiCltBFyGRgiojsJC/pFJJXXyJZtWge1SsigKDCMaFkQBEHtooKgVVD5F0QtXLaqNrVoYRBBxehMXu4IN7zQMed5YDgzzL1nvjBw78z5HA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD6cXbHYlfWXtq1eWnr7g+hMz/3fwhhNFne/7y3I/SEEL5+mTkdVmkLPU39v5mcGy9fNfm9t3/84fXRZO31F98trtsdknSo4XhnkqZDQ2vvf6O6M/hsejAJIY1dCFEsjD05UwshdMQuhCh+fpy/mP2+/xe7EKLo/3C3K7v/tdiFEMXW3Z/6avkzHtVzvn5hsPG/v9UjeBuP6KxDb09eeZe6qZX3Mn//T/LN+2A1zJ448v557CKIZnZu6mjsGgAAgL/rXIv8P2xZ3r9/OQk93eXc/1tT/t/b1P/q+f+Ke9tvjM20FUJsK41NZsfD+9rpc+M7NXD19uua8Z6qkv9Xm/y/2uT/1Sb/rzb5f7XJ/8m8kv9X0uObexZfxC6CaOT/AABQPYeOT0zVh0eyl/9NPzrLeX1f3tbzPP3BremBRw3jRvLDf9vhYxMHDg6P5Pe9PCC4sv5DunT2ez7fo7ktTDbNu2i1/kPv04X5a53lT9T/cP5GUV9xXes/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/2J17GgbBKAyj321F1EarogkLPwk+0MCIAKQwowEdTBiAgRBQwEDOWe5NnuUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnu9f5XXx/aUx0muNSFPZZdf+OZ5mP3PfDsv77HHjVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjYgQMZAAAAAGH+1nm0HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKcCAAD//wTsyzo=")
quotactl$Q_SETINFO(0xffffffff80000600, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000580)={0x1, 0x51, 0x0, 0x6})
mknodat(r0, &(0x7f0000000040)='./file0/file2\x00', 0x8000, 0x351f)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x1000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]})
linkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x0)
chroot(&(0x7f0000000000)='./file0/file2\x00')
setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)

520.701488ms ago: executing program 2 (id=3470):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{0x0}], 0x1}, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000000000", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

78.893994ms ago: executing program 0 (id=3471):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000240)="aabbcc", 0x3}], 0x1}}], 0x2, 0x0)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x10, 0x34, 0x1}, 0x10}], 0x1}, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

0s ago: executing program 4 (id=3472):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000240)="aabbcc", 0x3}], 0x1}}], 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00'}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x14, 0x34, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0)
r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

iscuous mode
[  906.375571][ T4399] Bluetooth: hci1: command 0x0409 tx timeout
[  906.391102][T16947] loop1: detected capacity change from 0 to 32768
[  906.418208][T16897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  906.444639][ T4392] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  906.466608][T16947] BTRFS: device fsid ed4422de-dbc1-4dc1-8d60-3583f36c24cc devid 1 transid 8 /dev/loop1 scanned by syz.1.3082 (16947)
[  906.501072][T16897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  906.554622][ T4727] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  906.558498][ T4175] udevd[4175]: incorrect btrfs checksum on /dev/loop1
[  906.586076][ T4727] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  906.614864][ T4727] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  906.645914][ T4727] usb 5-1: config 0 descriptor??
[  906.651265][ T4392] usb 6-1: device descriptor read/64, error -71
[  906.667111][T16897] team0: Port device team_slave_0 added
[  906.677683][T16947] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  906.695406][T16897] team0: Port device team_slave_1 added
[  906.716992][T16947] BTRFS error (device loop1): superblock checksum mismatch
[  906.744031][T16897] batman_adv: batadv0: Adding interface: batadv_slave_0
[  906.752817][T16897] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  906.782977][T16897] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  906.796098][T16947] BTRFS error (device loop1): open_ctree failed: -22
[  906.831771][T16897] batman_adv: batadv0: Adding interface: batadv_slave_1
[  906.840877][T16897] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  906.905363][T16897] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  906.964975][ T4392] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  907.013541][T16897] device hsr_slave_0 entered promiscuous mode
[  907.029713][T16897] device hsr_slave_1 entered promiscuous mode
[  907.049596][T16897] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  907.068488][T16897] Cannot create hsr debugfs directory
[  907.155812][ T4727] keytouch 0003:0926:3333.0003: fixing up Keytouch IEC report descriptor
[  907.160406][ T4392] usb 6-1: device descriptor read/64, error -71
[  907.173406][ T4727] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0003/input/input5
[  907.304767][ T4392] usb usb6-port1: attempt power cycle
[  907.365278][ T4727] keytouch 0003:0926:3333.0003: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0
[  907.724855][ T4392] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  907.845768][ T4263] usb 5-1: USB disconnect, device number 11
[  907.867468][T17005] loop1: detected capacity change from 0 to 16
[  907.874771][ T4392] usb 6-1: device descriptor read/8, error -71
[  907.932184][ T4466] device hsr_slave_0 left promiscuous mode
[  907.974916][ T4466] device hsr_slave_1 left promiscuous mode
[  907.990459][T17005] erofs: (device loop1): mounted with root inode @ nid 36.
[  908.000073][T16994] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  908.020235][ T4466] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  908.035268][ T4466] batman_adv: batadv0: Removing interface: batadv_slave_0
[  908.043251][T16994] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  908.054973][ T4466] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  908.073318][ T4466] batman_adv: batadv0: Removing interface: batadv_slave_1
[  908.100425][T17002] fido_id[17002]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  908.121018][ T4466] device bridge_slave_1 left promiscuous mode
[  908.162009][ T4466] bridge0: port 2(bridge_slave_1) entered disabled state
[  908.169869][ T4392] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  908.195301][ T4466] device bridge_slave_0 left promiscuous mode
[  908.209550][ T4466] bridge0: port 1(bridge_slave_0) entered disabled state
[  908.253887][ T4466] device veth1_macvtap left promiscuous mode
[  908.284049][ T4466] device veth0_macvtap left promiscuous mode
[  908.285510][ T4392] usb 6-1: device descriptor read/8, error -71
[  908.321668][ T4466] device veth1_vlan left promiscuous mode
[  908.349773][ T4466] device veth0_vlan left promiscuous mode
[  908.434879][ T4392] usb usb6-port1: unable to enumerate USB device
[  908.453322][T17016] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  908.464785][ T4392] Bluetooth: hci1: command 0x041b tx timeout
[  908.472148][T17016] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  908.721025][T17021] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  908.731391][T17021] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  909.155432][T17033] loop4: detected capacity change from 0 to 512
[  909.321043][T17033] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  909.485497][T17033] EXT4-fs (loop4): 1 truncate cleaned up
[  909.491360][T17033] EXT4-fs (loop4): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,jqfmt=vfsold,sysvgroups,jqfmt=vfsold,minixdf,quota,,errors=continue. Quota mode: writeback.
[  909.653751][T17039] loop5: detected capacity change from 0 to 8
[  909.696285][T17034] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  909.704462][T17034] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  909.725457][T17039] squashfs: Unknown parameter 'threads'
[  910.248545][ T4466] team0 (unregistering): Port device team_slave_1 removed
[  910.290056][ T4466] team0 (unregistering): Port device team_slave_0 removed
[  910.345022][ T4466] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  910.410182][ T4466] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  910.544927][ T4392] Bluetooth: hci1: command 0x040f tx timeout
[  910.639274][ T4466] bond0 (unregistering): Released all slaves
[  911.301304][T17066] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  911.341756][T17066] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  911.522543][T17073] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  911.584550][T17073] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  911.697255][T17078] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  911.718247][T17078] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  911.787347][T16897] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  911.866255][T16897] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  911.945318][T16897] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  911.999700][T16897] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  912.088004][T17099] loop2: detected capacity change from 0 to 512
[  912.158545][T17101] fuse: Bad value for 'user_id'
[  912.237535][T17099] EXT4-fs (loop2): orphan cleanup on readonly fs
[  912.249721][T17100] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  912.255007][T17099] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.3110: bg 0: block 131: padding at end of block bitmap is not set
[  912.257916][T17100] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  912.402320][T17099] EXT4-fs (loop2): Remounting filesystem read-only
[  912.437478][T17099] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  912.493590][T17099] EXT4-fs (loop2): Remounting filesystem read-only
[  912.512852][T17099] EXT4-fs (loop2): 1 truncate cleaned up
[  912.539878][T17099] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,grpquota,i_version,data_err=ignore,. Quota mode: writeback.
[  912.596010][T16897] 8021q: adding VLAN 0 to HW filter on device bond0
[  912.634417][ T4399] Bluetooth: hci1: command 0x0419 tx timeout
[  912.744678][T16897] 8021q: adding VLAN 0 to HW filter on device team0
[  912.785281][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  912.795138][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  912.857136][T17119] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  912.876206][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  912.888269][T17119] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  912.930843][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  912.989884][  T482] bridge0: port 1(bridge_slave_0) entered blocking state
[  912.997360][  T482] bridge0: port 1(bridge_slave_0) entered forwarding state
[  913.091641][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  913.141609][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  913.167350][T17128] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  913.181270][  T482] bridge0: port 2(bridge_slave_1) entered blocking state
[  913.188624][  T482] bridge0: port 2(bridge_slave_1) entered forwarding state
[  913.208029][T17128] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  913.222003][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  913.270256][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  913.310904][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  913.350378][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  913.425715][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  913.446766][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  913.482033][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  913.558836][T16897] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  913.621363][T16897] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  913.688820][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  913.713633][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  913.752829][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  913.783618][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  913.806156][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  913.896101][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  913.978799][T17151] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  914.010316][T17151] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  914.216385][T17157] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  914.237097][T17163] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  914.245491][T17157] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  914.273462][T17163] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  914.359159][T15449] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  914.388206][T15449] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  914.421034][T16897] 8021q: adding VLAN 0 to HW filter on device batadv0
[  914.520869][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  914.554148][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  914.644102][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  914.685309][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  914.762747][T16897] device veth0_vlan entered promiscuous mode
[  914.768783][T17182] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  914.780957][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  914.815058][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  914.841840][T17182] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  914.858693][T16897] device veth1_vlan entered promiscuous mode
[  914.978465][ T4991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  915.002644][ T4991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  915.054582][T16897] device veth0_macvtap entered promiscuous mode
[  915.097732][T16897] device veth1_macvtap entered promiscuous mode
[  915.135062][T17195] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  915.169669][T17195] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  915.199802][T16897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  915.232473][T16897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  915.262368][T16897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  915.292650][T16897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  915.313297][T16897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  915.351581][T16897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  915.394743][T16897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  915.412063][T16897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  915.455643][T16897] batman_adv: batadv0: Interface activated: batadv_slave_0
[  915.468213][T15449] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  915.477206][T15449] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  915.500677][T15449] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  915.541618][T15449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  915.593639][T16897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  915.640596][T17204] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  915.685696][T16897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  915.696320][T17204] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  915.714574][T16897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  915.795492][T16897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  915.843613][T16897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  915.899675][T16897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  915.949237][T16897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  916.063984][T16897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  916.144858][T16897] batman_adv: batadv0: Interface activated: batadv_slave_1
[  916.162989][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  916.187845][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  916.456289][T17202] loop5: detected capacity change from 0 to 32768
[  916.525519][T17202] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 scanned by syz.5.3130 (17202)
[  916.716886][T16897] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  916.755584][T17202] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[  916.788089][T17202] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  916.792262][T16897] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  916.844377][T17202] BTRFS info (device loop5): use zstd compression, level 3
[  916.852283][T17202] BTRFS info (device loop5): using free space tree
[  916.897195][T16897] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  916.926519][T17202] BTRFS info (device loop5): has skinny extents
[  916.959473][T16897] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  917.046333][T17235] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  917.074094][T17235] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  917.348481][  T482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  917.400011][  T482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  917.425636][T17247] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  917.434356][T17202] BTRFS info (device loop5): enabling ssd optimizations
[  917.469877][T17247] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  917.505769][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  917.532692][T15449] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  917.560716][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  917.614055][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  917.631947][T17259] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  917.658209][T17259] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  917.679273][   T26] audit: type=1800 audit(4246654890.800:114): pid=17202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3130" name="file1" dev="loop5" ino=260 res=0 errno=0
[  917.866726][T17276] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  917.951435][T17286] FAULT_INJECTION: forcing a failure.
[  917.951435][T17286] name failslab, interval 1, probability 0, space 0, times 0
[  918.063356][T17286] CPU: 0 PID: 17286 Comm: syz.4.3141 Not tainted 5.15.189-syzkaller #0
[  918.071663][T17286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  918.082289][T17286] Call Trace:
[  918.085633][T17286]  <TASK>
[  918.088584][T17286]  dump_stack_lvl+0x168/0x230
[  918.093284][T17286]  ? show_regs_print_info+0x20/0x20
[  918.098515][T17286]  ? load_image+0x3b0/0x3b0
[  918.103065][T17286]  ? __might_sleep+0xf0/0xf0
[  918.107847][T17286]  ? __lock_acquire+0x7c60/0x7c60
[  918.112929][T17286]  should_fail+0x38c/0x4c0
[  918.117398][T17286]  should_failslab+0x5/0x20
[  918.121937][T17286]  slab_pre_alloc_hook+0x51/0xc0
[  918.127172][T17286]  kmem_cache_alloc_bulk+0x39/0x3c0
[  918.132459][T17286]  io_submit_sqes+0x589c/0x9c60
[  918.137344][T17286]  ? rcu_lock_release+0x20/0x20
[  918.142262][T17286]  ? io_uring_del_tctx_node+0x2c0/0x2c0
[  918.147844][T17286]  __se_sys_io_uring_enter+0x26d/0x1d30
[  918.153690][T17286]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[  918.159269][T17286]  ? __context_tracking_exit+0x4c/0x80
[  918.164738][T17286]  ? __lock_acquire+0x7c60/0x7c60
[  918.169943][T17286]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  918.175917][T17286]  ? lock_chain_count+0x20/0x20
[  918.180861][T17286]  ? vtime_user_exit+0x2dc/0x400
[  918.185819][T17286]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[  918.191652][T17286]  do_syscall_64+0x4c/0xa0
[  918.196386][T17286]  ? clear_bhb_loop+0x30/0x80
[  918.201088][T17286]  ? clear_bhb_loop+0x30/0x80
[  918.205771][T17286]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  918.211689][T17286] RIP: 0033:0x7f0c25e629a9
[  918.216219][T17286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  918.236214][T17286] RSP: 002b:00007f0c23cca038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  918.244830][T17286] RAX: ffffffffffffffda RBX: 00007f0c26089fa0 RCX: 00007f0c25e629a9
[  918.252950][T17286] RDX: 0000000000000483 RSI: 000000000000351e RDI: 0000000000000003
[  918.261019][T17286] RBP: 00007f0c23cca090 R08: 0000000000000000 R09: 0000000000000000
[  918.269312][T17286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  918.277265][T17286] R13: 0000000000000000 R14: 00007f0c26089fa0 R15: 00007ffca6642318
[  918.285248][T17286]  </TASK>
[  918.356334][T17276] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  918.370384][T17278] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  918.927571][    T9] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  919.572168][    T9] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  919.661484][T17326] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3150'.
[  919.749282][    T9] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  919.898120][    T9] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  920.111431][T17296] chnl_net:caif_netlink_parms(): no params data found
[  920.135278][T17349] kvm_mmu_after_set_cpuid: 1 callbacks suppressed
[  920.135295][T17349] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  920.168080][T17350] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  920.177716][T17349] kvm_mmu_after_set_cpuid: 1 callbacks suppressed
[  920.177737][T17349] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  920.205086][T17350] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  920.274902][T17348] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  920.313402][T17348] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  920.337254][    T9] tipc: Left network mode
[  920.637192][T17296] bridge0: port 1(bridge_slave_0) entered blocking state
[  920.656773][T17296] bridge0: port 1(bridge_slave_0) entered disabled state
[  920.700701][   T21] Bluetooth: hci3: command 0x0409 tx timeout
[  920.767477][T17296] device bridge_slave_0 entered promiscuous mode
[  920.782894][T17296] bridge0: port 2(bridge_slave_1) entered blocking state
[  920.790538][T17296] bridge0: port 2(bridge_slave_1) entered disabled state
[  920.797117][ T4399] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  920.798985][T17296] device bridge_slave_1 entered promiscuous mode
[  921.419734][T17390] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  921.441199][T17390] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready
[  921.636318][T17390] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready
[  921.685347][T17390] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready
[  921.735202][T17390] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready
[  921.758187][T17390] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready
[  921.794807][ T4399] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  921.808754][T17390] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready
[  921.838967][ T4399] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  921.910714][ T4399] usb 1-1: config 0 descriptor??
[  921.934201][T17296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  921.976447][ T4399] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  922.009855][T17296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  922.071111][T17400] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  922.094543][T17400] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  922.101736][T17403] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  922.135750][T17296] team0: Port device team_slave_0 added
[  922.146702][T17403] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  922.157745][T17296] team0: Port device team_slave_1 added
[  922.207569][T17372] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3154'.
[  922.242681][T17296] batman_adv: batadv0: Adding interface: batadv_slave_0
[  922.272741][T17296] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  922.300742][T17412] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  922.333908][T17412] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  922.370822][T17296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  922.412691][T17296] batman_adv: batadv0: Adding interface: batadv_slave_1
[  922.470754][T17296] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  922.504767][T17296] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  923.024838][ T4399] gp8psk: usb out operation failed.
[  923.032418][ T4399] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  923.043358][ T4399] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  923.057141][ T4399] usb 1-1: USB disconnect, device number 8
[  923.089254][T17296] device hsr_slave_0 entered promiscuous mode
[  923.131731][T17296] device hsr_slave_1 entered promiscuous mode
[  923.173676][T17296] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  923.219402][T17296] Cannot create hsr debugfs directory
[  923.415339][T10568] Bluetooth: hci3: command 0x041b tx timeout
[  923.454166][T17445] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  923.483300][T17449] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  923.492443][T17445] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  923.510719][T17449] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  923.662554][    T9] device hsr_slave_0 left promiscuous mode
[  923.695246][    T9] device hsr_slave_1 left promiscuous mode
[  923.714205][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  923.757523][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[  923.824569][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  923.847220][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[  923.908926][    T9] device bridge_slave_1 left promiscuous mode
[  923.938653][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  923.938839][T17465] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  923.965114][T17469] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  923.984782][T17469] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  923.995089][    T9] device bridge_slave_0 left promiscuous mode
[  923.997543][T17470] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  924.001807][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  924.078428][    T9] device veth1_macvtap left promiscuous mode
[  924.101071][    T9] device veth0_macvtap left promiscuous mode
[  924.132259][    T9] device veth1_vlan left promiscuous mode
[  924.184482][    T9] device veth0_vlan left promiscuous mode
[  924.201116][T17479] loop2: detected capacity change from 0 to 16
[  924.305222][T17479] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  924.948744][T17500] loop5: detected capacity change from 0 to 16
[  925.028348][T17500] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  925.213073][T17504] kvm_mmu_after_set_cpuid: 3 callbacks suppressed
[  925.213090][T17504] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  925.229810][T17504] kvm_mmu_after_set_cpuid: 3 callbacks suppressed
[  925.229828][T17504] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  925.452831][T17507] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  925.504756][ T4392] Bluetooth: hci3: command 0x040f tx timeout
[  925.508445][T17507] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  925.646843][T17514] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  925.682553][T17514] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  925.697379][    T9] team0 (unregistering): Port device team_slave_1 removed
[  925.779877][    T9] team0 (unregistering): Port device team_slave_0 removed
[  925.829464][T17524] loop5: detected capacity change from 0 to 16
[  925.849721][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  925.878877][T17524] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  925.919562][T17528] FAULT_INJECTION: forcing a failure.
[  925.919562][T17528] name failslab, interval 1, probability 0, space 0, times 0
[  925.951518][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  925.963512][T17519] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  925.976753][T17528] CPU: 1 PID: 17528 Comm: syz.2.3190 Not tainted 5.15.189-syzkaller #0
[  925.976974][ T4175] udevd[4175]: incorrect cramfs checksum on /dev/loop5
[  925.985040][T17528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  925.985086][T17528] Call Trace:
[  925.985093][T17528]  <TASK>
[  925.985100][T17528]  dump_stack_lvl+0x168/0x230
[  925.985128][T17528]  ? show_regs_print_info+0x20/0x20
[  925.985143][T17528]  ? load_image+0x3b0/0x3b0
[  925.985161][T17528]  ? __might_sleep+0xf0/0xf0
[  925.985176][T17528]  ? __lock_acquire+0x7c60/0x7c60
[  925.985206][T17528]  should_fail+0x38c/0x4c0
[  925.985227][T17528]  should_failslab+0x5/0x20
[  925.985242][T17528]  slab_pre_alloc_hook+0x51/0xc0
[  926.046794][T17528]  kmem_cache_alloc_bulk+0x39/0x3c0
[  926.048013][ T4175] udevd[4175]: incorrect cramfs checksum on /dev/loop5
[  926.052020][T17528]  io_submit_sqes+0x589c/0x9c60
[  926.052051][T17528]  ? rcu_lock_release+0x20/0x20
[  926.068785][T17528]  ? io_uring_del_tctx_node+0x2c0/0x2c0
[  926.074380][T17528]  __se_sys_io_uring_enter+0x26d/0x1d30
[  926.080225][T17528]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[  926.085790][T17528]  ? __context_tracking_exit+0x4c/0x80
[  926.091297][T17528]  ? __lock_acquire+0x7c60/0x7c60
[  926.096976][T17528]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  926.102989][T17528]  ? lock_chain_count+0x20/0x20
[  926.107872][T17528]  ? vtime_user_exit+0x2dc/0x400
[  926.112846][T17528]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[  926.118430][T17528]  do_syscall_64+0x4c/0xa0
[  926.122957][T17528]  ? clear_bhb_loop+0x30/0x80
[  926.127652][T17528]  ? clear_bhb_loop+0x30/0x80
[  926.132352][T17528]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  926.138277][T17528] RIP: 0033:0x7efd149a39a9
[  926.142990][T17528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  926.163207][T17528] RSP: 002b:00007efd1280b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  926.171908][T17528] RAX: ffffffffffffffda RBX: 00007efd14bcafa0 RCX: 00007efd149a39a9
[  926.180370][T17528] RDX: 0000000000000000 RSI: 00000000000047ba RDI: 0000000000000003
[  926.188583][T17528] RBP: 00007efd1280b090 R08: 0000000000000000 R09: 0000000000000000
[  926.196584][T17528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  926.204922][T17528] R13: 0000000000000000 R14: 00007efd14bcafa0 R15: 00007ffea2eedd58
[  926.213031][T17528]  </TASK>
[  926.234842][T17519] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  926.554072][    T9] bond0 (unregistering): Released all slaves
[  927.051620][T17541] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  927.115684][T17541] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  927.162926][T17555] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  927.185027][T17555] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  927.455557][T17296] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  927.595381][T17296] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  927.610073][ T4339] Bluetooth: hci3: command 0x0419 tx timeout
[  928.035782][T17296] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  928.317681][T17296] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  928.672692][T17296] 8021q: adding VLAN 0 to HW filter on device bond0
[  928.689547][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  928.715411][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  928.781905][T17296] 8021q: adding VLAN 0 to HW filter on device team0
[  928.842898][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  928.875122][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  928.884894][T17607] FAULT_INJECTION: forcing a failure.
[  928.884894][T17607] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  928.955235][  T145] bridge0: port 1(bridge_slave_0) entered blocking state
[  928.962419][  T145] bridge0: port 1(bridge_slave_0) entered forwarding state
[  929.032322][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  929.051988][T17607] CPU: 1 PID: 17607 Comm: syz.2.3203 Not tainted 5.15.189-syzkaller #0
[  929.060480][T17607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  929.070736][T17607] Call Trace:
[  929.074242][T17607]  <TASK>
[  929.077192][T17607]  dump_stack_lvl+0x168/0x230
[  929.081980][T17607]  ? show_regs_print_info+0x20/0x20
[  929.087203][T17607]  ? load_image+0x3b0/0x3b0
[  929.091831][T17607]  ? __lock_acquire+0x7c60/0x7c60
[  929.096884][T17607]  ? vfs_write+0x84d/0xd00
[  929.101326][T17607]  should_fail+0x38c/0x4c0
[  929.106148][T17607]  _copy_from_user+0x2e/0x170
[  929.110891][T17607]  __sys_bpf+0x21b/0x670
[  929.115202][T17607]  ? bpf_link_show_fdinfo+0x340/0x340
[  929.120990][T17607]  ? vtime_user_exit+0x2dc/0x400
[  929.125963][T17607]  __x64_sys_bpf+0x78/0x90
[  929.129076][T17611] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  929.130501][T17607]  do_syscall_64+0x4c/0xa0
[  929.130530][T17607]  ? clear_bhb_loop+0x30/0x80
[  929.130547][T17607]  ? clear_bhb_loop+0x30/0x80
[  929.152432][T17607]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  929.158369][T17607] RIP: 0033:0x7efd149a39a9
[  929.161183][T17611] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  929.162876][T17607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  929.162896][T17607] RSP: 002b:00007efd127ea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  929.162916][T17607] RAX: ffffffffffffffda RBX: 00007efd14bcb080 RCX: 00007efd149a39a9
[  929.189932][T17296] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  929.191724][T17607] RDX: 0000000000000020 RSI: 0000200000001600 RDI: 0000000000000004
[  929.191739][T17607] RBP: 00007efd127ea090 R08: 0000000000000000 R09: 0000000000000000
[  929.191748][T17607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  929.191758][T17607] R13: 0000000000000001 R14: 00007efd14bcb080 R15: 00007ffea2eedd58
[  929.191779][T17607]  </TASK>
[  929.270501][T17296] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  929.289705][ T4555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  929.325304][ T4555] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  929.334029][ T4555] bridge0: port 2(bridge_slave_1) entered blocking state
[  929.341202][ T4555] bridge0: port 2(bridge_slave_1) entered forwarding state
[  929.428837][ T4555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  929.445725][ T4555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  929.497377][ T4555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  929.531748][T17614] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  929.544729][T17614] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  929.549281][ T4555] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  929.620196][ T4555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  929.666768][ T4555] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  929.689162][T17625] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  929.698659][ T4555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  929.720060][ T4555] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  929.731678][T17625] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  929.745506][ T4555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  929.799330][ T4555] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  929.979728][T17634] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[  929.987119][T17634] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  929.996923][T17634] vhci_hcd vhci_hcd.0: Device attached
[  930.037722][T17616] FAULT_INJECTION: forcing a failure.
[  930.037722][T17616] name failslab, interval 1, probability 0, space 0, times 0
[  930.079092][ T4555] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  930.176020][ T4555] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  930.215081][T17616] CPU: 1 PID: 17616 Comm: syz.5.3206 Not tainted 5.15.189-syzkaller #0
[  930.223379][T17616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  930.233441][T17616] Call Trace:
[  930.236728][T17616]  <TASK>
[  930.239653][T17616]  dump_stack_lvl+0x168/0x230
[  930.244346][T17616]  ? show_regs_print_info+0x20/0x20
[  930.249652][T17616]  ? load_image+0x3b0/0x3b0
[  930.254851][T17616]  ? __might_sleep+0xf0/0xf0
[  930.259563][T17616]  ? __lock_acquire+0x7c60/0x7c60
[  930.264768][T17616]  should_fail+0x38c/0x4c0
[  930.269190][T17616]  should_failslab+0x5/0x20
[  930.273692][T17616]  slab_pre_alloc_hook+0x51/0xc0
[  930.278829][T17616]  ? taskstats_exit+0x151/0xab0
[  930.283801][T17616]  kmem_cache_alloc+0x3d/0x290
[  930.288701][T17616]  taskstats_exit+0x151/0xab0
[  930.293716][T17616]  ? mm_trace_rss_stat+0x81/0x1c0
[  930.298769][T17616]  ? sync_mm_rss+0x211/0x350
[  930.303360][T17616]  do_exit+0x594/0x20a0
[  930.307528][T17616]  ? put_task_struct+0x80/0x80
[  930.312313][T17616]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  930.318318][T17616]  ? lock_chain_count+0x20/0x20
[  930.323194][T17616]  ? _raw_spin_lock_irq+0xab/0xe0
[  930.328251][T17616]  do_group_exit+0x12e/0x300
[  930.332124][T17630] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  930.332911][T17616]  ? lockdep_hardirqs_on+0x94/0x140
[  930.332941][T17616]  get_signal+0x6ca/0x12c0
[  930.342350][T17630] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  930.346467][T17616]  arch_do_signal_or_restart+0xc1/0x1300
[  930.346499][T17616]  ? fput_many+0x15c/0x1a0
[  930.346516][T17616]  ? __sys_sendto+0x493/0x580
[  930.346533][T17616]  ? __ia32_sys_getpeername+0x80/0x80
[  930.346552][T17616]  ? get_sigframe_size+0x10/0x10
[  930.346593][T17616]  ? exit_to_user_mode_loop+0x3b/0x130
[  930.346613][T17616]  exit_to_user_mode_loop+0x9e/0x130
[  930.346629][T17616]  exit_to_user_mode_prepare+0xb1/0x140
[  930.346645][T17616]  syscall_exit_to_user_mode+0x16/0x40
[  930.346661][T17616]  do_syscall_64+0x58/0xa0
[  930.346681][T17616]  ? clear_bhb_loop+0x30/0x80
[  930.346696][T17616]  ? clear_bhb_loop+0x30/0x80
[  930.346709][T17616]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  930.376226][T17635] vhci_hcd: connection closed
[  930.379750][T17616] RIP: 0033:0x7fbc8765b9a9
[  930.379781][T17616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  930.379793][T17616] RSP: 002b:00007fbc854c3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  930.379811][T17616] RAX: fffffffffffffe00 RBX: 00007fbc87882fa0 RCX: 00007fbc8765b9a9
[  930.379822][T17616] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003
[  930.379832][T17616] RBP: 00007fbc854c3090 R08: 0000000000000000 R09: 0000000000000052
[  930.379843][T17616] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  930.379852][T17616] R13: 0000000000000000 R14: 00007fbc87882fa0 R15: 00007fffb9c9e0c8
[  930.379873][T17616]  </TASK>
[  930.509906][  T482] vhci_hcd: stop threads
[  930.510179][ T4392] usb 33-1: new high-speed USB device number 2 using vhci_hcd
[  930.516530][  T482] vhci_hcd: release socket
[  930.554395][  T482] vhci_hcd: disconnect device
[  930.818631][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  930.845425][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  930.889575][T17296] 8021q: adding VLAN 0 to HW filter on device batadv0
[  930.918525][T17642] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  930.929738][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  930.930127][T17650] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  930.945529][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  930.986535][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  930.994474][T17642] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  931.005094][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  931.014571][T17650] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  931.037344][T17296] device veth0_vlan entered promiscuous mode
[  931.050137][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  931.068265][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  931.121667][T17296] device veth1_vlan entered promiscuous mode
[  931.194509][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  931.209912][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  931.272343][T17296] device veth0_macvtap entered promiscuous mode
[  931.326799][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  931.342317][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  931.385352][T17296] device veth1_macvtap entered promiscuous mode
[  931.405195][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  931.420424][  T482] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  931.479154][T17296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  931.554431][T17296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  931.836764][T17296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  931.859948][T17675] loop4: detected capacity change from 0 to 4096
[  931.946832][T17296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  931.957389][T17675] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512)
[  931.999715][T17296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  932.010537][T17296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  932.021512][T17296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  932.033267][T17296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  932.045797][T17296] batman_adv: batadv0: Interface activated: batadv_slave_0
[  932.062487][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  932.117795][T17684] FAULT_INJECTION: forcing a failure.
[  932.117795][T17684] name failslab, interval 1, probability 0, space 0, times 0
[  932.142015][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  932.169793][T17684] CPU: 1 PID: 17684 Comm: syz.2.3217 Not tainted 5.15.189-syzkaller #0
[  932.178097][T17684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  932.188465][T17684] Call Trace:
[  932.191843][T17684]  <TASK>
[  932.194774][T17684]  dump_stack_lvl+0x168/0x230
[  932.199557][T17684]  ? show_regs_print_info+0x20/0x20
[  932.204862][T17684]  ? load_image+0x3b0/0x3b0
[  932.209391][T17684]  ? __might_sleep+0xf0/0xf0
[  932.214499][T17684]  ? __lock_acquire+0x7c60/0x7c60
[  932.219952][T17684]  should_fail+0x38c/0x4c0
[  932.224588][T17684]  should_failslab+0x5/0x20
[  932.229554][T17684]  slab_pre_alloc_hook+0x51/0xc0
[  932.234678][T17684]  kmem_cache_alloc_bulk+0x39/0x3c0
[  932.239986][T17684]  io_submit_sqes+0x589c/0x9c60
[  932.246025][T17684]  ? rcu_lock_release+0x20/0x20
[  932.251030][T17684]  ? io_uring_del_tctx_node+0x2c0/0x2c0
[  932.256704][T17684]  __se_sys_io_uring_enter+0x26d/0x1d30
[  932.262344][T17684]  ? __x64_sys_io_uring_enter+0xf0/0xf0
[  932.267963][T17684]  ? __context_tracking_exit+0x4c/0x80
[  932.273413][T17684]  ? __lock_acquire+0x7c60/0x7c60
[  932.278434][T17684]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  932.284405][T17684]  ? lock_chain_count+0x20/0x20
[  932.289246][T17684]  ? vtime_user_exit+0x2dc/0x400
[  932.294268][T17684]  ? __x64_sys_io_uring_enter+0x1d/0xf0
[  932.299809][T17684]  do_syscall_64+0x4c/0xa0
[  932.304220][T17684]  ? clear_bhb_loop+0x30/0x80
[  932.308883][T17684]  ? clear_bhb_loop+0x30/0x80
[  932.313557][T17684]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  932.319456][T17684] RIP: 0033:0x7efd149a39a9
[  932.323880][T17684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  932.344283][T17684] RSP: 002b:00007efd1280b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  932.353065][T17684] RAX: ffffffffffffffda RBX: 00007efd14bcafa0 RCX: 00007efd149a39a9
[  932.361068][T17684] RDX: 0000000000000000 RSI: 00000000100847c0 RDI: 0000000000000007
[  932.369057][T17684] RBP: 00007efd1280b090 R08: 0000000000000000 R09: 0000000000000000
[  932.377115][T17684] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  932.385098][T17684] R13: 0000000000000000 R14: 00007efd14bcafa0 R15: 00007ffea2eedd58
[  932.393357][T17684]  </TASK>
[  932.444667][T17675] netlink: 'syz.4.3215': attribute type 1 has an invalid length.
[  932.483576][T17296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  932.496198][T17296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  932.523947][T17296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  932.569112][T17296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  932.622774][T17296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  932.673514][T17296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  932.732149][T17296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  932.744915][T17296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  932.768341][T17296] batman_adv: batadv0: Interface activated: batadv_slave_1
[  932.800190][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  932.830423][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  932.901272][T17296] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  932.943362][T17296] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  932.990442][T17296] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  933.004587][T17692] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  933.017187][T17296] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  933.032917][T17692] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  933.089319][T17687] loop5: detected capacity change from 0 to 32768
[  933.146997][T17687] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.3218 (17687)
[  933.286245][T17687] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  933.334524][T17687] BTRFS info (device loop5): force clearing of disk cache
[  933.364551][ T4555] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  933.391517][ T4555] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  933.404401][T17687] BTRFS info (device loop5): setting nodatacow, compression disabled
[  933.432456][T17687] BTRFS info (device loop5): doing ref verification
[  933.468897][T17687] BTRFS info (device loop5): enabling auto defrag
[  933.485820][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  933.505035][T17707] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  933.514504][T17687] BTRFS info (device loop5): max_inline at 0
[  933.538354][T17687] BTRFS info (device loop5): using free space tree
[  933.541073][  T145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  933.554478][T17707] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  933.563957][T17706] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  933.571346][T17687] BTRFS info (device loop5): has skinny extents
[  933.610711][  T145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  933.671062][T17706] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  933.719870][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  933.949238][T17687] BTRFS info (device loop5): enabling ssd optimizations
[  933.973514][T17727] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  934.005496][T17729] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  934.026909][T17727] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  934.061417][T17729] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  934.068567][T17687] BTRFS info (device loop5): clearing free space tree
[  934.095085][T17687] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  934.114737][T17687] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  934.194408][T17749] loop1: detected capacity change from 0 to 512
[  934.367103][T17749] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  934.568272][T17749] EXT4-fs (loop1): 1 truncate cleaned up
[  934.574376][T17749] EXT4-fs (loop1): mounted filesystem without journal. Opts: init_itable=0x0000000000000020,jqfmt=vfsold,sysvgroups,jqfmt=vfsold,minixdf,quota,,errors=continue. Quota mode: writeback.
[  934.744076][T17753] loop0: detected capacity change from 0 to 8
[  934.997578][T17687] BTRFS info (device loop5): creating free space tree
[  935.042855][T17687] BTRFS info (device loop5): setting compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  935.237726][T17687] BTRFS info (device loop5): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  935.873139][T17777] overlayfs: failed to resolve './bus': -2
[  935.966866][ T4392] vhci_hcd: vhci_device speed not set
[  936.047151][ T4399] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  936.317266][T17783] chnl_net:caif_netlink_parms(): no params data found
[  936.521338][T17805] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  936.564578][ T4399] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  936.603588][ T4399] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  936.658251][ T4399] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 170, setting to 64
[  936.732917][ T4399] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  936.844799][ T4399] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 1.40
[  936.859729][ T4399] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  936.887355][ T4399] usb 3-1: SerialNumber: syz
[  936.916579][T17772] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  936.923691][T17772] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  936.972756][T17811] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  936.972756][T17807] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  936.993357][ T4399] cdc_acm 3-1:1.0: Control and data interfaces are not separated!
[  937.018607][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  937.026019][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  937.034204][T17811] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  937.086845][T17783] bridge0: port 1(bridge_slave_0) entered blocking state
[  937.124492][T17783] bridge0: port 1(bridge_slave_0) entered disabled state
[  937.140332][T17783] device bridge_slave_0 entered promiscuous mode
[  937.158704][T17783] bridge0: port 2(bridge_slave_1) entered blocking state
[  937.177188][T17783] bridge0: port 2(bridge_slave_1) entered disabled state
[  937.195557][T17783] device bridge_slave_1 entered promiscuous mode
[  937.202735][T17817] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  937.223219][    T9] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  937.241741][T17817] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  937.250876][T17772] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3231'.
[  937.302679][ T4399] cdc_acm 3-1:1.0: ttyACM0: USB ACM device
[  937.330464][T17828] FAULT_INJECTION: forcing a failure.
[  937.330464][T17828] name failslab, interval 1, probability 0, space 0, times 0
[  937.352776][ T4399] usb 3-1: USB disconnect, device number 10
[  937.374865][T17828] CPU: 1 PID: 17828 Comm: syz.0.3239 Not tainted 5.15.189-syzkaller #0
[  937.383172][T17828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  937.393247][T17828] Call Trace:
[  937.396541][T17828]  <TASK>
[  937.399571][T17828]  dump_stack_lvl+0x168/0x230
[  937.404298][T17828]  ? show_regs_print_info+0x20/0x20
[  937.409542][T17828]  ? load_image+0x3b0/0x3b0
[  937.414072][T17828]  ? __might_sleep+0xf0/0xf0
[  937.418783][T17828]  ? __lock_acquire+0x7c60/0x7c60
[  937.423834][T17828]  should_fail+0x38c/0x4c0
[  937.428293][T17828]  should_failslab+0x5/0x20
[  937.432819][T17828]  slab_pre_alloc_hook+0x51/0xc0
[  937.437780][T17828]  kmem_cache_alloc_trace+0x47/0x2a0
[  937.443094][T17828]  ? alloc_pipe_info+0xe4/0x4b0
[  937.447970][T17828]  alloc_pipe_info+0xe4/0x4b0
[  937.452681][T17828]  splice_direct_to_actor+0x996/0xb50
[  937.458174][T17828]  ? aa_path_link+0x850/0x850
[  937.462887][T17828]  ? do_splice_direct+0x2c0/0x2c0
[  937.467936][T17828]  ? aa_file_perm+0x3a3/0xe20
[  937.472639][T17828]  ? end_current_label_crit_section+0x14b/0x170
[  937.478903][T17828]  ? pipe_to_sendpage+0x310/0x310
[  937.484287][T17828]  ? common_file_perm+0x171/0x1c0
[  937.489338][T17828]  ? fsnotify_perm+0x5d/0x560
[  937.494294][T17828]  ? security_file_permission+0x75/0xa0
[  937.499947][T17828]  do_splice_direct+0x1b9/0x2c0
[  937.504823][T17828]  ? splice_direct_to_actor+0xb50/0xb50
[  937.510392][T17828]  ? __fget_files+0x40f/0x480
[  937.515095][T17828]  ? common_file_perm+0x171/0x1c0
[  937.520148][T17828]  ? fsnotify_perm+0x5d/0x560
[  937.524845][T17828]  ? security_file_permission+0x75/0xa0
[  937.530421][T17828]  do_sendfile+0x5d5/0xec0
[  937.534869][T17828]  ? do_pwritev+0x340/0x340
[  937.539393][T17828]  ? __lock_acquire+0x7c60/0x7c60
[  937.544446][T17828]  __se_sys_sendfile64+0x13b/0x190
[  937.549580][T17828]  ? lock_chain_count+0x20/0x20
[  937.554456][T17828]  ? __x64_sys_sendfile64+0xa0/0xa0
[  937.559669][T17828]  ? lockdep_hardirqs_on+0x94/0x140
[  937.564869][T17828]  do_syscall_64+0x4c/0xa0
[  937.569394][T17828]  ? clear_bhb_loop+0x30/0x80
[  937.574194][T17828]  ? clear_bhb_loop+0x30/0x80
[  937.578882][T17828]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  937.584946][T17828] RIP: 0033:0x7f63cd9ba9a9
[  937.589379][T17828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  937.609297][T17828] RSP: 002b:00007f63cb822038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  937.617802][T17828] RAX: ffffffffffffffda RBX: 00007f63cdbe1fa0 RCX: 00007f63cd9ba9a9
[  937.625768][T17828] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[  937.634013][T17828] RBP: 00007f63cb822090 R08: 0000000000000000 R09: 0000000000000000
[  937.641988][T17828] R10: 000000007ffff004 R11: 0000000000000246 R12: 0000000000000001
[  937.650073][T17828] R13: 0000000000000000 R14: 00007f63cdbe1fa0 R15: 00007ffc513528b8
[  937.658139][T17828]  </TASK>
[  937.743087][    T9] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  937.776130][T17783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  937.827037][T17783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  937.854058][T17847] loop1: detected capacity change from 0 to 128
[  937.874094][    T9] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  937.943063][T17783] team0: Port device team_slave_0 added
[  937.953192][T17783] team0: Port device team_slave_1 added
[  938.041623][ T4392] Bluetooth: hci5: command 0x0409 tx timeout
[  938.175737][    T9] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  938.250014][T17783] batman_adv: batadv0: Adding interface: batadv_slave_0
[  938.263961][T17783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  938.394582][T17783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  938.446504][T17783] batman_adv: batadv0: Adding interface: batadv_slave_1
[  938.480369][T17783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  938.506674][    C1] vkms_vblank_simulate: vblank timer overrun
[  938.571841][T17783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  938.886590][T17783] device hsr_slave_0 entered promiscuous mode
[  938.912200][T17783] device hsr_slave_1 entered promiscuous mode
[  938.921420][T17879] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  938.936415][T17783] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  938.950985][T17783] Cannot create hsr debugfs directory
[  938.963451][T17879] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  940.578206][ T4399] Bluetooth: hci5: command 0x041b tx timeout
[  940.831336][T17916] FAULT_INJECTION: forcing a failure.
[  940.831336][T17916] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  940.845493][T17916] CPU: 1 PID: 17916 Comm: syz.1.3254 Not tainted 5.15.189-syzkaller #0
[  940.853946][T17916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  940.864219][T17916] Call Trace:
[  940.867513][T17916]  <TASK>
[  940.870457][T17916]  dump_stack_lvl+0x168/0x230
[  940.875315][T17916]  ? show_regs_print_info+0x20/0x20
[  940.880688][T17916]  ? load_image+0x3b0/0x3b0
[  940.885367][T17916]  ? __lock_acquire+0x7c60/0x7c60
[  940.890528][T17916]  should_fail+0x38c/0x4c0
[  940.894970][T17916]  prepare_alloc_pages+0x1e4/0x5f0
[  940.900964][T17916]  __alloc_pages+0x10e/0x470
[  940.905671][T17916]  ? zone_statistics+0x170/0x170
[  940.910646][T17916]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  940.916301][T17916]  ? lockdep_hardirqs_on+0x94/0x140
[  940.921525][T17916]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  940.927209][T17916]  alloc_pages_vma+0x393/0x7c0
[  940.931984][T17916]  handle_mm_fault+0x2382/0x43c0
[  940.936934][T17916]  ? get_page+0xe0/0xe0
[  940.941126][T17916]  ? vmacache_find+0x238/0x590
[  940.946180][T17916]  ? find_vma+0xd2/0x230
[  940.950538][T17916]  do_user_addr_fault+0x489/0xc80
[  940.955913][T17916]  exc_page_fault+0x60/0x100
[  940.960609][T17916]  asm_exc_page_fault+0x22/0x30
[  940.965458][T17916] RIP: 0033:0x7f9866395fbb
[  940.969872][T17916] Code: c0 8b 87 c0 00 00 00 66 0f 6c c0 85 c0 0f 85 44 01 00 00 c7 87 c0 00 00 00 ff ff ff ff 48 8d 84 24 20 21 00 00 48 8d 7c 24 20 <0f> 29 44 24 40 49 89 e4 48 89 44 24 50 8b 43 74 48 89 9c 24 00 01
[  940.989576][T17916] RSP: 002b:00007f986420be10 EFLAGS: 00010246
[  940.995659][T17916] RAX: 00007f986420df30 RBX: 00007f98665e0620 RCX: 0000000000000000
[  941.003624][T17916] RDX: 00007f986420df78 RSI: 00007f9866447bf8 RDI: 00007f986420be30
[  941.011589][T17916] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
[  941.019661][T17916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  941.027825][T17916] R13: 0000000000000000 R14: 00007f9866610160 R15: 00007ffd3add9aa8
[  941.035910][T17916]  </TASK>
[  941.039142][    C1] vkms_vblank_simulate: vblank timer overrun
[  941.046824][T17916] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  942.035647][T17941] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3259'.
[  942.371672][T17962] FAULT_INJECTION: forcing a failure.
[  942.371672][T17962] name failslab, interval 1, probability 0, space 0, times 0
[  942.384503][T17962] CPU: 1 PID: 17962 Comm: syz.5.3262 Not tainted 5.15.189-syzkaller #0
[  942.392743][T17962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  942.402798][T17962] Call Trace:
[  942.406075][T17962]  <TASK>
[  942.409007][T17962]  dump_stack_lvl+0x168/0x230
[  942.413700][T17962]  ? show_regs_print_info+0x20/0x20
[  942.418892][T17962]  ? load_image+0x3b0/0x3b0
[  942.423498][T17962]  ? __might_sleep+0xf0/0xf0
[  942.428108][T17962]  ? __lock_acquire+0x7c60/0x7c60
[  942.433139][T17962]  ? mark_lock+0x94/0x320
[  942.437476][T17962]  should_fail+0x38c/0x4c0
[  942.441978][T17962]  should_failslab+0x5/0x20
[  942.446473][T17962]  slab_pre_alloc_hook+0x51/0xc0
[  942.451414][T17962]  __kmalloc+0x6b/0x330
[  942.455557][T17962]  ? tomoyo_realpath_from_path+0x118/0x610
[  942.461374][T17962]  tomoyo_realpath_from_path+0x118/0x610
[  942.467178][T17962]  ? finish_task_switch+0x12f/0x640
[  942.472390][T17962]  tomoyo_path_number_perm+0x1d5/0x5d0
[  942.477865][T17962]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  942.483326][T17962]  ? finish_task_switch+0x12f/0x640
[  942.488520][T17962]  ? __switch_to_asm+0x34/0x60
[  942.493319][T17962]  security_file_ioctl+0x6c/0xa0
[  942.498257][T17962]  __se_sys_ioctl+0x48/0x170
[  942.502847][T17962]  do_syscall_64+0x4c/0xa0
[  942.507357][T17962]  ? clear_bhb_loop+0x30/0x80
[  942.512120][T17962]  ? clear_bhb_loop+0x30/0x80
[  942.516909][T17962]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  942.522811][T17962] RIP: 0033:0x7fbc8765b9a9
[  942.527229][T17962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  942.546919][T17962] RSP: 002b:00007fbc85481038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  942.555519][T17962] RAX: ffffffffffffffda RBX: 00007fbc87883160 RCX: 00007fbc8765b9a9
[  942.563486][T17962] RDX: 0000200000000280 RSI: 00000000000089a2 RDI: 0000000000000005
[  942.571554][T17962] RBP: 00007fbc85481090 R08: 0000000000000000 R09: 0000000000000000
[  942.579532][T17962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  942.587676][T17962] R13: 0000000000000000 R14: 00007fbc87883160 R15: 00007fffb9c9e0c8
[  942.595836][T17962]  </TASK>
[  942.599364][    C1] vkms_vblank_simulate: vblank timer overrun
[  942.606057][T17962] ERROR: Out of memory at tomoyo_realpath_from_path.
[  942.617032][T17962] bridge0: port 3(netdevsim0) entered blocking state
[  942.624103][T17962] bridge0: port 3(netdevsim0) entered disabled state
[  942.635128][T17962] device netdevsim0 entered promiscuous mode
[  942.642088][T17962] bridge0: port 3(netdevsim0) entered blocking state
[  942.649266][T17962] bridge0: port 3(netdevsim0) entered forwarding state
[  942.662940][ T4392] Bluetooth: hci5: command 0x040f tx timeout
[  942.899822][T17783] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  943.000825][T17783] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  943.053735][T17974] loop5: detected capacity change from 0 to 512
[  943.674512][T17783] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  943.907421][T17783] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  944.355411][T18009] IPv6: NLM_F_REPLACE set, but no existing node found!
[  944.382400][T17987] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  944.419154][T17987] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  944.466307][T18010] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  944.493500][T18010] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  944.561410][T17783] 8021q: adding VLAN 0 to HW filter on device bond0
[  944.658487][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  944.681780][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  944.705535][ T4174] Bluetooth: hci5: command 0x0419 tx timeout
[  944.768406][    T9] device hsr_slave_0 left promiscuous mode
[  944.845903][    T9] device hsr_slave_1 left promiscuous mode
[  944.867973][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  944.937302][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[  944.995293][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  945.002784][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[  945.080436][T18029] loop2: detected capacity change from 0 to 2048
[  945.105694][    T9] device bridge_slave_1 left promiscuous mode
[  945.112022][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  945.168635][    T9] device bridge_slave_0 left promiscuous mode
[  945.188170][T18029] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  945.214593][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  945.337349][    T9] device veth1_macvtap left promiscuous mode
[  945.343424][    T9] device veth0_macvtap left promiscuous mode
[  945.366258][    T9] device veth1_vlan left promiscuous mode
[  945.372089][    T9] device veth0_vlan left promiscuous mode
[  945.771280][T18049] loop5: detected capacity change from 0 to 256
[  945.853599][T18026] input: syz1 as /devices/virtual/input/input6
[  946.821737][    T9] team0 (unregistering): Port device team_slave_1 removed
[  946.907820][    T9] team0 (unregistering): Port device team_slave_0 removed
[  946.934074][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  946.965727][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  947.121222][    T9] bond0 (unregistering): Released all slaves
[  947.203060][T17783] 8021q: adding VLAN 0 to HW filter on device team0
[  947.249620][T18042] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3275'.
[  947.264427][T18042] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3275'.
[  947.284667][T18042] bridge0: port 3(vlan3) entered blocking state
[  947.293631][T18042] bridge0: port 3(vlan3) entered disabled state
[  947.330842][T18050] netlink: 'syz.1.3274': attribute type 10 has an invalid length.
[  947.343182][T18050] device macvlan0 entered promiscuous mode
[  947.358152][T18050] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  947.442211][T18050] syz.1.3274 (18050) used greatest stack depth: 20672 bytes left
[  947.489485][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  947.522714][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  947.547737][ T4462] bridge0: port 1(bridge_slave_0) entered blocking state
[  947.554965][ T4462] bridge0: port 1(bridge_slave_0) entered forwarding state
[  947.640954][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  947.694459][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  947.750016][ T4462] bridge0: port 2(bridge_slave_1) entered blocking state
[  947.757369][ T4462] bridge0: port 2(bridge_slave_1) entered forwarding state
[  947.804916][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  947.824159][T18064] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  947.845304][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  947.893203][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  947.924459][T18064] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  947.939125][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  947.966560][T18070] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  947.991211][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  948.019435][T18070] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  948.065328][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  948.073466][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  948.145449][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  948.167090][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  948.193258][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  948.202211][T18077] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  948.222453][T17783] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  948.242864][T18082] loop0: detected capacity change from 0 to 4096
[  948.247873][T17783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  948.265886][T18077] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  948.299788][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  948.316796][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  948.326916][T18082] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
[  948.482040][T18087] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  948.489823][T18082] ntfs3: loop0: Failed to load $Extend.
[  948.514740][T18087] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  948.759598][T18106] loop5: detected capacity change from 0 to 1024
[  948.779410][T18100] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  948.807400][T18100] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  948.831303][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  948.840180][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  948.873146][T17783] 8021q: adding VLAN 0 to HW filter on device batadv0
[  948.973895][T18113] device geneve2 entered promiscuous mode
[  949.028032][T18106] EXT4-fs (loop5): bad geometry: first data block is 0 with a 1k block and cluster size
[  949.098095][T18117] bridge0: port 3(netdevsim0) entered blocking state
[  949.105176][T18117] bridge0: port 3(netdevsim0) entered disabled state
[  949.123681][T18117] device netdevsim0 entered promiscuous mode
[  949.132454][T18117] bridge0: port 3(netdevsim0) entered blocking state
[  949.139318][T18117] bridge0: port 3(netdevsim0) entered forwarding state
[  949.645538][T18120] FAULT_INJECTION: forcing a failure.
[  949.645538][T18120] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  949.875524][T18120] CPU: 0 PID: 18120 Comm: syz.5.3289 Not tainted 5.15.189-syzkaller #0
[  949.883827][T18120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  949.894436][T18120] Call Trace:
[  949.898260][T18120]  <TASK>
[  949.901218][T18120]  dump_stack_lvl+0x168/0x230
[  949.905918][T18120]  ? show_regs_print_info+0x20/0x20
[  949.911143][T18120]  ? load_image+0x3b0/0x3b0
[  949.915675][T18120]  ? __lock_acquire+0x7c60/0x7c60
[  949.920798][T18120]  ? vfs_write+0x84d/0xd00
[  949.925318][T18120]  should_fail+0x38c/0x4c0
[  949.929765][T18120]  _copy_from_user+0x2e/0x170
[  949.934556][T18120]  __sys_bpf+0x21b/0x670
[  949.938824][T18120]  ? bpf_link_show_fdinfo+0x340/0x340
[  949.944236][T18120]  ? vtime_user_exit+0x2dc/0x400
[  949.949419][T18120]  __x64_sys_bpf+0x78/0x90
[  949.954025][T18120]  do_syscall_64+0x4c/0xa0
[  949.958544][T18120]  ? clear_bhb_loop+0x30/0x80
[  949.963264][T18120]  ? clear_bhb_loop+0x30/0x80
[  949.967974][T18120]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  949.974057][T18120] RIP: 0033:0x7fbc8765b9a9
[  949.978506][T18120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  949.998320][T18120] RSP: 002b:00007fbc854a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  950.006775][T18120] RAX: ffffffffffffffda RBX: 00007fbc87883080 RCX: 00007fbc8765b9a9
[  950.014868][T18120] RDX: 0000000000000020 RSI: 0000200000001600 RDI: 0000000000000004
[  950.023122][T18120] RBP: 00007fbc854a2090 R08: 0000000000000000 R09: 0000000000000000
[  950.031105][T18120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  950.039095][T18120] R13: 0000000000000001 R14: 00007fbc87883080 R15: 00007fffb9c9e0c8
[  950.047098][T18120]  </TASK>
[  950.123034][T10974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  950.153575][T10974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  950.244526][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  950.259622][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  950.276181][T18123] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  950.284125][T18113] loop0: detected capacity change from 0 to 32768
[  950.303530][T17783] device veth0_vlan entered promiscuous mode
[  950.312228][T18123] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  950.317602][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  950.360474][T18113] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz.0.3288 (18113)
[  950.391916][ T4462] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  950.441612][T17783] device veth1_vlan entered promiscuous mode
[  950.459938][T18113] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  950.494718][T18113] BTRFS info (device loop0): using free space tree
[  950.501764][T18113] BTRFS info (device loop0): has skinny extents
[  950.721120][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  950.783689][T18149] FAULT_INJECTION: forcing a failure.
[  950.783689][T18149] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  950.797775][T18149] CPU: 1 PID: 18149 Comm: syz.2.3295 Not tainted 5.15.189-syzkaller #0
[  950.806031][T18149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  950.816269][T18149] Call Trace:
[  950.819560][T18149]  <TASK>
[  950.822505][T18149]  dump_stack_lvl+0x168/0x230
[  950.827194][T18149]  ? show_regs_print_info+0x20/0x20
[  950.832395][T18149]  ? load_image+0x3b0/0x3b0
[  950.836905][T18149]  ? __lock_acquire+0x7c60/0x7c60
[  950.841940][T18149]  ? mark_lock+0x94/0x320
[  950.846536][T18149]  should_fail+0x38c/0x4c0
[  950.850959][T18149]  _copy_from_user+0x2e/0x170
[  950.855828][T18149]  sctp_getsockopt_pr_assocstatus+0xc7/0x680
[  950.861816][T18149]  ? sctp_getsockopt_default_prinfo+0x550/0x550
[  950.868055][T18149]  ? sctp_getsockopt+0x277/0x8a0
[  950.872991][T18149]  sctp_getsockopt+0x28b/0x8a0
[  950.877746][T18149]  ? sock_recv_errqueue+0x4b0/0x4b0
[  950.882947][T18149]  __sys_getsockopt+0x1b0/0x230
[  950.887801][T18149]  __x64_sys_getsockopt+0xb1/0xc0
[  950.892823][T18149]  do_syscall_64+0x4c/0xa0
[  950.897233][T18149]  ? clear_bhb_loop+0x30/0x80
[  950.901924][T18149]  ? clear_bhb_loop+0x30/0x80
[  950.906796][T18149]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  950.912700][T18149] RIP: 0033:0x7efd149a39a9
[  950.917213][T18149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  950.937166][T18149] RSP: 002b:00007efd127c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  950.945714][T18149] RAX: ffffffffffffffda RBX: 00007efd14bcb160 RCX: 00007efd149a39a9
[  950.953818][T18149] RDX: 0000000000000073 RSI: 0000000000000084 RDI: 0000000000000007
[  950.961964][T18149] RBP: 00007efd127c9090 R08: 0000200000001080 R09: 0000000000000000
[  950.969933][T18149] R10: 0000200000001040 R11: 0000000000000246 R12: 0000000000000001
[  950.977995][T18149] R13: 0000000000000000 R14: 00007efd14bcb160 R15: 00007ffea2eedd58
[  950.986467][T18149]  </TASK>
[  950.989750][    C1] vkms_vblank_simulate: vblank timer overrun
[  951.036646][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  951.103727][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  951.151776][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  951.163430][T18113] BTRFS info (device loop0): enabling ssd optimizations
[  951.216534][T17783] device veth0_macvtap entered promiscuous mode
[  951.264453][ T4288] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  951.303484][T17783] device veth1_macvtap entered promiscuous mode
[  951.430746][T17783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  951.514267][T17783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  951.534297][T17783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  951.549132][T17783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  951.644825][ T4288] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  951.662753][T17783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  951.712527][ T4288] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  951.729686][T17783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  951.741687][ T4288] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  951.750739][T17783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  951.768258][ T4288] usb 6-1: config 0 descriptor??
[  951.792319][T17783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  951.825500][T17783] batman_adv: batadv0: Interface activated: batadv_slave_0
[  951.851782][T10974] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  951.875950][T10974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  951.919391][T17783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  951.938924][T17783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  951.975042][T17783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  952.004313][T17783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  952.034402][T17783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  952.074297][T17783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  952.104347][T17783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  952.133363][T18171] loop5: detected capacity change from 0 to 1764
[  952.146197][T17783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  952.176073][T17783] batman_adv: batadv0: Interface activated: batadv_slave_1
[  952.190512][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  952.202821][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  952.251123][T18147] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3296'.
[  952.360360][T18147] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  952.370164][T18147] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  952.379330][T18147] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  952.388154][T18147] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  952.457584][T18147] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3296'.
[  952.555135][T17783] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  952.557642][T18171] iso9660: Corrupted directory entry in block 2 of inode 1920
[  952.564201][T17783] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  952.582027][T17783] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  952.591261][T17783] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  952.847132][T18178] FAULT_INJECTION: forcing a failure.
[  952.847132][T18178] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  952.860907][T18178] CPU: 1 PID: 18178 Comm: syz.0.3298 Not tainted 5.15.189-syzkaller #0
[  952.869649][T18178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  952.879846][T18178] Call Trace:
[  952.883172][T18178]  <TASK>
[  952.886503][T18178]  dump_stack_lvl+0x168/0x230
[  952.891209][T18178]  ? show_regs_print_info+0x20/0x20
[  952.896419][T18178]  ? load_image+0x3b0/0x3b0
[  952.900935][T18178]  ? __lock_acquire+0x7c60/0x7c60
[  952.905982][T18178]  ? __fget_files+0x40f/0x480
[  952.910807][T18178]  should_fail+0x38c/0x4c0
[  952.915242][T18178]  _copy_from_user+0x2e/0x170
[  952.920163][T18178]  __sys_bind+0x1cf/0x3f0
[  952.924664][T18178]  ? __lock_acquire+0x7c60/0x7c60
[  952.929716][T18178]  ? __ia32_sys_socketpair+0xb0/0xb0
[  952.935035][T18178]  ? vtime_user_exit+0x2dc/0x400
[  952.940170][T18178]  __x64_sys_bind+0x76/0x80
[  952.944694][T18178]  do_syscall_64+0x4c/0xa0
[  952.949136][T18178]  ? clear_bhb_loop+0x30/0x80
[  952.953840][T18178]  ? clear_bhb_loop+0x30/0x80
[  952.958549][T18178]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  952.964467][T18178] RIP: 0033:0x7f63cd9ba9a9
[  952.969263][T18178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  952.989536][T18178] RSP: 002b:00007f63cb801038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  952.998008][T18178] RAX: ffffffffffffffda RBX: 00007f63cdbe2080 RCX: 00007f63cd9ba9a9
[  953.006085][T18178] RDX: 000000000000001c RSI: 0000200000000080 RDI: 0000000000000005
[  953.014451][T18178] RBP: 00007f63cb801090 R08: 0000000000000000 R09: 0000000000000000
[  953.014471][T18178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  953.014479][T18178] R13: 0000000000000000 R14: 00007f63cdbe2080 R15: 00007ffc513528b8
[  953.014498][T18178]  </TASK>
[  953.032805][ T4288] keytouch 0003:0926:3333.0004: fixing up Keytouch IEC report descriptor
[  953.039569][ T4288] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0004/input/input7
[  953.086175][  T482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  953.103360][  T482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  953.175587][ T4288] keytouch 0003:0926:3333.0004: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[  953.200526][  T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  953.208316][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  953.220827][  T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  953.381441][T10974] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  953.462080][T18186] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  953.474738][T18186] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  953.794102][T18192] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  953.825769][T18192] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  953.854639][T18195] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  953.863279][T18195] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  954.013934][T18200] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  954.111135][T18200] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  954.148432][T18204] loop4: detected capacity change from 0 to 4096
[  954.251328][T18208] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  954.374357][T18206] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  954.383957][T18206] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  954.712869][T18223] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  954.746631][ T4174] usb 6-1: USB disconnect, device number 6
[  954.848008][T18225] bridge0: port 3(netdevsim0) entered blocking state
[  954.855130][T18225] bridge0: port 3(netdevsim0) entered disabled state
[  954.873325][T18225] device netdevsim0 entered promiscuous mode
[  954.883405][T18225] bridge0: port 3(netdevsim0) entered blocking state
[  954.890239][T18225] bridge0: port 3(netdevsim0) entered forwarding state
[  955.415341][T18228] FAULT_INJECTION: forcing a failure.
[  955.415341][T18228] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  955.503766][T18228] CPU: 0 PID: 18228 Comm: syz.1.3312 Not tainted 5.15.189-syzkaller #0
[  955.513043][T18228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  955.523427][T18228] Call Trace:
[  955.526715][T18228]  <TASK>
[  955.529850][T18228]  dump_stack_lvl+0x168/0x230
[  955.534673][T18228]  ? show_regs_print_info+0x20/0x20
[  955.539956][T18228]  ? load_image+0x3b0/0x3b0
[  955.544487][T18228]  ? __lock_acquire+0x7c60/0x7c60
[  955.549835][T18228]  ? vfs_write+0x84d/0xd00
[  955.554254][T18228]  should_fail+0x38c/0x4c0
[  955.558706][T18228]  _copy_from_user+0x2e/0x170
[  955.563481][T18228]  __sys_bpf+0x21b/0x670
[  955.567778][T18228]  ? bpf_link_show_fdinfo+0x340/0x340
[  955.573331][T18228]  ? vtime_user_exit+0x2dc/0x400
[  955.578478][T18228]  __x64_sys_bpf+0x78/0x90
[  955.583094][T18228]  do_syscall_64+0x4c/0xa0
[  955.588386][T18228]  ? clear_bhb_loop+0x30/0x80
[  955.593581][T18228]  ? clear_bhb_loop+0x30/0x80
[  955.598254][T18228]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  955.604341][T18228] RIP: 0033:0x7f98663e89a9
[  955.608845][T18228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  955.628841][T18228] RSP: 002b:00007f9864250038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  955.637354][T18228] RAX: ffffffffffffffda RBX: 00007f986660ffa0 RCX: 00007f98663e89a9
[  955.645771][T18228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  955.654003][T18228] RBP: 00007f9864250090 R08: 0000000000000000 R09: 0000000000000000
[  955.662085][T18228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  955.670387][T18228] R13: 0000000000000001 R14: 00007f986660ffa0 R15: 00007ffd3add9aa8
[  955.678437][T18228]  </TASK>
[  955.724122][T18234] loop5: detected capacity change from 0 to 1024
[  957.134441][ T4288] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  957.404354][ T4288] usb 3-1: Using ep0 maxpacket: 16
[  957.405675][T18262] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  957.443465][T18262] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  957.564741][ T4288] usb 3-1: unable to get BOS descriptor or descriptor too short
[  957.674669][ T4288] usb 3-1: config 5 has an invalid interface number: 118 but max is 0
[  957.693294][ T4288] usb 3-1: config 5 has no interface number 0
[  957.715750][ T4288] usb 3-1: config 5 interface 118 altsetting 9 has an invalid endpoint with address 0x80, skipping
[  957.724173][T18269] loop4: detected capacity change from 0 to 2048
[  957.751711][ T4288] usb 3-1: config 5 interface 118 has no altsetting 0
[  957.808905][T18269] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  957.939964][ T4288] usb 3-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=1c.96
[  957.954202][ T4288] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  957.993953][ T4288] usb 3-1: Product: syz
[  958.017837][ T4288] usb 3-1: Manufacturer: syz
[  958.038108][ T4288] usb 3-1: SerialNumber: syz
[  958.362802][T18282] FAULT_INJECTION: forcing a failure.
[  958.362802][T18282] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  959.088647][T18282] CPU: 1 PID: 18282 Comm: syz.1.3322 Not tainted 5.15.189-syzkaller #0
[  959.096953][T18282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  959.107234][T18282] Call Trace:
[  959.110509][T18282]  <TASK>
[  959.113431][T18282]  dump_stack_lvl+0x168/0x230
[  959.118103][T18282]  ? show_regs_print_info+0x20/0x20
[  959.123377][T18282]  ? load_image+0x3b0/0x3b0
[  959.128055][T18282]  ? __lock_acquire+0x7c60/0x7c60
[  959.133163][T18282]  ? __fget_files+0x40f/0x480
[  959.137826][T18282]  should_fail+0x38c/0x4c0
[  959.142237][T18282]  _copy_from_user+0x2e/0x170
[  959.146908][T18282]  __sys_connect+0x132/0x410
[  959.151509][T18282]  ? __lock_acquire+0x7c60/0x7c60
[  959.156551][T18282]  ? __sys_connect_file+0x170/0x170
[  959.161772][T18282]  ? vtime_user_exit+0x2dc/0x400
[  959.167051][T18282]  __x64_sys_connect+0x76/0x80
[  959.171911][T18282]  do_syscall_64+0x4c/0xa0
[  959.176337][T18282]  ? clear_bhb_loop+0x30/0x80
[  959.181015][T18282]  ? clear_bhb_loop+0x30/0x80
[  959.185733][T18282]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  959.191751][T18282] RIP: 0033:0x7f98663e89a9
[  959.196163][T18282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  959.215929][T18282] RSP: 002b:00007f986420e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  959.224458][T18282] RAX: ffffffffffffffda RBX: 00007f9866610160 RCX: 00007f98663e89a9
[  959.232730][T18282] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000005
[  959.240997][T18282] RBP: 00007f986420e090 R08: 0000000000000000 R09: 0000000000000000
[  959.249133][T18282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  959.257223][T18282] R13: 0000000000000000 R14: 00007f9866610160 R15: 00007ffd3add9aa8
[  959.265400][T18282]  </TASK>
[  959.272294][ T4288] imon_raw 3-1:5.118: IR endpoint missing
[  959.316083][ T4288] usb 3-1: USB disconnect, device number 11
[  959.350677][T18292] loop0: detected capacity change from 0 to 1024
[  959.552781][T18292] FAULT_INJECTION: forcing a failure.
[  959.552781][T18292] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  959.678236][T18292] CPU: 0 PID: 18292 Comm: syz.0.3329 Not tainted 5.15.189-syzkaller #0
[  959.686549][T18292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  959.696631][T18292] Call Trace:
[  959.699945][T18292]  <TASK>
[  959.702990][T18292]  dump_stack_lvl+0x168/0x230
[  959.708056][T18292]  ? show_regs_print_info+0x20/0x20
[  959.713432][T18292]  ? load_image+0x3b0/0x3b0
[  959.717978][T18292]  ? __lock_acquire+0x7c60/0x7c60
[  959.723033][T18292]  ? up_read+0x20/0x20
[  959.727471][T18292]  should_fail+0x38c/0x4c0
[  959.732113][T18292]  _copy_to_user+0x2e/0x130
[  959.736657][T18292]  __se_sys_msgctl+0x203/0x320
[  959.741456][T18292]  ? __x64_sys_msgctl+0x80/0x80
[  959.746334][T18292]  ? lock_chain_count+0x20/0x20
[  959.751299][T18292]  ? __secure_computing+0x10d/0x2f0
[  959.756535][T18292]  do_syscall_64+0x4c/0xa0
[  959.760982][T18292]  ? clear_bhb_loop+0x30/0x80
[  959.765683][T18292]  ? clear_bhb_loop+0x30/0x80
[  959.770398][T18292]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  959.776408][T18292] RIP: 0033:0x7f63cd9ba9a9
[  959.780841][T18292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  959.800539][T18292] RSP: 002b:00007f63cb822038 EFLAGS: 00000246 ORIG_RAX: 0000000000000047
[  959.808982][T18292] RAX: ffffffffffffffda RBX: 00007f63cdbe1fa0 RCX: 00007f63cd9ba9a9
[  959.817441][T18292] RDX: 0000200000000100 RSI: 0000000000000003 RDI: 0000000000000000
[  959.825576][T18292] RBP: 00007f63cb822090 R08: 0000000000000000 R09: 0000000000000000
[  959.833848][T18292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  959.841858][T18292] R13: 0000000000000000 R14: 00007f63cdbe1fa0 R15: 00007ffc513528b8
[  959.850049][T18292]  </TASK>
[  959.915219][  T482] hfsplus: b-tree write err: -5, ino 4
[  961.480288][T18328] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3339'.
[  961.818477][T18339] FAULT_INJECTION: forcing a failure.
[  961.818477][T18339] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  961.831736][T18339] CPU: 0 PID: 18339 Comm: syz.5.3340 Not tainted 5.15.189-syzkaller #0
[  961.840319][T18339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  961.850491][T18339] Call Trace:
[  961.853953][T18339]  <TASK>
[  961.856883][T18339]  dump_stack_lvl+0x168/0x230
[  961.861575][T18339]  ? show_regs_print_info+0x20/0x20
[  961.866771][T18339]  ? load_image+0x3b0/0x3b0
[  961.871268][T18339]  ? __lock_acquire+0x7c60/0x7c60
[  961.876300][T18339]  should_fail+0x38c/0x4c0
[  961.880800][T18339]  _copy_from_user+0x2e/0x170
[  961.885479][T18339]  __copy_msghdr_from_user+0xaf/0x5e0
[  961.891021][T18339]  ? verify_lock_unused+0x140/0x140
[  961.896357][T18339]  ? __ia32_sys_shutdown+0x1d0/0x1d0
[  961.901679][T18339]  ___sys_sendmsg+0x156/0x260
[  961.906369][T18339]  ? __sys_sendmsg+0x250/0x250
[  961.911228][T18339]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  961.916887][T18339]  ? __fdget+0x18b/0x210
[  961.921159][T18339]  __se_sys_sendmsg+0x190/0x250
[  961.926012][T18339]  ? __x64_sys_sendmsg+0x80/0x80
[  961.930946][T18339]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  961.937281][T18339]  ? lockdep_hardirqs_on+0x94/0x140
[  961.942476][T18339]  do_syscall_64+0x4c/0xa0
[  961.946898][T18339]  ? clear_bhb_loop+0x30/0x80
[  961.951568][T18339]  ? clear_bhb_loop+0x30/0x80
[  961.956497][T18339]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  961.962415][T18339] RIP: 0033:0x7fbc8765b9a9
[  961.966852][T18339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  961.986655][T18339] RSP: 002b:00007fbc85481038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  961.995200][T18339] RAX: ffffffffffffffda RBX: 00007fbc87883160 RCX: 00007fbc8765b9a9
[  962.003199][T18339] RDX: 0000000000000002 RSI: 0000200000000240 RDI: 0000000000000009
[  962.011312][T18339] RBP: 00007fbc85481090 R08: 0000000000000000 R09: 0000000000000000
[  962.019347][T18339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  962.027443][T18339] R13: 0000000000000000 R14: 00007fbc87883160 R15: 00007fffb9c9e0c8
[  962.035716][T18339]  </TASK>
[  963.126491][T18338] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  963.214771][T18338] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  966.931305][T18411] loop2: detected capacity change from 0 to 2048
[  967.011531][T18411] NILFS (loop2): invalid segment: Inconsistency found
[  967.045253][T18414] FAULT_INJECTION: forcing a failure.
[  967.045253][T18414] name failslab, interval 1, probability 0, space 0, times 0
[  967.061497][T18414] CPU: 0 PID: 18414 Comm: syz.0.3361 Not tainted 5.15.189-syzkaller #0
[  967.070595][T18414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  967.081739][T18414] Call Trace:
[  967.085217][T18414]  <TASK>
[  967.088158][T18411] NILFS (loop2): trying rollback from an earlier position
[  967.088280][T18414]  dump_stack_lvl+0x168/0x230
[  967.101008][T18414]  ? show_regs_print_info+0x20/0x20
[  967.106320][T18414]  ? load_image+0x3b0/0x3b0
[  967.110946][T18414]  ? __might_sleep+0xf0/0xf0
[  967.115583][T18414]  ? __lock_acquire+0x7c60/0x7c60
[  967.120828][T18414]  should_fail+0x38c/0x4c0
[  967.125532][T18414]  should_failslab+0x5/0x20
[  967.130239][T18414]  slab_pre_alloc_hook+0x51/0xc0
[  967.135179][T18414]  kmem_cache_alloc_trace+0x47/0x2a0
[  967.140470][T18414]  ? alloc_pipe_info+0xe4/0x4b0
[  967.145402][T18414]  alloc_pipe_info+0xe4/0x4b0
[  967.150067][T18414]  splice_direct_to_actor+0x996/0xb50
[  967.155425][T18414]  ? aa_path_link+0x850/0x850
[  967.160090][T18414]  ? do_splice_direct+0x2c0/0x2c0
[  967.165117][T18414]  ? aa_file_perm+0x3a3/0xe20
[  967.169776][T18414]  ? end_current_label_crit_section+0x14b/0x170
[  967.176361][T18414]  ? pipe_to_sendpage+0x310/0x310
[  967.181410][T18414]  ? common_file_perm+0x171/0x1c0
[  967.186425][T18414]  ? fsnotify_perm+0x5d/0x560
[  967.191283][T18414]  ? security_file_permission+0x75/0xa0
[  967.196849][T18414]  do_splice_direct+0x1b9/0x2c0
[  967.201983][T18414]  ? splice_direct_to_actor+0xb50/0xb50
[  967.207683][T18414]  ? __fget_files+0x40f/0x480
[  967.212394][T18414]  ? common_file_perm+0x171/0x1c0
[  967.217411][T18414]  ? fsnotify_perm+0x5d/0x560
[  967.222081][T18414]  ? security_file_permission+0x75/0xa0
[  967.227702][T18414]  do_sendfile+0x5d5/0xec0
[  967.232117][T18414]  ? do_pwritev+0x340/0x340
[  967.236624][T18414]  ? __lock_acquire+0x7c60/0x7c60
[  967.241664][T18414]  __se_sys_sendfile64+0x13b/0x190
[  967.246788][T18414]  ? lock_chain_count+0x20/0x20
[  967.251724][T18414]  ? __x64_sys_sendfile64+0xa0/0xa0
[  967.256910][T18414]  ? lockdep_hardirqs_on+0x94/0x140
[  967.262096][T18414]  do_syscall_64+0x4c/0xa0
[  967.266505][T18414]  ? clear_bhb_loop+0x30/0x80
[  967.271262][T18414]  ? clear_bhb_loop+0x30/0x80
[  967.275944][T18414]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  967.281824][T18414] RIP: 0033:0x7f63cd9ba9a9
[  967.286240][T18414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  967.305831][T18414] RSP: 002b:00007f63cb7e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  967.314318][T18414] RAX: ffffffffffffffda RBX: 00007f63cdbe2160 RCX: 00007f63cd9ba9a9
[  967.322273][T18414] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[  967.330241][T18414] RBP: 00007f63cb7e0090 R08: 0000000000000000 R09: 0000000000000000
[  967.338577][T18414] R10: 000000007ffff004 R11: 0000000000000246 R12: 0000000000000001
[  967.346647][T18414] R13: 0000000000000000 R14: 00007f63cdbe2160 R15: 00007ffc513528b8
[  967.354806][T18414]  </TASK>
[  967.541578][T18411] NILFS (loop2): recovery complete
[  967.567211][T18420] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  967.858300][T18425] loop4: detected capacity change from 0 to 512
[  967.875909][T18427] loop1: detected capacity change from 0 to 64
[  967.966252][T18429] FAULT_INJECTION: forcing a failure.
[  967.966252][T18429] name failslab, interval 1, probability 0, space 0, times 0
[  967.979575][T18429] CPU: 1 PID: 18429 Comm: syz.2.3362 Not tainted 5.15.189-syzkaller #0
[  967.987837][T18429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  967.997902][T18429] Call Trace:
[  968.001298][T18429]  <TASK>
[  968.004278][T18429]  dump_stack_lvl+0x168/0x230
[  968.008984][T18429]  ? show_regs_print_info+0x20/0x20
[  968.014326][T18429]  ? load_image+0x3b0/0x3b0
[  968.018856][T18429]  ? __lock_acquire+0x7c60/0x7c60
[  968.023886][T18429]  ? __context_tracking_exit+0x4c/0x80
[  968.029545][T18429]  should_fail+0x38c/0x4c0
[  968.033999][T18429]  should_failslab+0x5/0x20
[  968.038521][T18429]  slab_pre_alloc_hook+0x51/0xc0
[  968.043465][T18429]  ? getname_flags+0xb5/0x500
[  968.048161][T18429]  kmem_cache_alloc+0x3d/0x290
[  968.052951][T18429]  getname_flags+0xb5/0x500
[  968.057575][T18429]  __x64_sys_mkdirat+0x78/0x90
[  968.062450][T18429]  do_syscall_64+0x4c/0xa0
[  968.066889][T18429]  ? clear_bhb_loop+0x30/0x80
[  968.071573][T18429]  ? clear_bhb_loop+0x30/0x80
[  968.076260][T18429]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  968.082186][T18429] RIP: 0033:0x7efd149a2217
[  968.086626][T18429] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  968.106239][T18429] RSP: 002b:00007efd127c8e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  968.114982][T18429] RAX: ffffffffffffffda RBX: 00007efd127c8ef0 RCX: 00007efd149a2217
[  968.122982][T18429] RDX: 00000000000001ff RSI: 0000200000000180 RDI: 00000000ffffff9c
[  968.130985][T18429] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  968.139059][T18429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000180
[  968.147157][T18429] R13: 00007efd127c8eb0 R14: 0000000000000000 R15: 0000000000000000
[  968.155159][T18429]  </TASK>
[  968.200135][T18421] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  968.284623][T18421] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  968.452105][T18425] EXT4-fs error (device loop4): ext4_orphan_get:1427: comm syz.4.3364: bad orphan inode 11
[  968.481541][T18425] ext4_test_bit(bit=10, block=4) = 1
[  968.487077][T18425] is_bad_inode(inode)=0
[  968.491251][T18425] NEXT_ORPHAN(inode)=2080374784
[  968.510511][T18425] max_ino=32
[  968.514048][T18425] i_nlink=0
[  968.551935][T18425] EXT4-fs (loop4): 1 truncate cleaned up
[  968.612224][T18425] EXT4-fs (loop4): mounted filesystem without journal. Opts: usrjquota=,auto_da_alloc=0x0000000000000a0f,,errors=continue. Quota mode: writeback.
[  968.892523][T18440] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  968.929323][T18440] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  969.139223][T18446] kvm [18445]: vcpu0, guest rIP: 0x1a3 ignored wrmsr: 0x11e data 0xbe70a111
[  969.399567][T18454] netlink: 192 bytes leftover after parsing attributes in process `syz.4.3371'.
[  969.447297][T18453] netlink: 'syz.5.3372': attribute type 1 has an invalid length.
[  969.813792][T18461] loop2: detected capacity change from 0 to 64
[  969.833604][T18455] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  969.955746][T18454] loop4: detected capacity change from 0 to 4096
[  970.097736][T18455] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  970.190764][T18455] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  970.284320][T18455] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  970.372907][T18455] bond1: (slave geneve2): making interface the new active one
[  970.615014][T18455] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  970.701708][T18469] FAULT_INJECTION: forcing a failure.
[  970.701708][T18469] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  970.715071][T18469] CPU: 1 PID: 18469 Comm: syz.2.3373 Not tainted 5.15.189-syzkaller #0
[  970.723337][T18469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  970.733577][T18469] Call Trace:
[  970.736880][T18469]  <TASK>
[  970.739828][T18469]  dump_stack_lvl+0x168/0x230
[  970.744518][T18469]  ? show_regs_print_info+0x20/0x20
[  970.749767][T18469]  ? load_image+0x3b0/0x3b0
[  970.754286][T18469]  ? __lock_acquire+0x7c60/0x7c60
[  970.759505][T18469]  should_fail+0x38c/0x4c0
[  970.763938][T18469]  _copy_from_user+0x2e/0x170
[  970.768803][T18469]  __copy_msghdr_from_user+0xaf/0x5e0
[  970.774277][T18469]  ? verify_lock_unused+0x140/0x140
[  970.779594][T18469]  ? __ia32_sys_shutdown+0x1d0/0x1d0
[  970.784891][T18469]  ___sys_sendmsg+0x156/0x260
[  970.789663][T18469]  ? __sys_sendmsg+0x250/0x250
[  970.794437][T18469]  ? vfs_write+0x84d/0xd00
[  970.798964][T18469]  ? __fdget+0x18b/0x210
[  970.803209][T18469]  __se_sys_sendmsg+0x190/0x250
[  970.808148][T18469]  ? __x64_sys_sendmsg+0x80/0x80
[  970.813115][T18469]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  970.819135][T18469]  ? lockdep_hardirqs_on+0x94/0x140
[  970.824443][T18469]  do_syscall_64+0x4c/0xa0
[  970.829064][T18469]  ? clear_bhb_loop+0x30/0x80
[  970.833745][T18469]  ? clear_bhb_loop+0x30/0x80
[  970.838424][T18469]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  970.844324][T18469] RIP: 0033:0x7efd149a39a9
[  970.849136][T18469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  970.868845][T18469] RSP: 002b:00007efd127c9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  970.877354][T18469] RAX: ffffffffffffffda RBX: 00007efd14bcb160 RCX: 00007efd149a39a9
[  970.885331][T18469] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000006
[  970.893303][T18469] RBP: 00007efd127c9090 R08: 0000000000000000 R09: 0000000000000000
[  970.901364][T18469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  970.909421][T18469] R13: 0000000000000000 R14: 00007efd14bcb160 R15: 00007ffea2eedd58
[  970.917667][T18469]  </TASK>
[  970.979884][T18455] syz.5.3372 (18455) used greatest stack depth: 20096 bytes left
[  971.159895][T17783] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22.
[  971.166922][T17783] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  971.342530][T18476] loop4: detected capacity change from 0 to 64
[  971.396107][T18471] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  971.435328][T18471] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  971.916907][T18488] FAULT_INJECTION: forcing a failure.
[  971.916907][T18488] name failslab, interval 1, probability 0, space 0, times 0
[  971.930191][T18488] CPU: 0 PID: 18488 Comm: syz.4.3376 Not tainted 5.15.189-syzkaller #0
[  971.938622][T18488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  971.948948][T18488] Call Trace:
[  971.952234][T18488]  <TASK>
[  971.955163][T18488]  dump_stack_lvl+0x168/0x230
[  971.959936][T18488]  ? show_regs_print_info+0x20/0x20
[  971.965134][T18488]  ? load_image+0x3b0/0x3b0
[  971.969735][T18488]  ? __lock_acquire+0x7c60/0x7c60
[  971.974849][T18488]  should_fail+0x38c/0x4c0
[  971.979266][T18488]  should_failslab+0x5/0x20
[  971.983867][T18488]  slab_pre_alloc_hook+0x51/0xc0
[  971.988824][T18488]  ? kasprintf+0xd1/0x120
[  971.993249][T18488]  __kmalloc_track_caller+0x69/0x330
[  971.998545][T18488]  ? kasprintf+0xd1/0x120
[  972.002879][T18488]  kvasprintf+0xd4/0x180
[  972.007133][T18488]  ? bust_spinlocks+0xd0/0xd0
[  972.011811][T18488]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  972.017821][T18488]  ? lock_chain_count+0x20/0x20
[  972.022828][T18488]  kasprintf+0xd1/0x120
[  972.027027][T18488]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  972.032672][T18488]  ? lockdep_hardirqs_on+0x94/0x140
[  972.037894][T18488]  ? kvasprintf_const+0x240/0x240
[  972.043181][T18488]  keyctl_describe_key+0x21a/0x480
[  972.048467][T18488]  __se_sys_keyctl+0x48a/0x960
[  972.053350][T18488]  ? __x64_sys_keyctl+0xc0/0xc0
[  972.058223][T18488]  ? preempt_schedule_irq+0xd0/0x150
[  972.063608][T18488]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  972.069980][T18488]  ? lock_chain_count+0x20/0x20
[  972.074859][T18488]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  972.080615][T18488]  ? lockdep_hardirqs_on+0x94/0x140
[  972.086421][T18488]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  972.092106][T18488]  ? syscall_enter_from_user_mode+0x2a/0x70
[  972.098125][T18488]  ? __x64_sys_keyctl+0x1c/0xc0
[  972.103005][T18488]  do_syscall_64+0x4c/0xa0
[  972.107802][T18488]  ? clear_bhb_loop+0x30/0x80
[  972.112498][T18488]  ? clear_bhb_loop+0x30/0x80
[  972.117883][T18488]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  972.123809][T18488] RIP: 0033:0x7f77601fd9a9
[  972.128228][T18488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  972.148041][T18488] RSP: 002b:00007f775e023038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  972.156473][T18488] RAX: ffffffffffffffda RBX: 00007f7760425160 RCX: 00007f77601fd9a9
[  972.164973][T18488] RDX: 0000000000000000 RSI: 00000000192ee4d6 RDI: 0000000000000006
[  972.173122][T18488] RBP: 00007f775e023090 R08: 0000000000000000 R09: 0000000000000000
[  972.181211][T18488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  972.190212][T18488] R13: 0000000000000000 R14: 00007f7760425160 R15: 00007ffecfa2cbd8
[  972.198799][T18488]  </TASK>
[  972.274898][T18482] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  972.294396][T18482] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  973.302940][T18493] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  973.330514][T18493] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  973.589312][T18510] device geneve2 entered promiscuous mode
[  973.721056][T18502] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  973.744647][T18502] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  974.858626][T18504] loop2: detected capacity change from 0 to 32768
[  974.946808][T17337] Bluetooth: hci4: command 0x0406 tx timeout
[  974.980792][T18526] kvm [18525]: vcpu0, guest rIP: 0x1a3 ignored wrmsr: 0x11e data 0xbe70a111
[  975.043069][T18504] XFS (loop2): Mounting V5 Filesystem
[  975.311433][T18504] XFS (loop2): Ending clean mount
[  975.347921][T18545] loop1: detected capacity change from 0 to 128
[  975.383778][T18504] XFS (loop2): Quotacheck needed: Please wait.
[  975.472026][T18545] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000002,nouid32,,errors=continue. Quota mode: none.
[  975.472612][T18543] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  975.486658][T18545] ext4 filesystem being mounted at /34/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  975.527104][T18543] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  975.588915][T18504] XFS (loop2): Quotacheck: Done.
[  975.713155][T18504] XFS (loop2): User initiated shutdown received.
[  975.815971][T18504] XFS (loop2): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x6d/0x150 (fs/xfs/xfs_fsops.c:491).  Shutting down filesystem.
[  975.851964][T18504] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  975.855398][T18558] FAULT_INJECTION: forcing a failure.
[  975.855398][T18558] name failslab, interval 1, probability 0, space 0, times 0
[  975.925410][T18558] CPU: 1 PID: 18558 Comm: syz.1.3394 Not tainted 5.15.189-syzkaller #0
[  975.933775][T18558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  975.943843][T18558] Call Trace:
[  975.947150][T18558]  <TASK>
[  975.950272][T18558]  dump_stack_lvl+0x168/0x230
[  975.954967][T18558]  ? show_regs_print_info+0x20/0x20
[  975.960351][T18558]  ? load_image+0x3b0/0x3b0
[  975.965136][T18558]  ? __might_sleep+0xf0/0xf0
[  975.970011][T18558]  ? __lock_acquire+0x7c60/0x7c60
[  975.975045][T18558]  ? mark_lock+0x94/0x320
[  975.979481][T18558]  should_fail+0x38c/0x4c0
[  975.983911][T18558]  should_failslab+0x5/0x20
[  975.988424][T18558]  slab_pre_alloc_hook+0x51/0xc0
[  975.993373][T18558]  __kmalloc+0x6b/0x330
[  975.997718][T18558]  ? tomoyo_realpath_from_path+0x118/0x610
[  976.003656][T18558]  tomoyo_realpath_from_path+0x118/0x610
[  976.009399][T18558]  tomoyo_path_number_perm+0x1d5/0x5d0
[  976.015127][T18558]  ? verify_lock_unused+0x140/0x140
[  976.020440][T18558]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  976.026348][T18558]  ? ksys_write+0x1c7/0x250
[  976.031343][T18558]  security_file_ioctl+0x6c/0xa0
[  976.036697][T18558]  __se_sys_ioctl+0x48/0x170
[  976.041293][T18558]  do_syscall_64+0x4c/0xa0
[  976.046314][T18558]  ? clear_bhb_loop+0x30/0x80
[  976.051027][T18558]  ? clear_bhb_loop+0x30/0x80
[  976.055709][T18558]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  976.061686][T18558] RIP: 0033:0x7f98663e89a9
[  976.066090][T18558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  976.085871][T18558] RSP: 002b:00007f986422f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  976.094454][T18558] RAX: ffffffffffffffda RBX: 00007f9866610080 RCX: 00007f98663e89a9
[  976.103570][T18558] RDX: 0000200000000480 RSI: 00000000c1105517 RDI: 0000000000000003
[  976.111674][T18558] RBP: 00007f986422f090 R08: 0000000000000000 R09: 0000000000000000
[  976.119658][T18558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  976.127667][T18558] R13: 0000000000000001 R14: 00007f9866610080 R15: 00007ffd3add9aa8
[  976.135645][T18558]  </TASK>
[  976.156907][T15550] XFS (loop2): Unmounting Filesystem
[  976.167776][T18558] ERROR: Out of memory at tomoyo_realpath_from_path.
[  976.839371][T18583] loop4: detected capacity change from 0 to 128
[  976.916626][T18583] FAT-fs (loop4): bogus logical sector size 65535
[  976.923617][T18583] FAT-fs (loop4): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  976.933246][T18583] FAT-fs (loop4): Can't find a valid FAT filesystem
[  976.949925][T18583] /dev/sg0: Can't open blockdev
[  977.436377][T18593] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  977.453494][T18600] loop5: detected capacity change from 0 to 128
[  977.456528][T18593] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  977.508635][T18600] FAT-fs (loop5): bogus logical sector size 65535
[  977.515127][T18600] FAT-fs (loop5): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  977.524586][T18600] FAT-fs (loop5): Can't find a valid FAT filesystem
[  977.558916][T18600] /dev/sg0: Can't open blockdev
[  978.544107][T18626] loop0: detected capacity change from 0 to 512
[  978.677919][T18624] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  978.719212][T18624] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  978.908250][T18636] IPv6: NLM_F_REPLACE set, but no existing node found!
[  979.200022][T18638] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  979.234411][T18638] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  980.030277][T18620] loop2: detected capacity change from 0 to 32768
[  980.078936][T18620] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.3414 (18620)
[  980.135813][T18620] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  980.165196][T18620] BTRFS info (device loop2): turning on flush-on-commit
[  980.197664][T18620] BTRFS info (device loop2): using free space tree
[  980.226239][T18620] BTRFS info (device loop2): has skinny extents
[  980.944500][T18620] BTRFS info (device loop2): enabling ssd optimizations
[  980.981315][T18620] BTRFS info (device loop2): checking UUID tree
[  981.132307][T18699] loop4: detected capacity change from 0 to 8
[  981.205257][T18701] loop5: detected capacity change from 0 to 8
[  981.292748][T18699] Filesystem uses "unknown" compression. This is not supported
[  981.306528][T18701] Filesystem uses "unknown" compression. This is not supported
[  981.611177][T18713] loop4: detected capacity change from 0 to 512
[  982.035556][T18721] IPv6: NLM_F_REPLACE set, but no existing node found!
[  982.099847][T18721] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3433'.
[  982.469972][T18729] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3437'.
[  982.897891][T18741] device bridge2 entered promiscuous mode
[  983.122196][T18747] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  983.122794][T18743] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  983.165544][T18743] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  983.793691][T18757] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  983.803250][T18757] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  983.826002][T18756] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  983.864489][T18756] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  984.104325][ T4399] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  984.253231][T18775] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  984.275474][T18775] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  984.394352][ T4399] usb 5-1: Using ep0 maxpacket: 16
[  984.529174][ T4399] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11
[  984.562418][ T4399] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  984.614647][ T4399] usb 5-1: New USB device found, idVendor=0458, idProduct=5019, bcdDevice= 0.00
[  984.648807][ T4399] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  984.682422][ T4399] usb 5-1: config 0 descriptor??
[  985.027945][T18797] FAULT_INJECTION: forcing a failure.
[  985.027945][T18797] name failslab, interval 1, probability 0, space 0, times 0
[  985.041969][T18797] CPU: 1 PID: 18797 Comm: syz.1.3457 Not tainted 5.15.189-syzkaller #0
[  985.050676][T18797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  985.061974][T18797] Call Trace:
[  985.065268][T18797]  <TASK>
[  985.068203][T18797]  dump_stack_lvl+0x168/0x230
[  985.073613][T18797]  ? show_regs_print_info+0x20/0x20
[  985.078984][T18797]  ? load_image+0x3b0/0x3b0
[  985.083511][T18797]  ? lock_acquire+0x1f2/0x3f0
[  985.088198][T18797]  should_fail+0x38c/0x4c0
[  985.092765][T18797]  should_failslab+0x5/0x20
[  985.097600][T18797]  slab_pre_alloc_hook+0x51/0xc0
[  985.102825][T18797]  ? inet_bind_bucket_create+0x2b/0x230
[  985.108645][T18797]  kmem_cache_alloc+0x3d/0x290
[  985.114006][T18797]  inet_bind_bucket_create+0x2b/0x230
[  985.119877][T18797]  inet_csk_get_port+0xa7e/0x1140
[  985.124937][T18797]  ? lock_chain_count+0x20/0x20
[  985.129911][T18797]  ? inet_csk_update_fastreuse+0xa80/0xa80
[  985.135732][T18797]  ? inet_csk_update_fastreuse+0xa80/0xa80
[  985.141548][T18797]  ? inet_csk_update_fastreuse+0xa80/0xa80
[  985.147517][T18797]  inet_csk_listen_start+0x12a/0x320
[  985.153358][T18797]  inet_listen+0x2e1/0x590
[  985.157889][T18797]  mptcp_listen+0x16e/0x2e0
[  985.162415][T18797]  ? bpf_lsm_socket_listen+0x5/0x10
[  985.167728][T18797]  __sys_listen+0x19d/0x220
[  985.172529][T18797]  __x64_sys_listen+0x56/0x60
[  985.177334][T18797]  do_syscall_64+0x4c/0xa0
[  985.182119][T18797]  ? clear_bhb_loop+0x30/0x80
[  985.187019][T18797]  ? clear_bhb_loop+0x30/0x80
[  985.191702][T18797]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  985.197805][T18797] RIP: 0033:0x7f98663e89a9
[  985.202250][T18797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  985.222896][T18797] RSP: 002b:00007f986422f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000032
[  985.231859][T18797] RAX: ffffffffffffffda RBX: 00007f9866610080 RCX: 00007f98663e89a9
[  985.240064][T18797] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  985.248058][T18797] RBP: 00007f986422f090 R08: 0000000000000000 R09: 0000000000000000
[  985.256221][T18797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  985.264331][T18797] R13: 0000000000000000 R14: 00007f9866610080 R15: 00007ffd3add9aa8
[  985.272326][T18797]  </TASK>
[  985.296819][T18796] loop4: detected capacity change from 0 to 2048
[  985.377725][T18796] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found!
[  985.464356][T18765] UDF-fs: unknown compression code (0)
[  985.474660][T18799] UDF-fs: unknown compression code (0)
[  985.535188][T18796] UDF-fs: unknown compression code (0)
[  985.570379][T18802] loop2: detected capacity change from 0 to 512
[  985.590811][T18765] UDF-fs: unknown compression code (0)
[  985.597235][T18796] UDF-fs: unknown compression code (0)
[  985.603108][T18796] UDF-fs: unknown compression code (0)
[  985.693057][ T4399] kye 0003:0458:5019.0005: hidraw0: USB HID v0.00 Device [HID 0458:5019] on usb-dummy_hcd.4-1/input0
[  985.704322][ T4399] kye 0003:0458:5019.0005: tablet-enabling feature report not found
[  985.712320][ T4399] kye 0003:0458:5019.0005: tablet enabling failed
[  985.863712][T18808] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3458'.
[  985.865071][T18785] loop5: detected capacity change from 0 to 40427
[  985.984335][T18785] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504)
[  986.021805][T18785] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  986.050146][T18785] F2FS-fs (loop5): build fault injection attr: rate: 17008, type: 0x1ffff
[  986.085351][T18785] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x6
[  986.110863][T18785] F2FS-fs (loop5): Unrecognized mount option "measure" or missing value
[  986.139642][T18812] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  986.168969][T18812] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  986.369896][ T4174] usb 5-1: USB disconnect, device number 12
[  986.729979][T18835] FAULT_INJECTION: forcing a failure.
[  986.729979][T18835] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  986.794417][T18833] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  986.814404][T18835] CPU: 1 PID: 18835 Comm: syz.1.3466 Not tainted 5.15.189-syzkaller #0
[  986.822802][T18835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  986.826431][T18833] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  986.832896][T18835] Call Trace:
[  986.832913][T18835]  <TASK>
[  986.832921][T18835]  dump_stack_lvl+0x168/0x230
[  986.832946][T18835]  ? show_regs_print_info+0x20/0x20
[  986.832962][T18835]  ? load_image+0x3b0/0x3b0
[  986.864820][T18835]  ? __lock_acquire+0x7c60/0x7c60
[  986.870083][T18835]  should_fail+0x38c/0x4c0
[  986.874610][T18835]  _copy_from_user+0x2e/0x170
[  986.879720][T18835]  __copy_msghdr_from_user+0xaf/0x5e0
[  986.885191][T18835]  ? verify_lock_unused+0x140/0x140
[  986.890682][T18835]  ? __ia32_sys_shutdown+0x1d0/0x1d0
[  986.896132][T18835]  ___sys_sendmsg+0x156/0x260
[  986.901005][T18835]  ? __sys_sendmsg+0x250/0x250
[  986.905856][T18835]  ? vfs_write+0x84d/0xd00
[  986.910660][T18835]  ? __fdget+0x18b/0x210
[  986.915117][T18835]  __se_sys_sendmsg+0x190/0x250
[  986.920072][T18835]  ? __x64_sys_sendmsg+0x80/0x80
[  986.925059][T18835]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  986.931077][T18835]  ? lockdep_hardirqs_on+0x94/0x140
[  986.936295][T18835]  do_syscall_64+0x4c/0xa0
[  986.940760][T18835]  ? clear_bhb_loop+0x30/0x80
[  986.945702][T18835]  ? clear_bhb_loop+0x30/0x80
[  986.950505][T18835]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  986.956629][T18835] RIP: 0033:0x7f98663e89a9
[  986.961059][T18835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  986.980682][T18835] RSP: 002b:00007f9864250038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  986.989142][T18835] RAX: ffffffffffffffda RBX: 00007f986660ffa0 RCX: 00007f98663e89a9
[  986.997379][T18835] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  987.005367][T18835] RBP: 00007f9864250090 R08: 0000000000000000 R09: 0000000000000000
[  987.013913][T18835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  987.022180][T18835] R13: 0000000000000000 R14: 00007f986660ffa0 R15: 00007ffd3add9aa8
[  987.030359][T18835]  </TASK>
[  987.144360][ T4241] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  987.424596][ T4241] usb 2-1: no configurations
[  987.429417][ T4241] usb 2-1: can't read configurations, error -22
[  987.588073][ T4241] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  987.775813][T18846] loop5: detected capacity change from 0 to 32768
[  987.873774][T18846] (syz.5.3469,18846,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  987.888544][ T4241] usb 2-1: no configurations
[  987.893175][ T4241] usb 2-1: can't read configurations, error -22
[  987.907217][ T4241] usb usb2-port1: attempt power cycle
[  987.946105][T18846] (syz.5.3469,18846,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  988.082418][T18846] JBD2: Ignoring recovery information on journal
[  988.206125][T18846] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  988.330530][ T4241] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  988.371170][T18846] 
[  988.373579][T18846] ======================================================
[  988.380671][T18846] WARNING: possible circular locking dependency detected
[  988.387699][T18846] 5.15.189-syzkaller #0 Not tainted
[  988.393010][T18846] ------------------------------------------------------
[  988.400046][T18846] syz.5.3469/18846 is trying to acquire lock:
[  988.406226][T18846] ffff88806147df48 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}, at: ocfs2_lock_global_qf+0x1c7/0x270
[  988.418890][T18846] 
[  988.418890][T18846] but task is already holding lock:
[  988.426261][T18846] ffff88807498c0a8 (&dquot->dq_lock){+.+.}-{3:3}, at: ocfs2_acquire_dquot+0x290/0xaf0
[  988.435947][T18846] 
[  988.435947][T18846] which lock already depends on the new lock.
[  988.435947][T18846] 
[  988.446369][T18846] 
[  988.446369][T18846] the existing dependency chain (in reverse order) is:
[  988.455385][T18846] 
[  988.455385][T18846] -> #6 (&dquot->dq_lock){+.+.}-{3:3}:
[  988.463037][T18846]        __mutex_lock_common+0x1eb/0x2390
[  988.469228][T18846]        mutex_lock_nested+0x17/0x20
[  988.474511][T18846]        dquot_commit+0x5a/0x410
[  988.479437][T18846]        ext4_write_dquot+0x1f0/0x360
[  988.484819][T18846]        mark_all_dquot_dirty+0xf9/0x400
[  988.490434][T18846]        __dquot_alloc_space+0x5d0/0xe20
[  988.496044][T18846]        ext4_mb_new_blocks+0xf68/0x4940
[  988.501667][T18846]        ext4_ext_map_blocks+0x146f/0x64e0
[  988.507667][T18846]        ext4_map_blocks+0x981/0x1b30
[  988.513277][T18846]        ext4_iomap_begin+0x807/0xb80
[  988.518874][T18846]        iomap_iter+0x620/0xdb0
[  988.523722][T18846]        __iomap_dio_rw+0x1014/0x1a70
[  988.529116][T18846]        iomap_dio_rw+0x38/0x90
[  988.534165][T18846]        ext4_file_write_iter+0x132b/0x17b0
[  988.540044][T18846]        do_iter_readv_writev+0x497/0x600
[  988.545747][T18846]        do_iter_write+0x205/0x7b0
[  988.551358][T18846]        iter_file_splice_write+0x65f/0xc40
[  988.557751][T18846]        direct_splice_actor+0xe1/0x130
[  988.563281][T18846]        splice_direct_to_actor+0x4dc/0xb50
[  988.569166][T18846]        do_splice_direct+0x1b9/0x2c0
[  988.574608][T18846]        do_sendfile+0x5d5/0xec0
[  988.579529][T18846]        __se_sys_sendfile64+0x13b/0x190
[  988.585247][T18846]        do_syscall_64+0x4c/0xa0
[  988.590190][T18846]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  988.596592][T18846] 
[  988.596592][T18846] -> #5 (&ei->i_data_sem){++++}-{3:3}:
[  988.604241][T18846]        down_write+0x38/0x60
[  988.608908][T18846]        ext4_truncate+0x96d/0x10d0
[  988.614110][T18846]        ext4_setattr+0xffe/0x19e0
[  988.619201][T18846]        notify_change+0xbcd/0xee0
[  988.624293][T18846]        do_truncate+0x197/0x220
[  988.629299][T18846]        do_sys_ftruncate+0x31b/0x3d0
[  988.634735][T18846]        do_syscall_64+0x4c/0xa0
[  988.639742][T18846]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  988.646157][T18846] 
[  988.646157][T18846] -> #4 (jbd2_handle){++++}-{0:0}:
[  988.653426][T18846]        start_this_handle+0x1338/0x15a0
[  988.659045][T18846]        jbd2__journal_start+0x2b7/0x5a0
[  988.664653][T18846]        jbd2_journal_start+0x26/0x30
[  988.669999][T18846]        ocfs2_start_trans+0x374/0x6c0
[  988.675450][T18846]        ocfs2_modify_bh+0xe5/0x470
[  988.680643][T18846]        ocfs2_local_read_info+0x13b1/0x16e0
[  988.686595][T18846]        dquot_load_quota_sb+0x756/0xac0
[  988.692206][T18846]        dquot_load_quota_inode+0x2d8/0x5d0
[  988.698106][T18846]        ocfs2_enable_quotas+0x1c3/0x440
[  988.703719][T18846]        ocfs2_fill_super+0x3a1f/0x4d80
[  988.709254][T18846]        mount_bdev+0x287/0x3c0
[  988.714103][T18846]        legacy_get_tree+0xe6/0x180
[  988.719351][T18846]        vfs_get_tree+0x88/0x270
[  988.724273][T18846]        do_new_mount+0x24a/0xa40
[  988.729371][T18846]        __se_sys_mount+0x2d6/0x3c0
[  988.734642][T18846]        do_syscall_64+0x4c/0xa0
[  988.739560][T18846]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  988.745955][T18846] 
[  988.745955][T18846] -> #3 (&journal->j_trans_barrier){.+.+}-{3:3}:
[  988.754530][T18846]        down_read+0x44/0x2e0
[  988.759457][T18846]        ocfs2_start_trans+0x368/0x6c0
[  988.764894][T18846]        ocfs2_modify_bh+0xe5/0x470
[  988.770078][T18846]        ocfs2_local_read_info+0x13b1/0x16e0
[  988.776038][T18846]        dquot_load_quota_sb+0x756/0xac0
[  988.781737][T18846]        dquot_load_quota_inode+0x2d8/0x5d0
[  988.787614][T18846]        ocfs2_enable_quotas+0x1c3/0x440
[  988.793228][T18846]        ocfs2_fill_super+0x3a1f/0x4d80
[  988.798840][T18846]        mount_bdev+0x287/0x3c0
[  988.803671][T18846]        legacy_get_tree+0xe6/0x180
[  988.808849][T18846]        vfs_get_tree+0x88/0x270
[  988.813762][T18846]        do_new_mount+0x24a/0xa40
[  988.819136][T18846]        __se_sys_mount+0x2d6/0x3c0
[  988.824323][T18846]        do_syscall_64+0x4c/0xa0
[  988.829247][T18846]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  988.835938][T18846] 
[  988.835938][T18846] -> #2 (sb_internal#5){.+.+}-{0:0}:
[  988.843390][T18846]        ocfs2_start_trans+0x269/0x6c0
[  988.848827][T18846]        ocfs2_write_info+0x117/0x350
[  988.854261][T18846]        dquot_set_dqinfo+0x459/0x6c0
[  988.859626][T18846]        quota_setinfo+0x2a4/0x2b0
[  988.864716][T18846]        __se_sys_quotactl+0x295/0x6c0
[  988.870248][T18846]        do_syscall_64+0x4c/0xa0
[  988.875166][T18846]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  988.881560][T18846] 
[  988.881560][T18846] -> #1 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}:
[  988.890391][T18846]        down_write+0x38/0x60
[  988.895043][T18846]        ocfs2_lock_global_qf+0x1e5/0x270
[  988.900739][T18846]        ocfs2_write_info+0xd0/0x350
[  988.906005][T18846]        dquot_set_dqinfo+0x459/0x6c0
[  988.911355][T18846]        quota_setinfo+0x2a4/0x2b0
[  988.916529][T18846]        __se_sys_quotactl+0x295/0x6c0
[  988.922024][T18846]        do_syscall_64+0x4c/0xa0
[  988.926956][T18846]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  988.933347][T18846] 
[  988.933347][T18846] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}:
[  988.943917][T18846]        __lock_acquire+0x2c33/0x7c60
[  988.949265][T18846]        lock_acquire+0x197/0x3f0
[  988.954263][T18846]        down_write+0x38/0x60
[  988.958912][T18846]        ocfs2_lock_global_qf+0x1c7/0x270
[  988.964604][T18846]        ocfs2_acquire_dquot+0x29d/0xaf0
[  988.970216][T18846]        dqget+0x778/0xeb0
[  988.974606][T18846]        __dquot_initialize+0x3b6/0xcb0
[  988.980134][T18846]        ocfs2_get_init_inode+0x138/0x1b0
[  988.985840][T18846]        ocfs2_mknod+0x8aa/0x22b0
[  988.990862][T18846]        ocfs2_mkdir+0x192/0x410
[  988.996018][T18846]        vfs_mkdir+0x387/0x570
[  989.000792][T18846]        do_mkdirat+0x1d7/0x5a0
[  989.005648][T18846]        __x64_sys_mkdirat+0x85/0x90
[  989.011003][T18846]        do_syscall_64+0x4c/0xa0
[  989.015930][T18846]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  989.022332][T18846] 
[  989.022332][T18846] other info that might help us debug this:
[  989.022332][T18846] 
[  989.032824][T18846] Chain exists of:
[  989.032824][T18846]   &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2 --> &ei->i_data_sem --> &dquot->dq_lock
[  989.032824][T18846] 
[  989.049293][T18846]  Possible unsafe locking scenario:
[  989.049293][T18846] 
[  989.056734][T18846]        CPU0                    CPU1
[  989.062081][T18846]        ----                    ----
[  989.067421][T18846]   lock(&dquot->dq_lock);
[  989.071909][T18846]                                lock(&ei->i_data_sem);
[  989.079085][T18846]                                lock(&dquot->dq_lock);
[  989.086434][T18846]   lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2);
[  989.093797][T18846] 
[  989.093797][T18846]  *** DEADLOCK ***
[  989.093797][T18846] 
[  989.101921][T18846] 4 locks held by syz.5.3469/18846:
[  989.107093][T18846]  #0: ffff888077a86460 (sb_writers#31){.+.+}-{0:0}, at: mnt_want_write+0x3d/0x90
[  989.116389][T18846]  #1: ffff8880614789c8 (&type->i_mutex_dir_key#19/1){+.+.}-{3:3}, at: filename_create+0x1f2/0x450
[  989.127075][T18846]  #2: ffff888074bb2648 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x161/0x4350
[  989.140710][T18846]  #3: ffff88807498c0a8 (&dquot->dq_lock){+.+.}-{3:3}, at: ocfs2_acquire_dquot+0x290/0xaf0
[  989.150691][T18846] 
[  989.150691][T18846] stack backtrace:
[  989.156569][T18846] CPU: 1 PID: 18846 Comm: syz.5.3469 Not tainted 5.15.189-syzkaller #0
[  989.164811][T18846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  989.174855][T18846] Call Trace:
[  989.178291][T18846]  <TASK>
[  989.181205][T18846]  dump_stack_lvl+0x168/0x230
[  989.185952][T18846]  ? load_image+0x3b0/0x3b0
[  989.190440][T18846]  ? show_regs_print_info+0x20/0x20
[  989.195717][T18846]  ? print_circular_bug+0x12b/0x1a0
[  989.201246][T18846]  check_noncircular+0x274/0x310
[  989.206163][T18846]  ? add_chain_block+0x940/0x940
[  989.211166][T18846]  ? lockdep_lock+0xdc/0x1e0
[  989.215740][T18846]  ? mark_lock+0x94/0x320
[  989.220137][T18846]  __lock_acquire+0x2c33/0x7c60
[  989.224982][T18846]  ? __schedule+0x11c0/0x43b0
[  989.229646][T18846]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  989.235893][T18846]  ? verify_lock_unused+0x140/0x140
[  989.241083][T18846]  ? lockdep_hardirqs_on+0x94/0x140
[  989.246262][T18846]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  989.252482][T18846]  ? release_firmware_map_entry+0x190/0x190
[  989.258442][T18846]  lock_acquire+0x197/0x3f0
[  989.262928][T18846]  ? ocfs2_lock_global_qf+0x1c7/0x270
[  989.268283][T18846]  ? preempt_schedule+0xa7/0xb0
[  989.273118][T18846]  ? __might_sleep+0xf0/0xf0
[  989.277695][T18846]  ? read_lock_is_recursive+0x10/0x10
[  989.283060][T18846]  ? do_raw_spin_lock+0x11d/0x280
[  989.288081][T18846]  ? __rwlock_init+0x140/0x140
[  989.292837][T18846]  ? preempt_schedule_thunk+0x16/0x18
[  989.298209][T18846]  down_write+0x38/0x60
[  989.302362][T18846]  ? ocfs2_lock_global_qf+0x1c7/0x270
[  989.307729][T18846]  ocfs2_lock_global_qf+0x1c7/0x270
[  989.312921][T18846]  ? dqget+0x6f8/0xeb0
[  989.316992][T18846]  ? lock_buffer+0x80/0x80
[  989.321391][T18846]  ocfs2_acquire_dquot+0x29d/0xaf0
[  989.326485][T18846]  ? slab_post_alloc_hook+0x68/0x380
[  989.331748][T18846]  ? ocfs2_destroy_dquot+0x40/0x40
[  989.336835][T18846]  ? percpu_counter_add_batch+0x13b/0x160
[  989.342534][T18846]  dqget+0x778/0xeb0
[  989.346410][T18846]  __dquot_initialize+0x3b6/0xcb0
[  989.351432][T18846]  ? dquot_initialize+0x20/0x20
[  989.356359][T18846]  ? do_raw_spin_unlock+0x11d/0x230
[  989.362072][T18846]  ocfs2_get_init_inode+0x138/0x1b0
[  989.367250][T18846]  ? ocfs2_create_inode_in_orphan+0x1080/0x1080
[  989.373470][T18846]  ? __lock_acquire+0x13ad/0x7c60
[  989.378486][T18846]  ocfs2_mknod+0x8aa/0x22b0
[  989.383058][T18846]  ? ocfs2_mkdir+0x410/0x410
[  989.387636][T18846]  ? ocfs2_inode_lock_tracker+0x3e8/0x660
[  989.393420][T18846]  ? __lock_acquire+0x7c60/0x7c60
[  989.398424][T18846]  ? do_raw_spin_lock+0x11d/0x280
[  989.403432][T18846]  ? ocfs2_inode_unlock_tracker+0x26c/0x2e0
[  989.409388][T18846]  ? __lock_acquire+0x7c60/0x7c60
[  989.414393][T18846]  ? __rwlock_init+0x140/0x140
[  989.419230][T18846]  ? ocfs2_lookup+0x491/0x930
[  989.423991][T18846]  ? do_raw_spin_unlock+0x11d/0x230
[  989.429166][T18846]  ? _raw_spin_unlock+0x24/0x40
[  989.434083][T18846]  ? put_pid+0xda/0x120
[  989.438218][T18846]  ocfs2_mkdir+0x192/0x410
[  989.442611][T18846]  ? make_kgid+0x640/0x640
[  989.447008][T18846]  ? ocfs2_symlink+0x25d0/0x25d0
[  989.451925][T18846]  ? HAS_UNMAPPED_ID+0x1d3/0x230
[  989.456843][T18846]  ? ocfs2_getattr+0x350/0x350
[  989.461595][T18846]  ? inode_permission+0xef/0x480
[  989.466602][T18846]  ? bpf_lsm_inode_mkdir+0x5/0x10
[  989.471606][T18846]  ? security_inode_mkdir+0xb3/0x100
[  989.476876][T18846]  vfs_mkdir+0x387/0x570
[  989.481101][T18846]  do_mkdirat+0x1d7/0x5a0
[  989.485407][T18846]  ? vfs_mkdir+0x570/0x570
[  989.489894][T18846]  ? getname_flags+0x1fe/0x500
[  989.494635][T18846]  __x64_sys_mkdirat+0x85/0x90
[  989.499374][T18846]  do_syscall_64+0x4c/0xa0
[  989.503785][T18846]  ? clear_bhb_loop+0x30/0x80
[  989.508438][T18846]  ? clear_bhb_loop+0x30/0x80
[  989.513091][T18846]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  989.518968][T18846] RIP: 0033:0x7fbc8765b9a9
[  989.523365][T18846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  989.543125][T18846] RSP: 002b:00007fbc854c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  989.551529][T18846] RAX: ffffffffffffffda RBX: 00007fbc87882fa0 RCX: 00007fbc8765b9a9
[  989.559489][T18846] RDX: 0000000000000000 RSI: 0000200000002040 RDI: ffffffffffffff9c
[  989.567476][T18846] RBP: 00007fbc876ddd69 R08: 0000000000000000 R09: 0000000000000000
[  989.575442][T18846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  989.583499][T18846] R13: 0000000000000000 R14: 00007fbc87882fa0 R15: 00007fffb9c9e0c8
[  989.591557][T18846]  </TASK>
[  989.599044][ T4241] usb 2-1: no configurations
[  989.603665][ T4241] usb 2-1: can't read configurations, error -22
[  989.720970][T16522] ocfs2: Unmounting device (7,5) on (node local)