last executing test programs:

1m53.344880039s ago: executing program 1 (id=172):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000002000000000000000085000000170000009500000000000000"], &(0x7f00000005c0)='GPL\x00'}, 0x80)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r2, r1, 0x25, 0x0, @val=@netkit={@void, @value=r2}}, 0x1c)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
syz_emit_ethernet(0xfdef, &(0x7f0000000000)=ANY=[], 0x0)

1m52.805619553s ago: executing program 1 (id=176):
r0 = socket(0x2c, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="110000000400000004000000ff"], 0x17)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r1, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r0, 0x1}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r1, &(0x7f0000000200), &(0x7f0000001500)=@tcp=r0}, 0x20)
close(r0)

1m52.785051524s ago: executing program 3 (id=177):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = epoll_create1(0x80000)
r2 = fcntl$dupfd(r0, 0x406, r1)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000001c0)={0x10000014})
epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0)

1m52.661059305s ago: executing program 1 (id=178):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = creat(&(0x7f00000000c0)='./file1\x00', 0x2e)
close(r1)
r2 = socket$unix(0x1, 0x2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x200000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

1m52.628487267s ago: executing program 3 (id=179):
open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x36)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
write$P9_RLERRORu(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007ffff", @ANYRES16=r2, @ANYRESDEC], 0x52)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

1m52.455818801s ago: executing program 1 (id=180):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000100), 0x1, 0x599, &(0x7f0000000540)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=")
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r0 = syz_io_uring_setup(0x49b, &(0x7f0000000000)={0x0, 0xf62c, 0x1, 0x3, 0x37d}, &(0x7f0000001e40)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)

1m52.369381448s ago: executing program 3 (id=181):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @multicast1}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

1m52.032848105s ago: executing program 3 (id=183):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x10, &(0x7f00000004c0)={[{@i_version}, {@nodiscard}, {@min_batch_time={'min_batch_time', 0x3d, 0x3ff}}]}, 0x1, 0x3f7, &(0x7f0000003080)="$eJzs3c1uG0UcAPD/bj6bliaVOPBxiQCJSIikSVugEkhEXDjQEz1wJIrdEtVpUGIkWkV8CMQNJBAPAAfgETjCgXeAM3CAShHKgZSb0dq7jhvbaZPadZX8ftLIMztrz6zHs15PZicBHFvTEfFqRAxFxNmImMy3p3mIjxoh229ne3P5v+3N5SRqtTf/SSLJtxWvleSPJ/MXmEkj0k+TeLJDuRs3bl5bqlTK63l6rrr67tzGjZvPr6wuXS1fLV9feOHc+QsXXrq48GLPjnVrNfn8me/f+PPLz0pf/fr3T1NZfU/lea3H0SvTMd18T/a62OvCBmy8JZ4MD7AiAADsK82v/Yfr1/+TMRS7F2+T8cUvA60cAAAA0BO1WvEIAAAAHF2J3/4AAABwxBXzAHa2N5eLMMDpCDxgW4sRMdVo/9t5aOQMN+/pHYkYGe9T+dMR8fr4pYUsRJ/uwwYAAAA4zn5ebCz81z7+l8ZjLfudiIiJYm2/Hprek24f/0lv9bhIWmwtRrwcEbfbxv/SYpepoTz1SH2ocCS5slIpn42I0xExEyNjWXp+nzI+eOraD93yWsf/vvnjrfms/Oxxd4/01vDYnc8pLVWX7ueY2bX1ccQTw53aP2mO/7auk3kYb6/svNItL2v/rL2L0N7+9FPt24hnO/b/3ZVLk/3XZ52rnw/m8rPCWHsZv5/67pNu5bf2/yxk5Rd/C6D/sv4/sX/719fJba7Xu3HwMn7899Jv3fLu3v6dz/+jyeV6BUfzbe8vVavr8xGjSWPLHdt9mpqK96N4v7L2n3m68/d/cf2X5N/9p1vWhz6I1z48c7lbnv4/WFn7lw7U/w8eeWfi8Zlu5d9b/z9fr0zxIq7/7u5eG2jQ9QQAAAAAAACgN9L63L4knW3G03R2tjHP99GYSCtrG9Xnrqy9d73UmAM4FSNpMf9zsmU+6HzjNvJmemFP+lxEnImIrydP1NOzy2uV0qAPHgAAAI6Jk11+/2f+OszNHgAAAMDDaWrQFQAAAAD6zu9/AAAAONLuZ13/Snm9+BdBh3y6iMjhIkP5B+9hqc/RiwzwpAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/B8AAP//91C79Q==")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
getdents(r1, &(0x7f0000000400)=""/132, 0x84)

1m51.803540184s ago: executing program 1 (id=185):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000040)={0x1, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x6000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)

1m51.581432492s ago: executing program 3 (id=187):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddb357f7adf97affffffff7d1800"})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000340)=[@text32={0x20, 0x0}], 0x1, 0x12, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000008804"])

1m50.943240644s ago: executing program 3 (id=191):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000940)}], 0x1)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000480)=ANY=[@ANYRES32=r2], 0x103)

1m50.671447416s ago: executing program 32 (id=191):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000940)}], 0x1)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000480)=ANY=[@ANYRES32=r2], 0x103)

1m50.339843253s ago: executing program 1 (id=194):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/profiling', 0x40001, 0x4)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
unshare(0x4000400)
splice(r0, 0x0, r2, 0x0, 0xbfd1, 0x0)

1m49.920604087s ago: executing program 33 (id=194):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/profiling', 0x40001, 0x4)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
unshare(0x4000400)
splice(r0, 0x0, r2, 0x0, 0xbfd1, 0x0)

1m32.300911867s ago: executing program 5 (id=288):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000140)=@RTM_DELMDB={0x58, 0x54, 0x93d, 0x0, 0x0, {0x7, r3}, [@MDBA_SET_ENTRY={0x20, 0x2, {0x0, 0x0, 0x0, 0x0, {@in6_addr=@empty}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r3, 0x0, 0x3, 0x0, {@ip4=@broadcast, 0x86dd}}}]}, 0x58}}, 0x0)

1m32.227277803s ago: executing program 5 (id=290):
r0 = syz_io_uring_setup(0xcf, &(0x7f0000000480)={0x0, 0x0, 0x80, 0x0, 0x34d}, &(0x7f00000012c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x12b, 0x0, 0x0, 0x4}]}, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x12})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

1m32.02202079s ago: executing program 5 (id=294):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r0}, 0x10)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f00000000c0)={0x48, 0x5, r2, 0x0, <r3=>0xffffffffffffffff})
ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r1, 0x3ba0, &(0x7f0000000300)={0x48, 0x8, r3, 0x0, 0x1, 0x3e7cf1, 0xff1f, 0x0, 0x10000})

1m31.922751298s ago: executing program 5 (id=295):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4")
chdir(&(0x7f0000000240)='./file0\x00')
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200, 0x400000]})

1m31.439852067s ago: executing program 5 (id=298):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0xe22, 0x0, @loopback={0xff00000000000000}}, 0x1c)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x3, @remote, 0x6}, 0x1c)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0xe22, 0x0, @loopback={0xff00000000000002}}, 0x1c)
syz_emit_ethernet(0x3e, &(0x7f0000000180)={@link_local, @remote, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x8, 0x11, 0x0, @rand_addr=' \x01\x00', @mcast2, {[], {0x4e1f, 0xe22, 0x8}}}}}}, 0x0)

1m30.977656065s ago: executing program 5 (id=302):
getresgid(&(0x7f0000000c40), &(0x7f0000000140), &(0x7f0000000240)=<r0=>0x0)
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000200)='./file0\x00', 0x10814, &(0x7f0000000700)=ANY=[@ANYBLOB='umask=00000000000000000000000,flush,nodots,dots,gid=', @ANYRESHEX=r0, @ANYBLOB="00006b746769643d0092", @ANYRES8, @ANYBLOB="1500bba7d41fabba4332de3ca642acf6f8de847e3f21783608008708a887d30aaf0a14b0691d48445fe3b4d1ddde1b81337b2c3b5f88535d7f6fa931b84783704494cebe49ca9f6269b05edde0246c360d0566b4056f0f02ccab035d3d0a5cde0b31bd424949fe23c0a0a25691738006c5c6acdf101fecdb4f79abdfb95c6afaea03dd5903b5240565f31504c207a9a2aa6c8108fb973081e90412a3c6cfa3b2513693727fad9acd8108acb8b90fab033c9dac0dc3e5a61c513e7b5edc5d76320f0e54045ea2b7b8fb1f78d3d346e26ee5ed6926cea1ffe0a1"], 0x1, 0x1fa, &(0x7f0000000500)="$eJzs2zFrE2EYB/Dn2rRe7GAHJ1E4cHEK6icwSAUxIEQy6GSgurQipEsUxH4eZz+EX8alg2SLXO5om2sLjWdyEn8/ON6H/O/guSF53uHN27sfDvY/Hr3f+nISaZLFRsSTmETs5lUpKdd0Vm/HnCTq+FXraQDgj/T7w27TPbBco1F3eDsidi4kg2+NNAQAAAAAAAAAAEBti5z/34j4Wj3/f7zifgGA+pz/X1/tch2NusN7xf6twvl/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDmT6fTWNL/Sci2vGxGRRkQ7Im5GRCsi8s+b7hcAqG8ynZ/7V83/iEgiwvwHgDXw6vWbF91eb6+fZWnEz+PxYDwo1iJ/9ry39zCb2T176mQ8Hmye5o+KPJvPt2b7hjx/fGm+HQ/uF3mePX3Zq+Q7sb/81weA/1InO3Vuvm+WV0Snc1mez+eiOrc/qMzvVtxprew1AIAFHH36fDA8PHw3+utFsthT7bKhq+/53lpWq4prFT+Sf6INRd0ivc7NDf8wAUt39qWvJmkzDQEAAAAAAAAAAAAAABes4i9HTb8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADr53cAAAD//8h6UUs=")
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000080)=""/234, 0xea)

1m30.658315141s ago: executing program 34 (id=302):
getresgid(&(0x7f0000000c40), &(0x7f0000000140), &(0x7f0000000240)=<r0=>0x0)
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000200)='./file0\x00', 0x10814, &(0x7f0000000700)=ANY=[@ANYBLOB='umask=00000000000000000000000,flush,nodots,dots,gid=', @ANYRESHEX=r0, @ANYBLOB="00006b746769643d0092", @ANYRES8, @ANYBLOB="1500bba7d41fabba4332de3ca642acf6f8de847e3f21783608008708a887d30aaf0a14b0691d48445fe3b4d1ddde1b81337b2c3b5f88535d7f6fa931b84783704494cebe49ca9f6269b05edde0246c360d0566b4056f0f02ccab035d3d0a5cde0b31bd424949fe23c0a0a25691738006c5c6acdf101fecdb4f79abdfb95c6afaea03dd5903b5240565f31504c207a9a2aa6c8108fb973081e90412a3c6cfa3b2513693727fad9acd8108acb8b90fab033c9dac0dc3e5a61c513e7b5edc5d76320f0e54045ea2b7b8fb1f78d3d346e26ee5ed6926cea1ffe0a1"], 0x1, 0x1fa, &(0x7f0000000500)="$eJzs2zFrE2EYB/Dn2rRe7GAHJ1E4cHEK6icwSAUxIEQy6GSgurQipEsUxH4eZz+EX8alg2SLXO5om2sLjWdyEn8/ON6H/O/guSF53uHN27sfDvY/Hr3f+nISaZLFRsSTmETs5lUpKdd0Vm/HnCTq+FXraQDgj/T7w27TPbBco1F3eDsidi4kg2+NNAQAAAAAAAAAAEBti5z/34j4Wj3/f7zifgGA+pz/X1/tch2NusN7xf6twvl/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDmT6fTWNL/Sci2vGxGRRkQ7Im5GRCsi8s+b7hcAqG8ynZ/7V83/iEgiwvwHgDXw6vWbF91eb6+fZWnEz+PxYDwo1iJ/9ry39zCb2T176mQ8Hmye5o+KPJvPt2b7hjx/fGm+HQ/uF3mePX3Zq+Q7sb/81weA/1InO3Vuvm+WV0Snc1mez+eiOrc/qMzvVtxprew1AIAFHH36fDA8PHw3+utFsthT7bKhq+/53lpWq4prFT+Sf6INRd0ivc7NDf8wAUt39qWvJmkzDQEAAAAAAAAAAAAAABes4i9HTb8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADr53cAAAD//8h6UUs=")
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000080)=""/234, 0xea)

1m30.143805282s ago: executing program 0 (id=309):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x177ffb498171ed1, 0x0)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x10, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2, 0x0, 0x0, 0xf5000000}, 0x0)

1m30.04894172s ago: executing program 0 (id=311):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x2c)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x1b, &(0x7f0000001800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000000008500000017000000180100002020690000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={r1, r3, 0x25, 0x0, @val=@perf_event}, 0x18)
syz_emit_ethernet(0xfdef, &(0x7f0000000100)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@response={0x2, 0x0, 0x0, "82d18160f7d8dda36479a6b179161b4bbff2d0508977b3928ebd2dee05607d17", "0194bd7b1b0303c5ba7f602606a285b3", {"30da2d58da817f8a5f77a23de36a2164", "3b33cfa231a427159c7b9f0eceb155f0"}}}}}}}, 0x0)

1m29.886084113s ago: executing program 0 (id=313):
syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="71756965742c636f6465706167653d69736f383835392d31352c706172743d3078303030303030300000000000000000662c00a20000000700000000ede9debf530c3cc4d04b548919aca0c2937d4da1fc31dc42fc2e3e", @ANYBLOB="23341129bfb4fcc388a80c49b4f4d96254cb9356759776b03b581050240d2d9a5cf3440e76c886f1e5c860656a3648101223fc288fc5274f0e609cfed0fc738d84eb544791dd1cb959421db9fbcb634df876aa2133fd62e245fb6b1ead07ca04772d78564af8f42015e5be557ab3bd60824768691005cbd3d295402693d934226595deeba1ff748b7dde9c617749aa38096ef667700a6b3668cb7296b024fbcf9f74e50bf0f834159f51737baac184f94dd13a9793b76946208f290637d8def94e5f56f1181da3eed500440f", @ANYRES8, @ANYRES16, @ANYRES16], 0x11, 0x2d2, &(0x7f0000000bc0)="$eJzs3U1rE1scx/HfmaRteht6pw+XC3fZa0E3UutG3KRIXoS4ELWJUAwVbQV1YxVXIrp371vwLQhuFN+Arlz5AiIII+fMZJJJJzMxNDMNfj9gmMycM+d/Mg/n/AfsCMAf60rzy9uL3+w/I1VUkV5cljxJNakq6R/9W3uwf7h32Gm3MvbTDRxbyyisaY4V2t1vp9WtKaoR8e23quqD6zAdQRDsfJV0UHYgKJW7+lN40kJ0dbrttcIjy/Z0wnpHJxzHrDFddfVQy2XHAQAoVzT+e9E4X4/m754nbUbD/qkc/yfVLTuAqQsytw6M/y7LCow9vn+7Tf18z6VwdrvXyxLHaXlu6Pu8wjMrMcE0eVmli8VbvL3XaZ/fvdtpeXqmRmSg2Lr7bIWnbk9OtBspuWmGMfpu0meUS64Pc7YP2yPiX5uwxYmZD+aTuW58vVErnv9VA2MPkztS/tCRCuPfGr1H10vfllJ022g0Gl6iyIpr5L+ohUhOL2vpGYl6Z9SKkg8I/Lw4Xa3VoVph7y7k1FoLa+0sJmpt976NqLWeaMv2Jj6bR7c3beaVuWo29F3v1ByY/3s2vk1lXpn9q8ZshkOB+8XD/synN1d1+/SPjRxHulZProl/xYVRof/IvqdhyJOMbS91S5e0fPDo8Z1Kp9O+bxdupizcq8dr5p5LqWVKWPDUX6Oj/qYFhQ8ij9XqDUpFhnruRHdo7x+5he1VVkgHT82ZUMZC82OxJ1IZCwXdo1Cq/kHPLfq+kIBQNDfvCvO/gXxly0327IefMU/PnZBFewzsHDvOgGqJ+qtu6a/fyuCWRmdw4+Zc/5+VzsSrfgY5LfpRnLMhyJr6Waapz7rB838AAAAAAAAAAAAAAAAAAIBZU8R/Jyi7jwAAAAAAAAAAAAAAAAAAAAAAzLr4/b/qvf9X473/d/gvf1fCN7ycyPt/X++L9/8C0/crAAD//zZmik0=")
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x66960000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000340), 0xa8b40, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x8, 0x0)

1m29.567086689s ago: executing program 0 (id=316):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000004c0)={[{@resuid}, {@init_itable}, {@minixdf}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
chdir(&(0x7f00000001c0)='./file0\x00')
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
mkdir(&(0x7f00000003c0)='./file1\x00', 0x0)

1m29.175628341s ago: executing program 0 (id=320):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="002222000000962313060f0093d12f3eb82a000827020000008304"], 0x0}, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f0000000340)=ANY=[], 0x2, 0x634, &(0x7f0000000480)="$eJzs3c1rXNfdB/DvHcmyxgZHeWI7fkogIoa0VNTWC0qrbuqWUlQIJaSLroUtY+Gxk0pKUUJp1De67SJ/QLrQrqtCN4WCIV23u2y1DBS6yUpdTbl37oxGtjwdxZJGTj8fc+ecM+fec3/nN/dlZoyYAP+zlmcy/ihFlmfe3CrbuzsLrd2dhQfdepLzSRrJeKdI8TApPklupbPk/8sn6+GKp+3no7Wltz/9fPezTmu8Xqr1G4O2G852vWQ6yVhdHtd4t595vKI3wzJh17uJg1E7l6R9wE+v7vcMduGZz1vgLCg6982edn1mT1WneSbr9wGdu2Lnnv1c2x51AAAAAHAKXtjLXrZyadRxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPOk/v3/6lf/J3tPpZhO0f39/4luf5KLIwx1sInhVnvUOOlAAAAAAAAAAODkvbqXvWzlUrfdLtJI8lrVuFw9Xsx72chq1nMjW1nJZjaznrkkU30DTWytbG6uzw2x5fyhW84PGXDz2ecMAAAAAAAAAF9Cv8ry/v//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAWVAkY52iWi5361NpjCeZTDJRrred/KNbf549GnUAAAAAcApe2MtetnKp224X1Wf+q9Xn/sm8l4fZzFo208pq7lTfBXQ+9Td2dxZauzsLD8rlyXG/+68jhVGNmM53D4fv+Vq1RjN3s1Y9cyO3805auZNGtWXpWjeew+P6ZRlT8Z3akJHdqcty5r+vy5M3NsQ6U1VGzvUyMlvHVmbjxcGZOPjqbB91T3Np9L75uXwCOb9Ql0Vy8YenlvNh1Jl4NXUm5vuOvquDM5F89c9//Mm91sP79+5uzJydKR3B+Xa73a0/fkws9GXi5S99JvrNVpm40msv5wf5cWYynbeynrX8LCvZzGqm8/2qtlIfz+Xj1OBM3TrQeqt6bD49kon6delcPY4W02vVtpeylh/lndzJat6o/s1nLt/MYhaz1PcKXxnirG8c7ay//rW6Uk7wd4MnesrKvL5Y5/XD5MA1d6rq639mP0spctzXxvGv1JVyH7+uy7Ph8UzM9WXipcHHyx+qy8pG6+H99Xsr7w65v9frsjyPfnum7hLl8fJ/5YtVtQ4eHWXfS4f2zVV9l3t9jSf6rvT6/tuZOlG/h3typPmq7+VD+xaqvmt9fYe93wLgzLvw9QsTzX82/978uPmb5r3mm5PfO/+t869M5Nzfzn17fHbs9cYrxZ/ycX6x//kfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD44jbe/+D+Squ1uv5Ypd1uf/iUri9aGctRtvrrX45z793fIzrG6RxvZfIoK7fPRsxHqfy73W4fy4DbAw7aY6u0a2cidSOqjPjCBJy4m5sP3r258f4H31jr3iIXF5dmlxbfWLh5d621Ott5HHGQwInYv+mPOhIAAAAAAAAAAABgWKfx5wSjniMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwfFueyfijFJmbvTFbtnd3Flrl0q3vrzmepJGk+HlSfJLcSmfJVN9wxdP289Ha0tuffr772f5Y4931G4O2G852vWQ6yVhdHtd4t595vKI3wzJh17uJg1H7TwAAAP//UOQPsQ==")
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0, 0x0)
setreuid(0xffffffffffffffff, 0xee00)

1m28.415056273s ago: executing program 0 (id=326):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000380)=[{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="e4bd9dd29bc6a30e7b0039b6622f6b2467f17fc7d52a61e1ddda34e1d18c63f037bd3ac0cbad5fc38ebc8ea06f4dfead8a5c0ceae4ae162d16276c08a8515366a07b9c8a4e398610ce1d9562e1cd7a7270e2558e12d18711fb1d28f8107a59a9d2c2c9f5b5f4f265251893c61c499dd19c42a5efa06499", 0x77}], 0x1, 0x0, 0x0, 0x10}], 0x1, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd0900320003003000000060000000000c2f0081e949b93897bc3b0000000000007d01ff020000000000000000000000000001"], 0xfdef)

1m28.061881171s ago: executing program 35 (id=326):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000380)=[{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="e4bd9dd29bc6a30e7b0039b6622f6b2467f17fc7d52a61e1ddda34e1d18c63f037bd3ac0cbad5fc38ebc8ea06f4dfead8a5c0ceae4ae162d16276c08a8515366a07b9c8a4e398610ce1d9562e1cd7a7270e2558e12d18711fb1d28f8107a59a9d2c2c9f5b5f4f265251893c61c499dd19c42a5efa06499", 0x77}], 0x1, 0x0, 0x0, 0x10}], 0x1, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd0900320003003000000060000000000c2f0081e949b93897bc3b0000000000007d01ff020000000000000000000000000001"], 0xfdef)

28.750153026s ago: executing program 7 (id=773):
unshare(0x20000400)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_int(r0, 0x11a, 0x4, 0x0, 0x0)

28.621616867s ago: executing program 7 (id=775):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]})
syz_open_procfs$namespace(0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000001400)={<r1=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000100))
ppoll(&(0x7f00000000c0)=[{r0, 0x5000}], 0x1, 0x0, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000180)={r1, 0x4004, 0xffff37a4})

27.656750785s ago: executing program 7 (id=796):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = dup(r2)
listen(r3, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000180), 0x200008, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}})

27.334452791s ago: executing program 7 (id=799):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4")
chdir(&(0x7f0000000240)='./file0\x00')
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200, 0x400000]})

27.146316426s ago: executing program 7 (id=791):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0xff58)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b000100697036746e6c00"], 0x54}}, 0x0)

26.585453722s ago: executing program 7 (id=793):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0xc000, &(0x7f0000000380), 0x2, 0x24d, &(0x7f0000000440)="$eJzs3T9oJFUcB/DvzO4ac7fIqY0g/gER0UA4O8HmbBQO5DhEBBVORGyUixAT7LJWNhZaq6SyCWJntJQ0wUYRrKKmiI2gwcJgocXK7iQSNytqNtk5Mp8PTGYm89783rDzfbvN7AZorAtJLiVpJZlL0klSHG5wb7Vc2N9dnd28lvT7T/1SDNtV+5WDfueT9JI8kmSjLPJKO1lef27nt60nHnh7qXP/h+vPzk71Ivft7mw/uffBlbc+ufzw8lff/HSlyKV0/3ZdJ68Y8792kdx2GsVuEEW77hHwX1x94+NvB7m/Pcl9w/x3UqZ68d5ZvGmjk4fe/6e+7/789Z3THCtw8vr9zuA9sNcHGqdM0k1Rzieptstyfr76DP9d61z56sLi63MvLyxdf6numQo4Kd1k+/HPZj49P5L/H1tV/oGza5D/p6+ufT/Y3muNHOzP1DMo4HTdVa0G+Z97YeXBjMs/cKbJPzSX/ENzyT80l/xDc8k/NJf8wxnWOdjojT0s/9Bc8g/NJf/QXIfzDwA0S3+m7ieQgbrUPf8AAAAAAAAAAAAAAAAAAABHrc5uXjtYplXzi/eS3ceStMfVbw1/jzi5efj33K/FoNlfiqrbRJ6/Z8ITTOijmp++vuWHeut/eXe99VeuJ703k1xst4/ef8X+/Xd8t/7L8c6LExb4n4qR/UefmW79UX+s1Vv/8lby+WD+uThu/ilzx3A9fv7pHv6K5WN67fcJTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDU/BkAAP//d4lu0g==")
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @aes128, 0x0, @desc3})
chdir(&(0x7f0000000000)='./file0\x00')
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

26.134513049s ago: executing program 36 (id=793):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0xc000, &(0x7f0000000380), 0x2, 0x24d, &(0x7f0000000440)="$eJzs3T9oJFUcB/DvzO4ac7fIqY0g/gER0UA4O8HmbBQO5DhEBBVORGyUixAT7LJWNhZaq6SyCWJntJQ0wUYRrKKmiI2gwcJgocXK7iQSNytqNtk5Mp8PTGYm89783rDzfbvN7AZorAtJLiVpJZlL0klSHG5wb7Vc2N9dnd28lvT7T/1SDNtV+5WDfueT9JI8kmSjLPJKO1lef27nt60nHnh7qXP/h+vPzk71Ivft7mw/uffBlbc+ufzw8lff/HSlyKV0/3ZdJ68Y8792kdx2GsVuEEW77hHwX1x94+NvB7m/Pcl9w/x3UqZ68d5ZvGmjk4fe/6e+7/789Z3THCtw8vr9zuA9sNcHGqdM0k1Rzieptstyfr76DP9d61z56sLi63MvLyxdf6numQo4Kd1k+/HPZj49P5L/H1tV/oGza5D/p6+ufT/Y3muNHOzP1DMo4HTdVa0G+Z97YeXBjMs/cKbJPzSX/ENzyT80l/xDc8k/NJf8wxnWOdjojT0s/9Bc8g/NJf/QXIfzDwA0S3+m7ieQgbrUPf8AAAAAAAAAAAAAAAAAAABHrc5uXjtYplXzi/eS3ceStMfVbw1/jzi5efj33K/FoNlfiqrbRJ6/Z8ITTOijmp++vuWHeut/eXe99VeuJ703k1xst4/ef8X+/Xd8t/7L8c6LExb4n4qR/UefmW79UX+s1Vv/8lby+WD+uThu/ilzx3A9fv7pHv6K5WN67fcJTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDU/BkAAP//d4lu0g==")
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @aes128, 0x0, @desc3})
chdir(&(0x7f0000000000)='./file0\x00')
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

4.457776789s ago: executing program 4 (id=884):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
write$cgroup_subtree(r2, &(0x7f0000000140)={[{0x2b, 'cpu'}]}, 0x17)

4.219286028s ago: executing program 4 (id=887):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@noautodefrag}, {@ref_verify}, {@noenospc_debug}, {@clear_cache}, {@commit={'commit', 0x3d, 0x3}}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x38, 0x36, 0x38, 0x35, 0x32, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file3\x00', 0xffffffffffffff9c, &(0x7f0000002100)='./bus\x00', 0x5)
renameat2(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x2)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1, 0xe7b, 0x0, 0x0)

3.184620132s ago: executing program 4 (id=894):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_clone(0x4200000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x2, 0x0, 0x0, 0x4, 0x0)
wait4(r0, 0x0, 0x40000000, 0x0)

3.132560866s ago: executing program 6 (id=895):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002300000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_ext={0x1c, 0x10, &(0x7f0000000300)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @cb_func={0x18, 0x8, 0x4, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x507}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x10}, @map_val={0x18, 0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}], 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2e28e, r0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r1 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r1, 0x107, 0x14, &(0x7f0000000000), 0x4)
sendmsg$kcm(r1, &(0x7f0000001780)={&(0x7f00000003c0)=@caif, 0x80, 0x0}, 0x0)

2.935606622s ago: executing program 6 (id=896):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
write$cgroup_subtree(r2, &(0x7f0000000140)={[{0x2b, 'cpu'}]}, 0x17)

2.646820896s ago: executing program 6 (id=898):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)}], 0x1}, 0x40045)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, 0x0, &(0x7f0000000040))

2.533871255s ago: executing program 8 (id=899):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000000c0)="d8df0f23b3b9ce000000b807000000ba000000000f30658154fea900600000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000000ba000000000f300fc79d53bf0000c4e16dd3010f2202", 0x4f}], 0x1, 0x4d, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead)

2.158590385s ago: executing program 8 (id=900):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='lp\x00', 0x3)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

2.158417895s ago: executing program 2 (id=901):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
readv(r0, &(0x7f0000000400)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, &(0x7f0000000140)=0x1)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x3, 0x1}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x0, 0x0, 0xf})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)

2.158265295s ago: executing program 4 (id=902):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0)
r0 = syz_io_uring_setup(0x3924, &(0x7f0000000080)={0x0, 0x2, 0x10000, 0x0, 0x3}, &(0x7f0000000780)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x2def, 0xfffffffc, 0x0, 0x0, 0x0)
creat(&(0x7f00000001c0)='./file0\x00', 0x0)

2.155946725s ago: executing program 6 (id=910):
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749})
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f0000c0c000/0x1000)=nil, 0x1000, 0x4)
readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000140)=""/126, 0x7e}], 0x1)

1.2355026s ago: executing program 6 (id=903):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@noautodefrag}, {@ref_verify}, {@noenospc_debug}, {@clear_cache}, {@commit={'commit', 0x3d, 0x3}}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x38, 0x36, 0x38, 0x35, 0x32, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file3\x00', 0xffffffffffffff9c, &(0x7f0000002100)='./bus\x00', 0x5)
renameat2(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x2)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1, 0xe7b, 0x0, 0x0)

1.23497129s ago: executing program 2 (id=905):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002300000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_ext={0x1c, 0x10, &(0x7f0000000300)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @cb_func={0x18, 0x8, 0x4, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x507}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x10}, @map_val={0x18, 0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}], 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2e28e, r0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r1 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r1, 0x107, 0x14, &(0x7f0000000000), 0x4)
sendmsg$kcm(r1, &(0x7f0000001780)={&(0x7f00000003c0)=@caif, 0x80, 0x0}, 0x0)

1.23479334s ago: executing program 4 (id=906):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
write$cgroup_int(r0, &(0x7f0000000540), 0xfffffdd8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)

1.121345059s ago: executing program 2 (id=907):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
write$cgroup_subtree(r2, &(0x7f0000000140)={[{0x2b, 'cpu'}]}, 0x17)

1.104277351s ago: executing program 8 (id=909):
pipe2(&(0x7f0000000080)={0x0, <r0=>0x0}, 0x0)
pipe2(&(0x7f0000000000)={<r1=>0x0, <r2=>0x0}, 0x0)
tee(r1, r0, 0xff, 0x0)
r3 = fanotify_init(0x0, 0x0)
fanotify_mark(r3, 0x1, 0x4000102b, r2, 0x0)
vmsplice(r2, &(0x7f0000001700)=[{&(0x7f0000000a40)="8b", 0x1}], 0x1, 0x0)

899.018187ms ago: executing program 8 (id=911):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x0, 0x785, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0}, 0x18)
r1 = socket$kcm(0x2, 0x3, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="000000000000000002"], 0x50)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x890b, &(0x7f0000000100))

833.846863ms ago: executing program 2 (id=912):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000340))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2})

217.270203ms ago: executing program 4 (id=913):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000000c0)="d8df0f23b3b9ce000000b807000000ba000000000f30658154fea900600000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000000ba000000000f300fc79d53bf0000c4e16dd3010f2202", 0x4f}], 0x1, 0x4d, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead)

216.172493ms ago: executing program 8 (id=921):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
write$cgroup_subtree(r2, &(0x7f0000000140)={[{0x2b, 'cpu'}]}, 0x17)

205.716073ms ago: executing program 2 (id=914):
r0 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setuid(r3)
sendmmsg$unix(r1, &(0x7f00000081c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001fc0)=[@cred={{0x1c, 0x1, 0x2, {r0, 0xee00}}}], 0x20}}], 0x1, 0x84)

117.59558ms ago: executing program 6 (id=915):
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f00000010c0), 0x802, 0x0)
r0 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x8a73, 0x100, 0x22, 0x1b7}, &(0x7f0000000300)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/15, 0xf}], 0x1})
io_uring_enter(r0, 0x47ba, 0x3000000, 0x0, 0x0, 0x0)

47.047936ms ago: executing program 2 (id=916):
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r0}, 0x18)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x2710, @my=0x1}, 0x10)

0s ago: executing program 8 (id=917):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$int_in(r1, 0x5452, &(0x7f0000000040)=0x8001)
r2 = getpgid(0x0)
fcntl$setownex(r1, 0xf, &(0x7f0000000140)={0x2, r2})
fcntl$setsig(r1, 0xa, 0x1c)
sendmmsg$unix(r0, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="11", 0x1}], 0x1}}], 0x1, 0x40015)

kernel console output (not intermixed with test programs):

orts timestamps until 2038-01-19 (0x7fffffff)
[  115.778080][ T6426] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  115.806672][ T5785] syz-executor: attempt to access beyond end of device
[  115.806672][ T5785] loop2: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  115.853923][ T5785] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  115.895347][ T6741] loop0: detected capacity change from 0 to 512
[  115.953875][ T6741] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  116.013267][ T6741] ext4 filesystem being mounted at /87/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  116.159850][ T6752] loop5: detected capacity change from 0 to 2048
[  116.240878][ T6752] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  116.292940][ T6752] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  116.379441][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.484392][ T6752] loop5: detected capacity change from 2048 to 64
[  116.621092][ T6441] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.643250][ T6759] loop4: detected capacity change from 0 to 1024
[  116.677638][ T6757] loop0: detected capacity change from 0 to 8192
[  116.689397][ T6754] kmmpd-loop5: attempt to access beyond end of device
[  116.689397][ T6754] loop5: rw=14337, sector=512, nr_sectors = 8 limit=64
[  116.707550][ T6757] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  116.710497][ T6754] Buffer I/O error on dev loop5, logical block 64, lost sync page write
[  116.733002][ T6757] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[  116.746008][ T6757] REISERFS (device loop0): using ordered data mode
[  116.753355][ T6757] reiserfs: using flush barriers
[  116.765803][ T6757] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  116.824248][ T6759] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  116.826821][ T6757] REISERFS (device loop0): checking transaction log (loop0)
[  116.946273][ T6426] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.992595][ T6757] REISERFS (device loop0): Using tea hash to sort names
[  117.026239][ T6757] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  117.136923][ T1107] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.251634][ T1107] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.351611][ T1107] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.470121][ T1107] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.796336][ T5798] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  117.810879][ T5798] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  117.823665][ T5798] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  117.832954][ T5798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  117.842495][ T5798] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  117.858962][ T5798] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  118.014270][ T6790] netlink: 4 bytes leftover after parsing attributes in process `syz.4.310'.
[  118.195223][ T6798] loop0: detected capacity change from 0 to 64
[  118.277135][ T6801] loop2: detected capacity change from 0 to 2048
[  118.330758][ T6801] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  118.457049][ T6785] chnl_net:caif_netlink_parms(): no params data found
[  118.552035][ T6806] loop0: detected capacity change from 0 to 512
[  118.584547][ T6806] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  118.631914][ T6806] EXT4-fs (loop0): 1 truncate cleaned up
[  118.664461][ T6806] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  118.799865][ T6815] netlink: 12 bytes leftover after parsing attributes in process `syz.4.317'.
[  118.903311][ T6818] sch_tbf: burst 0 is lower than device team_slave_0 mtu (1514) !
[  118.923300][ T6785] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.943846][ T6785] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.951391][ T6785] bridge_slave_0: entered allmulticast mode
[  118.980875][ T6785] bridge_slave_0: entered promiscuous mode
[  119.003716][ T6785] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.005017][ T6821] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  119.011127][ T6785] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.053204][ T6785] bridge_slave_1: entered allmulticast mode
[  119.079323][ T6785] bridge_slave_1: entered promiscuous mode
[  119.233343][ T6785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  119.283781][ T6785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  119.336069][ T6785] team0: Port device team_slave_0 added
[  119.349223][ T6785] team0: Port device team_slave_1 added
[  119.411241][ T6785] batman_adv: batadv0: Adding interface: batadv_slave_0
[  119.418537][ T6785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.446983][ T6785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  119.462517][ T1107] hsr_slave_0: left promiscuous mode
[  119.486756][   T27] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  119.499188][ T5938] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.525043][ T1107] hsr_slave_1: left promiscuous mode
[  119.558604][ T1107] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  119.573504][ T1107] batman_adv: batadv0: Removing interface: batadv_slave_0
[  119.584992][ T1107] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  119.612895][ T1107] batman_adv: batadv0: Removing interface: batadv_slave_1
[  119.621338][ T1107] bridge_slave_1: left allmulticast mode
[  119.632895][ T1107] bridge_slave_1: left promiscuous mode
[  119.638867][ T1107] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.668478][ T1107] bridge_slave_0: left allmulticast mode
[  119.689229][ T1107] bridge_slave_0: left promiscuous mode
[  119.703067][   T27] usb 3-1: Using ep0 maxpacket: 16
[  119.706243][ T1107] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.743727][   T27] usb 3-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  119.762822][   T27] usb 3-1: config 0 interface 0 has no altsetting 0
[  119.769558][   T27] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b34, bcdDevice= 0.00
[  119.802829][   T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.836142][ T1107] veth1_macvtap: left promiscuous mode
[  119.836577][   T27] usb 3-1: config 0 descriptor??
[  119.849165][ T1107] veth0_macvtap: left promiscuous mode
[  119.865377][ T1107] veth1_vlan: left promiscuous mode
[  119.870802][ T1107] veth0_vlan: left promiscuous mode
[  119.933394][ T5792] Bluetooth: hci3: command tx timeout
[  120.315379][   T27] corsair 0003:1B1C:1B34.0007: hidraw0: USB HID v0.05 Device [HID 1b1c:1b34] on usb-dummy_hcd.2-1/input0
[  120.408892][ T6829] loop4: detected capacity change from 0 to 40427
[  120.445509][ T5798] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  120.453355][ T6829] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x7ffff
[  120.457852][ T5798] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  120.474761][ T5798] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  120.488790][ T6829] F2FS-fs (loop4): invalid crc value
[  120.496442][ T5798] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  120.514661][ T5798] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  120.536404][ T5798] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  120.548068][ T6829] F2FS-fs (loop4): Found nat_bits in checkpoint
[  120.595736][ T5842] usb 3-1: USB disconnect, device number 6
[  120.656610][ T6829] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  120.739523][   T28] audit: type=1800 audit(1753831565.416:15): pid=6829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.325" name="file1" dev="loop4" ino=10 res=0 errno=0
[  120.765447][ T6426] syz-executor: attempt to access beyond end of device
[  120.765447][ T6426] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  120.782982][ T6426] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  121.191887][ T1107] team0 (unregistering): Port device team_slave_1 removed
[  121.330975][ T1107] team0 (unregistering): Port device team_slave_0 removed
[  121.425087][ T1107] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  121.489398][ T1107] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  121.696088][ T6839] loop2: detected capacity change from 0 to 32768
[  121.753187][ T6839] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  121.882190][ T6839] XFS (loop2): Ending clean mount
[  122.023806][ T5792] Bluetooth: hci3: command tx timeout
[  122.082940][ T5785] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  122.382032][ T1107] bond0 (unregistering): Released all slaves
[  122.471273][ T6785] batman_adv: batadv0: Adding interface: batadv_slave_1
[  122.478423][ T6785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  122.511926][ T6785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  122.579544][ T5792] Bluetooth: hci1: command tx timeout
[  122.702344][ T6785] hsr_slave_0: entered promiscuous mode
[  122.734412][ T6785] hsr_slave_1: entered promiscuous mode
[  123.114199][   T27] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  123.153144][ T6831] chnl_net:caif_netlink_parms(): no params data found
[  123.276663][ T6785] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  123.287773][ T6785] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  123.328062][   T27] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  123.338019][ T6785] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  123.345570][   T27] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  123.364276][ T6785] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  123.371593][   T27] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  123.403005][   T27] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.412084][ T6878] loop2: detected capacity change from 0 to 512
[  123.429938][   T27] usb 5-1: config 0 descriptor??
[  123.440212][ T1107] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.506161][ T6831] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.522923][ T6831] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.530371][ T6831] bridge_slave_0: entered allmulticast mode
[  123.554965][ T6831] bridge_slave_0: entered promiscuous mode
[  123.581994][ T6878] EXT4-fs (loop2): Test dummy encryption mode enabled
[  123.589506][ T6878] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  123.605246][ T1107] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.630492][ T6878] EXT4-fs (loop2): 1 truncate cleaned up
[  123.638162][ T6878] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  123.700054][ T1107] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.718238][ T6831] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.735862][ T6831] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.744771][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.754263][ T6831] bridge_slave_1: entered allmulticast mode
[  123.761777][ T6831] bridge_slave_1: entered promiscuous mode
[  123.764055][   T27] usbhid 5-1:0.0: can't add hid device: -71
[  123.774240][   T27] usbhid: probe of 5-1:0.0 failed with error -71
[  123.799976][   T27] usb 5-1: USB disconnect, device number 4
[  123.849284][ T6891] loop2: detected capacity change from 0 to 1024
[  123.893078][ T1107] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.916504][ T6831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  123.931246][ T6831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  124.014710][ T6831] team0: Port device team_slave_0 added
[  124.025988][ T6831] team0: Port device team_slave_1 added
[  124.084932][ T6831] batman_adv: batadv0: Adding interface: batadv_slave_0
[  124.093442][ T5792] Bluetooth: hci3: command tx timeout
[  124.095004][ T6831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  124.125700][ T6831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  124.126035][ T2973] hfsplus: b-tree write err: -5, ino 4
[  124.144379][ T6831] batman_adv: batadv0: Adding interface: batadv_slave_1
[  124.151456][ T6831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  124.179194][ T6831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  124.319387][ T6831] hsr_slave_0: entered promiscuous mode
[  124.349952][ T6831] hsr_slave_1: entered promiscuous mode
[  124.366527][ T6831] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  124.384650][ T6831] Cannot create hsr debugfs directory
[  124.431215][ T6896] loop2: detected capacity change from 0 to 1024
[  124.487223][ T6900] loop4: detected capacity change from 0 to 1024
[  124.514892][ T6896] hfsplus: xattr searching failed
[  124.520151][ T6900] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  124.525081][ T6896] hfsplus: xattr searching failed
[  124.663133][ T5792] Bluetooth: hci1: command tx timeout
[  124.711602][ T6785] 8021q: adding VLAN 0 to HW filter on device bond0
[  124.739870][ T6426] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.848516][ T6785] 8021q: adding VLAN 0 to HW filter on device team0
[  124.881896][ T6905] loop4: detected capacity change from 0 to 2364
[  124.938072][ T3487] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.945286][ T3487] bridge0: port 1(bridge_slave_0) entered forwarding state
[  124.981296][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.988974][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  125.377405][ T6831] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  125.401335][ T6920] loop4: detected capacity change from 0 to 64
[  125.455059][ T6831] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  125.466823][ T6831] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  125.512516][ T6831] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  125.531709][ T6920] overlayfs: upper fs needs to support d_type.
[  125.558963][ T6920] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  125.586541][ T6920] overlayfs: failed to set xattr on upper
[  125.592572][ T6920] overlayfs: ...falling back to redirect_dir=nofollow.
[  125.609158][ T6920] overlayfs: ...falling back to index=off.
[  125.620645][ T6920] overlayfs: ...falling back to uuid=null.
[  125.696346][ T1107] hsr_slave_0: left promiscuous mode
[  125.713745][ T1107] hsr_slave_1: left promiscuous mode
[  125.725746][ T1107] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  125.742820][ T1107] batman_adv: batadv0: Removing interface: batadv_slave_0
[  125.751006][ T1107] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  125.773108][ T1107] batman_adv: batadv0: Removing interface: batadv_slave_1
[  125.780923][ T1107] bridge_slave_1: left allmulticast mode
[  125.787045][ T1107] bridge_slave_1: left promiscuous mode
[  125.803077][ T1107] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.813263][ T1107] bridge_slave_0: left allmulticast mode
[  125.819140][ T1107] bridge_slave_0: left promiscuous mode
[  125.837910][ T1107] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.894811][ T1107] veth1_macvtap: left promiscuous mode
[  125.900495][ T1107] veth0_macvtap: left promiscuous mode
[  125.906553][ T1107] veth1_vlan: left promiscuous mode
[  125.912010][ T1107] veth0_vlan: left promiscuous mode
[  126.189008][ T5792] Bluetooth: hci3: command tx timeout
[  126.291139][ T6426] Trying to free block not in datazone
[  126.331198][ T6426] Trying to free block not in datazone
[  126.343734][ T6426] Trying to free block not in datazone
[  126.742999][ T5792] Bluetooth: hci1: command tx timeout
[  126.958251][ T1107] team0 (unregistering): Port device team_slave_1 removed
[  126.993359][ T5777] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  127.039100][ T1107] team0 (unregistering): Port device team_slave_0 removed
[  127.105623][ T1107] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  127.169485][ T1107] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  127.213033][ T5777] usb 5-1: Using ep0 maxpacket: 32
[  127.221084][ T5777] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  127.242983][ T5777] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32
[  127.265560][ T5777] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  127.282822][ T5777] usb 5-1: New USB device strings: Mfr=14, Product=2, SerialNumber=3
[  127.301591][ T5777] usb 5-1: Product: syz
[  127.311764][ T5777] usb 5-1: Manufacturer: syz
[  127.321492][ T5777] usb 5-1: SerialNumber: syz
[  127.491627][ T6941] loop2: detected capacity change from 0 to 40427
[  127.508657][ T6941] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  127.520657][ T6941] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  127.542584][ T6941] F2FS-fs (loop2): Found nat_bits in checkpoint
[  127.565939][ T6939] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  127.613920][ T6941] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  127.621196][ T6941] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  128.125832][ T1107] bond0 (unregistering): Released all slaves
[  128.211055][ T6939] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  128.256517][ T6785] 8021q: adding VLAN 0 to HW filter on device batadv0
[  128.426160][ T5777] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[  128.438850][ T5777] cdc_ncm 5-1:1.0: dwNtbInMaxSize=8 is too small. Using 2048
[  128.463807][ T5777] cdc_ncm 5-1:1.0: setting rx_max = 2048
[  128.527200][ T6831] 8021q: adding VLAN 0 to HW filter on device bond0
[  128.569381][ T6831] 8021q: adding VLAN 0 to HW filter on device team0
[  128.625887][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.633112][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.642210][ T5777] cdc_ncm 5-1:1.0: setting tx_max = 88
[  128.665486][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.672657][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.721792][ T5777] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  128.763172][ T5777] usb 5-1: USB disconnect, device number 5
[  128.777252][ T5777] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP)
[  128.813043][ T5792] Bluetooth: hci1: command tx timeout
[  129.010642][ T6785] veth0_vlan: entered promiscuous mode
[  129.047365][ T6785] veth1_vlan: entered promiscuous mode
[  129.116494][ T6785] veth0_macvtap: entered promiscuous mode
[  129.153535][ T6785] veth1_macvtap: entered promiscuous mode
[  129.189257][ T6785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  129.204274][ T6785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  129.221316][ T6785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  129.234076][ T6785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  129.250527][ T6785] batman_adv: batadv0: Interface activated: batadv_slave_0
[  129.262587][ T6785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  129.275627][ T6785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  129.285694][ T6785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  129.323192][ T6785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  129.340847][ T6785] batman_adv: batadv0: Interface activated: batadv_slave_1
[  129.369855][ T6785] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  129.383253][ T6785] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  129.392178][ T6785] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  129.407896][ T6785] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  129.510036][ T6831] 8021q: adding VLAN 0 to HW filter on device batadv0
[  129.613722][  T388] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.637455][  T388] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.728093][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.756113][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.854685][ T6974] input: syz1 as /devices/virtual/input/input12
[  130.089963][ T6989] loop2: detected capacity change from 0 to 6
[  130.101894][ T6989]  loop2: [POWERTEC] p1 p2
[  130.106656][ T6989] loop2: p1 start 12 is beyond EOD, truncated
[  130.113941][ T6989] loop2: p2 size 1986356271 extends beyond EOD, truncated
[  130.154458][ T6831] veth0_vlan: entered promiscuous mode
[  130.197461][ T6831] veth1_vlan: entered promiscuous mode
[  130.265650][ T6831] veth0_macvtap: entered promiscuous mode
[  130.286088][ T6831] veth1_macvtap: entered promiscuous mode
[  130.312060][ T6831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  130.328981][ T6831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.329002][ T6831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  130.329017][ T6831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.329033][ T6831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  130.329044][ T6831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.330756][ T6831] batman_adv: batadv0: Interface activated: batadv_slave_0
[  130.341299][ T6831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  130.420012][ T6831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.432546][ T6831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  130.444293][ T6831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.454425][ T6831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  130.465459][ T6831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.477687][ T6831] batman_adv: batadv0: Interface activated: batadv_slave_1
[  130.505140][ T6831] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  130.528905][ T6831] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  130.534347][ T7000] loop6: detected capacity change from 0 to 64
[  130.541101][ T6831] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  130.560259][ T6831] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  130.767381][ T6996] loop4: detected capacity change from 0 to 32768
[  130.776466][ T6996] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.369 (6996)
[  130.791900][ T6996] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  130.807146][ T6996] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  130.820220][ T6996] BTRFS info (device loop4): setting nodatasum
[  130.831572][ T6996] BTRFS info (device loop4): force zlib compression, level 3
[  130.839512][ T6996] BTRFS info (device loop4): enabling ssd optimizations
[  130.855166][ T6996] BTRFS info (device loop4): allowing degraded mounts
[  130.862016][ T6996] BTRFS info (device loop4): using free space tree
[  130.963886][  T388] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.972125][  T388] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.044031][   T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.052265][   T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.193249][ T7026] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  131.379743][ T6426] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  131.381663][ T7032] loop2: detected capacity change from 0 to 4096
[  131.500603][  T967] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  131.567168][ T7033] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  131.698955][  T967] usb 8-1: unable to get BOS descriptor or descriptor too short
[  131.746153][  T967] usb 8-1: config 6 has an invalid interface number: 38 but max is 0
[  131.758047][  T967] usb 8-1: config 6 has no interface number 0
[  131.783907][  T967] usb 8-1: config 6 interface 38 has no altsetting 0
[  131.797574][  T967] usb 8-1: New USB device found, idVendor=05d1, idProduct=1003, bcdDevice=9d.e8
[  131.807346][  T967] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.822360][  T967] usb 8-1: Product: syz
[  131.827035][  T967] usb 8-1: Manufacturer: syz
[  131.844778][  T967] usb 8-1: SerialNumber: syz
[  132.130204][  T967] rndis_wlan 8-1:6.38: skipping garbage
[  132.152465][  T967] usb 8-1: bad CDC descriptors
[  132.217179][  T967] rndis_host 8-1:6.38: skipping garbage
[  132.238385][  T967] usb 8-1: bad CDC descriptors
[  132.254987][  T967] ftdi_sio 8-1:6.38: FTDI USB Serial Device converter detected
[  132.269461][  T967] ftdi_sio ttyUSB0: unknown device type: 0x9de8
[  132.299485][  T967] usb 8-1: USB disconnect, device number 2
[  132.310425][  T967] ftdi_sio 8-1:6.38: device disconnected
[  132.617422][ T7063] loop6: detected capacity change from 0 to 164
[  132.628321][ T7063] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  132.660857][ T7063] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  132.684967][ T7063] Symlink component flag not implemented
[  132.702415][ T7063] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  132.752679][ T7063] rock: directory entry would overflow storage
[  132.759674][ T7063] rock: sig=0x4f50, size=4, remaining=3
[  132.769415][ T7063] iso9660: Corrupted directory entry in block 4 of inode 1792
[  132.784417][ T7063] Symlink component flag not implemented (255)
[  132.802874][   T27] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  132.992907][   T27] usb 3-1: Using ep0 maxpacket: 16
[  133.009268][   T27] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  133.018655][   T27] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  133.043226][   T27] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  133.060120][ T7076] Bluetooth: MGMT ver 1.22
[  133.069925][   T27] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  133.089853][   T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.109602][   T27] usb 3-1: Product: syz
[  133.129005][   T27] usb 3-1: Manufacturer: syz
[  133.134288][   T27] usb 3-1: SerialNumber: syz
[  133.219039][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  133.225485][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  133.437330][ T7084] veth1_to_bridge: entered promiscuous mode
[  133.443575][ T5835] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  133.447121][ T7069] loop4: detected capacity change from 0 to 40427
[  133.453158][ T7084] veth1_to_bridge: left promiscuous mode
[  133.470845][ T7069] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x7ffff
[  133.482236][ T7069] F2FS-fs (loop4): Image doesn't support compression
[  133.489277][ T7069] F2FS-fs (loop4): Image doesn't support compression
[  133.498637][ T7069] F2FS-fs (loop4): invalid crc value
[  133.509832][ T7069] F2FS-fs (loop4): Found nat_bits in checkpoint
[  133.570681][ T7069] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  133.582399][   T27] usb 3-1: 0:2 : does not exist
[  133.659467][ T5835] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  133.684379][ T5835] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  133.696575][ T7085] f2fs_ckpt-7:4: attempt to access beyond end of device
[  133.696575][ T7085] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  133.702835][ T5835] usb 8-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  133.728490][ T7085] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  133.739971][ T5835] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.757103][   T28] audit: type=1804 audit(1753831578.436:16): pid=7069 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.392" name="/newroot/45/bus/bus" dev="loop4" ino=10 res=1 errno=0
[  133.794606][ T5835] usb 8-1: config 0 descriptor??
[  134.225574][ T5835] hid-steam 0003:28DE:1142.0008: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.7-1/input0
[  134.335965][ T5835] hid-steam 0003:28DE:1142.0008: Steam wireless receiver connected
[  134.363380][ T5835] hid-steam 0003:28DE:1142.0009: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.7-1/input0
[  134.409222][ T7089] loop6: detected capacity change from 0 to 65536
[  134.414155][   T27] usb 3-1: 1:0: failed to get current value for ch 0 (-22)
[  134.445784][   T27] usb 3-1: USB disconnect, device number 7
[  134.485775][ T7089] XFS (loop6): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  134.521701][ T7089] XFS (loop6): Ending clean mount
[  134.536353][ T7089] XFS (loop6): Quotacheck needed: Please wait.
[  134.644033][ T7089] XFS (loop6): Quotacheck: Done.
[  134.746888][ T6785] XFS (loop6): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  134.797560][ T7106] loop4: detected capacity change from 0 to 2048
[  134.907784][ T7106] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  134.967471][ T7106] ext4 filesystem being mounted at /49/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  135.057715][ T6426] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.189812][ T5777] usb 8-1: USB disconnect, device number 3
[  135.228854][ T5777] hid-steam 0003:28DE:1142.0008: Steam wireless receiver disconnected
[  135.292473][ T7119] loop2: detected capacity change from 0 to 1024
[  135.317010][ T7119] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  135.350415][   T28] audit: type=1800 audit(1753831580.036:17): pid=7119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.408" name="file1" dev="loop2" ino=839 res=0 errno=0
[  135.396902][   T28] audit: type=1800 audit(1753831580.066:18): pid=7119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.408" name="file1" dev="loop2" ino=839 res=0 errno=0
[  135.735867][ T7135] input: syz1 as /devices/virtual/input/input13
[  135.810877][ T7137] loop7: detected capacity change from 0 to 64
[  135.826993][ T7139] loop2: detected capacity change from 0 to 1024
[  135.842921][    T8] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  135.872994][   T28] audit: type=1800 audit(1753831580.556:19): pid=7139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.416" name="file2" dev="loop2" ino=22 res=0 errno=0
[  135.926883][   T28] audit: type=1800 audit(1753831580.596:20): pid=7139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.416" name="file2" dev="loop2" ino=22 res=0 errno=0
[  135.986089][   T28] audit: type=1800 audit(1753831580.646:21): pid=7137 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.415" name="file1" dev="loop7" ino=18 res=0 errno=0
[  136.057448][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  136.069965][ T3487] hfsplus: b-tree write err: -5, ino 4
[  136.078510][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  136.098542][    T8] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  136.117726][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.139919][    T8] usb 5-1: config 0 descriptor??
[  136.574206][    T8] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0
[  136.590950][    T8] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0
[  136.598904][    T8] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0
[  136.611227][    T8] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0
[  136.618819][    T8] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0
[  136.637147][    T8] cm6533_jd 0003:0D8C:0022.000A: No inputs registered, leaving
[  136.658277][    T8] cm6533_jd 0003:0D8C:0022.000A: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  136.666293][ T7152] loop2: detected capacity change from 0 to 32768
[  136.682896][ T7152] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.421 (7152)
[  136.707079][ T7152] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  136.719373][ T7152] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  136.731409][ T7152] BTRFS info (device loop2): enabling auto defrag
[  136.740774][ T7152] BTRFS info (device loop2): doing ref verification
[  136.749671][ T7152] BTRFS info (device loop2): use no compression
[  136.756286][ T7152] BTRFS info (device loop2): force clearing of disk cache
[  136.767057][ T7152] BTRFS info (device loop2): setting nodatacow, compression disabled
[  136.775495][ T7152] BTRFS info (device loop2): disabling free space tree
[  136.835278][ T7152] BTRFS info (device loop2): enabling ssd optimizations
[  136.842414][ T7152] BTRFS info (device loop2): auto enabling async discard
[  136.855750][ T7152] BTRFS info (device loop2): rebuilding free space tree
[  136.865430][ T7166] loop6: detected capacity change from 0 to 4096
[  136.885063][    T8] usb 5-1: USB disconnect, device number 6
[  136.927493][ T7152] BTRFS info (device loop2): disabling free space tree
[  136.935407][ T7152] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  136.946893][ T7152] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  136.979931][ T7166] ntfs3: loop6: Mark volume as dirty due to NTFS errors
[  137.032010][ T7166] ntfs3: loop6: Failed to load $Extend (-22).
[  137.043075][ T7166] ntfs3: loop6: Failed to initialize $Extend.
[  137.119495][ T5785] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  137.217824][ T7183] netlink: 4 bytes leftover after parsing attributes in process `syz.7.429'.
[  137.579108][ T7191] input: syz1 as /devices/virtual/input/input14
[  137.699791][ T7193] block device autoloading is deprecated and will be removed.
[  137.714846][ T7193] syz.7.433: attempt to access beyond end of device
[  137.714846][ T7193] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  137.732251][ T7196] loop6: detected capacity change from 0 to 256
[  137.769143][ T7196] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  137.812886][ T7196] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[  137.834632][ T7196] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  138.072901][ T5777] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  138.127701][ T7217] loop7: detected capacity change from 0 to 64
[  138.230416][ T7219] loop6: detected capacity change from 0 to 4096
[  138.262968][ T5777] usb 3-1: Using ep0 maxpacket: 32
[  138.271244][ T5777] usb 3-1: too many configurations: 29, using maximum allowed: 8
[  138.288552][ T5777] usb 3-1: config 0 has no interfaces?
[  138.296269][ T7221] loop7: detected capacity change from 0 to 1024
[  138.297221][ T5777] usb 3-1: config 0 has no interfaces?
[  138.315424][ T5777] usb 3-1: config 0 has no interfaces?
[  138.322082][ T5777] usb 3-1: config 0 has no interfaces?
[  138.350786][ T5777] usb 3-1: config 0 has no interfaces?
[  138.357862][ T5777] usb 3-1: config 0 has no interfaces?
[  138.371683][ T5777] usb 3-1: config 0 has no interfaces?
[  138.379166][ T5777] usb 3-1: config 0 has no interfaces?
[  138.395501][ T5777] usb 3-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=82.d5
[  138.408493][ T5777] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.418168][ T5777] usb 3-1: Product: syz
[  138.425196][ T5777] usb 3-1: Manufacturer: syz
[  138.438845][ T5777] usb 3-1: SerialNumber: syz
[  138.449587][ T5777] usb 3-1: config 0 descriptor??
[  138.733796][ T7228] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  138.774104][ T7228] iommufd_mock iommufd_mock2: Adding to iommu group 1
[  139.143598][    T8] usb 3-1: USB disconnect, device number 8
[  139.325183][ T7235] loop4: detected capacity change from 0 to 32768
[  139.337086][ T7235] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  139.393203][ T7235] XFS (loop4): Ending clean mount
[  139.406010][ T7235] XFS (loop4): Quotacheck needed: Please wait.
[  139.462150][ T7235] XFS (loop4): Quotacheck: Done.
[  139.473031][ T5835] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  139.592577][ T6426] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  139.672890][ T5835] usb 8-1: Using ep0 maxpacket: 8
[  139.692265][ T5835] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  139.712273][ T5835] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.748467][ T5835] usb 8-1: Product: syz
[  139.752880][ T5835] usb 8-1: Manufacturer: syz
[  139.757686][ T5835] usb 8-1: SerialNumber: syz
[  139.793616][ T5835] usb 8-1: config 0 descriptor??
[  139.979963][ T7249] loop2: detected capacity change from 0 to 1024
[  140.017813][ T5835] usb 8-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  140.033866][ T7249] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  140.078328][ T7249] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  140.151636][ T7249] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: block 1: comm syz.2.452: lblock 1 mapped to illegal pblock 1 (length 1)
[  140.231033][ T5835] dvb_usb_rtl28xxu: probe of 8-1:0.0 failed with error -71
[  140.240244][ T3487] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: block 1: comm kworker/u4:10: lblock 1 mapped to illegal pblock 1 (length 1)
[  140.254564][ T5835] usb 8-1: USB disconnect, device number 4
[  140.300939][ T3487] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 117
[  140.317396][ T3487] EXT4-fs (loop2): This should not happen!! Data will be lost
[  140.317396][ T3487] 
[  140.359286][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.535227][ T7267] loop2: detected capacity change from 0 to 8192
[  140.576634][ T3487] af_packet: tpacket_rcv: packet too big, clamped from 74 to 4294967286. macoff=82
[  140.916666][ T7280] loop7: detected capacity change from 0 to 2048
[  140.944521][ T7282] syzkaller1: entered promiscuous mode
[  140.950933][ T7282] syzkaller1: entered allmulticast mode
[  140.973835][ T7283] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  141.107558][   T28] audit: type=1800 audit(1753831585.786:22): pid=7280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.463" name="bus" dev="loop7" ino=18 res=0 errno=0
[  141.165074][ T7272] loop6: detected capacity change from 0 to 32768
[  141.181263][ T7283] NILFS (loop7): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  141.194144][ T7283] NILFS error (device loop7): nilfs_bmap_propagate: broken bmap (inode number=4)
[  141.219592][ T7283] Remounting filesystem read-only
[  141.225140][ T7272] XFS (loop6): DAX unsupported by block device. Turning off DAX.
[  141.239871][ T7272] XFS (loop6): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  141.292055][ T7272] XFS (loop6): Ending clean mount
[  141.343399][ T7272] XFS (loop6): Quotacheck needed: Please wait.
[  141.357179][ T6831] NILFS (loop7): disposed unprocessed dirty file(s) when stopping log writer
[  141.366545][ T6831] NILFS (loop7): discard dirty page: offset=0, ino=2
[  141.391966][ T6831] NILFS (loop7): discard dirty block: blocknr=18, size=1024
[  141.401110][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.411451][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.432951][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.457395][ T6831] NILFS (loop7): discard dirty page: offset=0, ino=18
[  141.477359][ T6831] NILFS (loop7): discard dirty block: blocknr=0, size=1024
[  141.485524][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.495401][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.506539][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.516757][ T6831] NILFS (loop7): discard dirty page: offset=0, ino=6
[  141.523752][ T6831] NILFS (loop7): discard dirty block: blocknr=35, size=1024
[  141.528186][ T7272] XFS (loop6): Quotacheck: Done.
[  141.531429][ T6831] NILFS (loop7): discard dirty block: blocknr=36, size=1024
[  141.548185][ T6831] NILFS (loop7): discard dirty block: blocknr=37, size=1024
[  141.556598][ T6831] NILFS (loop7): discard dirty block: blocknr=38, size=1024
[  141.580415][ T6831] NILFS (loop7): discard dirty page: offset=4096, ino=6
[  141.599857][ T6831] NILFS (loop7): discard dirty block: blocknr=39, size=1024
[  141.618500][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.642247][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.665796][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.691400][ T6831] NILFS (loop7): discard dirty page: offset=0, ino=5
[  141.698895][ T6831] NILFS (loop7): discard dirty block: blocknr=41, size=1024
[  141.707345][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.716752][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.726632][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.736520][ T6831] NILFS (loop7): discard dirty page: offset=0, ino=4
[  141.743756][ T6831] NILFS (loop7): discard dirty block: blocknr=40, size=1024
[  141.751369][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.760555][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.770019][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.781921][ T6831] NILFS (loop7): discard dirty page: offset=0, ino=3
[  141.789105][ T6831] NILFS (loop7): discard dirty block: blocknr=42, size=1024
[  141.797139][ T6831] NILFS (loop7): discard dirty block: blocknr=43, size=1024
[  141.797175][ T6785] XFS (loop6): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  141.804579][ T6831] NILFS (loop7): discard dirty block: blocknr=44, size=1024
[  141.804598][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.804628][ T6831] NILFS (loop7): discard dirty page: offset=65536, ino=3
[  141.804643][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.804657][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.804670][ T6831] NILFS (loop7): discard dirty block: blocknr=0, size=1024
[  141.804683][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.804702][ T6831] NILFS (loop7): discard dirty page: offset=196608, ino=3
[  141.804715][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.804730][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  141.804743][ T6831] NILFS (loop7): discard dirty block: blocknr=49, size=1024
[  141.804757][ T6831] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024
[  142.857361][ T5777] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  143.066831][ T5777] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  143.114611][ T5777] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  143.142782][ T5777] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  143.162398][ T5777] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  143.178817][ T5777] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.199266][ T5777] usb 7-1: config 0 descriptor??
[  143.355570][ T7331] loop2: detected capacity change from 0 to 512
[  143.373361][ T7331] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  143.401573][ T7331] EXT4-fs (loop2): 1 truncate cleaned up
[  143.414381][ T7331] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  143.580753][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.675351][ T5777] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving
[  143.714910][ T5777] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  143.758858][ T7342] loop4: detected capacity change from 0 to 256
[  143.766827][ T7342] exfat: Bad value for 'uid'
[  144.206942][ T7345] loop2: detected capacity change from 0 to 32768
[  144.222972][ T7345] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 scanned by syz.2.485 (7345)
[  144.246140][ T7345] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  144.263145][ T7345] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  144.280659][ T7345] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  144.301173][ T7345] BTRFS info (device loop2): use zstd compression, level 3
[  144.321546][ T7345] BTRFS info (device loop2): using free space tree
[  144.365524][  T967] usb 7-1: USB disconnect, device number 2
[  144.433949][ T7345] BTRFS info (device loop2): enabling ssd optimizations
[  144.456270][ T7345] BTRFS info (device loop2): auto enabling async discard
[  144.558802][ T7354] loop4: detected capacity change from 0 to 32768
[  144.572099][   T28] audit: type=1800 audit(1753831589.256:23): pid=7345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.485" name="bus" dev="loop2" ino=263 res=0 errno=0
[  144.610955][ T7354] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[  144.649262][ T7354] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  144.697240][   T28] audit: type=1804 audit(1753831589.376:24): pid=7345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.485" name="/newroot/138/file0/bus" dev="loop2" ino=263 res=1 errno=0
[  145.069297][ T6426] ocfs2: Unmounting device (7,4) on (node local)
[  145.085588][ T5785] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  145.512999][ T5842] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  145.516569][ T7385] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  145.636275][ T7389] Bluetooth: hci0: invalid length 0, exp 2 for type 18
[  145.712791][ T5842] usb 7-1: Using ep0 maxpacket: 16
[  145.723441][ T5842] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  145.739915][ T5842] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  145.752024][ T5842] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  145.768365][ T7395] netlink: 'syz.2.498': attribute type 4 has an invalid length.
[  145.770956][ T5777] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  145.786702][ T5842] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  145.796336][ T5842] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.812992][ T5842] usb 7-1: config 0 descriptor??
[  145.995600][ T7401] pim6reg1: entered promiscuous mode
[  146.001150][ T7401] pim6reg1: entered allmulticast mode
[  146.008086][ T5777] usb 5-1: Using ep0 maxpacket: 32
[  146.016897][ T5777] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  146.031295][ T5777] usb 5-1: config 0 has no interface number 0
[  146.041383][ T5777] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  146.051836][ T5777] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.060246][ T5777] usb 5-1: Product: syz
[  146.064766][ T5777] usb 5-1: Manufacturer: syz
[  146.069449][ T5777] usb 5-1: SerialNumber: syz
[  146.079553][ T5777] usb 5-1: config 0 descriptor??
[  146.086657][ T5777] smsc95xx v2.0.0
[  146.421927][ T7403] loop7: detected capacity change from 0 to 40427
[  146.429881][ T7403] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504)
[  146.437338][ T7403] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  146.447650][ T7403] F2FS-fs (loop7): invalid crc value
[  146.456964][ T5842] shield 0003:0955:7214.000C: unknown main item tag 0x0
[  146.457413][ T7381] netlink: 'syz.6.493': attribute type 2 has an invalid length.
[  146.466582][ T5842] shield 0003:0955:7214.000C: unknown main item tag 0x0
[  146.472971][ T7381] netlink: 244 bytes leftover after parsing attributes in process `syz.6.493'.
[  146.479880][ T5842] shield 0003:0955:7214.000C: unknown main item tag 0x0
[  146.501916][ T7403] F2FS-fs (loop7): Found nat_bits in checkpoint
[  146.550637][ T7403] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  146.558143][ T7403] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  146.576348][ T5842] shield 0003:0955:7214.000C: unknown main item tag 0x0
[  146.584080][ T5842] shield 0003:0955:7214.000C: unknown main item tag 0x0
[  146.595445][ T5842] input: HID 0955:7214 Haptics as /devices/virtual/input/input16
[  146.685447][ T7408] syz.7.501: attempt to access beyond end of device
[  146.685447][ T7408] loop7: rw=2049, sector=53248, nr_sectors = 1432 limit=40427
[  146.954077][ T5842] shield 0003:0955:7214.000C: Registered Thunderstrike controller
[  146.962295][ T5842] shield 0003:0955:7214.000C: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.6-1/input0
[  147.013512][ T6831] syz-executor: attempt to access beyond end of device
[  147.013512][ T6831] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  147.027951][ T6831] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  147.077321][  T787] shield 0003:0955:7214.000C: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  147.100710][ T5842] usb 7-1: USB disconnect, device number 3
[  147.108114][  T787] shield 0003:0955:7214.000C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  147.133646][  T787] shield 0003:0955:7214.000C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  147.158658][  T787] shield 0003:0955:7214.000C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  147.349088][ T5777] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71
[  147.362845][ T5777] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[  147.381045][ T5777] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  147.403136][ T5777] smsc95xx: probe of 5-1:0.67 failed with error -71
[  147.423615][ T5777] usb 5-1: USB disconnect, device number 7
[  147.532950][ T5842] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  147.712955][ T5842] usb 7-1: Using ep0 maxpacket: 8
[  147.724560][ T5842] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  147.734264][ T5842] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.753458][ T5842] usb 7-1: Product: syz
[  147.757753][ T5842] usb 7-1: Manufacturer: syz
[  147.762398][ T5842] usb 7-1: SerialNumber: syz
[  147.785175][ T5842] usb 7-1: config 0 descriptor??
[  148.003057][ T7436] loop4: detected capacity change from 0 to 2048
[  148.012539][ T5842] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  148.037625][ T7436] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  148.050605][ T7436] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  148.096523][ T7436] fs-verity: sha512 using implementation "sha512-avx2"
[  148.189818][ T6426] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.743098][ T5777] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  148.868636][ T7457] netlink: 'syz.7.523': attribute type 10 has an invalid length.
[  148.923182][ T5777] usb 5-1: Using ep0 maxpacket: 32
[  148.937279][ T7457] veth0_vlan: left promiscuous mode
[  148.959928][ T5777] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  148.982985][ T5777] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[  148.996585][ T5777] usb 5-1: New USB device found, idVendor=0733, idProduct=0402, bcdDevice=ef.67
[  149.006165][ T5777] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.019121][ T5777] usb 5-1: Product: syz
[  149.020931][ T7457] veth0_vlan: entered promiscuous mode
[  149.023425][ T5777] usb 5-1: Manufacturer: syz
[  149.038343][ T5777] usb 5-1: SerialNumber: syz
[  149.043329][ T5842] dvb_usb_rtl28xxu: probe of 7-1:0.0 failed with error -71
[  149.055602][ T5842] usb 7-1: USB disconnect, device number 4
[  149.064597][ T5777] usb 5-1: config 0 descriptor??
[  149.088720][ T5777] gspca_main: spca501-2.14.0 probing 0733:0402
[  149.095217][ T7457] team0: Device veth0_vlan failed to register rx_handler
[  149.565981][ T5856] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  149.764815][ T5856] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  149.792845][ T5856] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  149.804487][ T5856] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  149.822769][ T5856] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.845144][ T5856] usb 3-1: config 0 descriptor??
[  150.272260][ T5856] cm6533_jd 0003:0D8C:0022.000D: No inputs registered, leaving
[  150.288635][ T5856] cm6533_jd 0003:0D8C:0022.000D: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0
[  150.321638][ T5777] gspca_spca501: reg write: error -71
[  150.328555][ T5777] spca501 5-1:0.0: Reg write failed for 0x00,0x00,0x05
[  150.344304][ T5777] spca501: probe of 5-1:0.0 failed with error -22
[  150.357268][ T5777] usb 5-1: USB disconnect, device number 8
[  150.422199][ T7486] netlink: 4 bytes leftover after parsing attributes in process `syz.6.536'.
[  150.445508][ T7486] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  150.455053][ T7486] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  150.464083][ T7486] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  150.473442][ T7486] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  150.484782][ T7486] vxlan0: entered promiscuous mode
[  150.492967][  T967] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  150.685166][  T967] usb 8-1: config 0 has too many interfaces: 204, using maximum allowed: 32
[  150.694025][  T967] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 204
[  150.703274][  T967] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  150.715263][  T967] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  150.729811][  T967] usb 8-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00
[  150.739013][  T967] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.750266][  T967] usb 8-1: config 0 descriptor??
[  151.124375][ T7496] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  151.133660][ T5856] usb 3-1: USB disconnect, device number 9
[  151.178410][  T967] input: HID 28bd:0909 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:28BD:0909.000E/input/input17
[  151.278686][  T967] uclogic 0003:28BD:0909.000E: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0909] on usb-dummy_hcd.7-1/input0
[  151.361962][ T7503] loop6: detected capacity change from 0 to 7
[  151.393048][ T7503] Dev loop6: unable to read RDB block 7
[  151.409379][ T7503]  loop6: AHDI p3 p4
[  151.414865][ T7503] loop6: partition table partially beyond EOD, truncated
[  151.432523][ T7503] loop6: p3 start 1886353253 is beyond EOD, truncated
[  151.510965][  T967] usb 8-1: USB disconnect, device number 5
[  152.192316][   T27] kernel write not supported for file /media7 (pid: 27 comm: kworker/1:1)
[  152.253434][ T1107] wlan1: Trigger new scan to find an IBSS to join
[  152.311094][ T7533] loop6: detected capacity change from 0 to 2048
[  152.327810][ T7533] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  152.542833][   T27] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  152.722871][   T27] usb 8-1: Using ep0 maxpacket: 32
[  152.730493][   T27] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  152.744025][   T27] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  152.754075][   T27] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  152.762698][   T27] usb 8-1: Product: syz
[  152.767289][   T27] usb 8-1: Manufacturer: syz
[  152.772003][   T27] usb 8-1: SerialNumber: syz
[  152.778387][   T27] usb 8-1: config 0 descriptor??
[  152.784092][ T7531] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  152.903074][  T967] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  153.015292][ T5835] usb 8-1: USB disconnect, device number 6
[  153.082894][  T967] usb 5-1: Using ep0 maxpacket: 8
[  153.090366][  T967] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  153.101411][  T967] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  153.110717][  T967] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.121473][  T967] usb 5-1: config 0 descriptor??
[  153.128732][  T967] gspca_main: vc032x-2.14.0 probing 046d:0892
[  153.898891][ T7565] loop2: detected capacity change from 0 to 4096
[  153.920185][ T7557] loop6: detected capacity change from 0 to 32768
[  153.973214][ T7557]  loop6: p1 p3 < >
[  154.159841][ T7569] bridge1: entered allmulticast mode
[  154.240804][ T7571] syz.6.570: attempt to access beyond end of device
[  154.240804][ T7571] loop6: rw=2048, sector=0, nr_sectors = 8 limit=0
[  154.352665][  T967] gspca_vc032x: reg_w err -71
[  154.357623][  T967] vc032x: probe of 5-1:0.0 failed with error -71
[  154.373824][  T967] usb 5-1: USB disconnect, device number 9
[  154.400733][ T7577] tipc: Started in network mode
[  154.408953][ T7577] tipc: Node identity ac14140f, cluster identity 4711
[  154.421718][ T7577] tipc: New replicast peer: 255.255.255.255
[  154.429846][ T7577] tipc: Enabled bearer <udp:syz2>, priority 10
[  154.811633][ T7590] loop7: detected capacity change from 0 to 4096
[  154.842200][ T7590] ntfs3: loop7: Mark volume as dirty due to NTFS errors
[  154.882842][  T787] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  155.009713][ T7595] loop4: detected capacity change from 0 to 1024
[  155.035127][ T7595] EXT4-fs: Ignoring removed nomblk_io_submit option
[  155.092310][  T787] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[  155.107539][  T787] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  155.117689][  T787] usb 7-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00
[  155.118252][ T7595] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  155.127940][  T787] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.151380][  T787] usb 7-1: config 0 descriptor??
[  155.299578][  T388] wlan1: Trigger new scan to find an IBSS to join
[  155.374187][ T7609] loop2: detected capacity change from 0 to 64
[  155.416127][ T7611] loop7: detected capacity change from 0 to 512
[  155.467754][ T7611] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  155.480670][ T7611] ext4 filesystem being mounted at /46/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  155.498413][ T6426] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.545710][   T27] tipc: Node number set to 2886997007
[  155.591470][  T787] elo 0003:04E7:0030.000F: item fetching failed at offset 2/3
[  155.611555][  T787] elo 0003:04E7:0030.000F: parse failed
[  155.633824][  T787] elo: probe of 0003:04E7:0030.000F failed with error -22
[  155.688754][ T6831] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.792250][ T7623] loop7: detected capacity change from 0 to 128
[  155.806293][ T7623] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  155.821621][ T7623] ext4 filesystem being mounted at /47/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  155.858271][ T5835] usb 7-1: USB disconnect, device number 5
[  155.912336][ T6831] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  156.342080][ T7639] veth0_to_bridge: entered promiscuous mode
[  156.351966][ T7638] veth0_to_bridge: left promiscuous mode
[  156.765156][ T5777] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  156.978441][ T5777] usb 8-1: Using ep0 maxpacket: 8
[  157.001385][ T5777] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  157.022835][ T5777] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  157.053238][ T5777] usb 8-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  157.068387][ T5777] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.094961][ T5777] usb 8-1: config 0 descriptor??
[  157.107217][ T7659] loop2: detected capacity change from 0 to 1024
[  157.150251][ T7659] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.228483][  T967] kernel write not supported for file bpf-prog (pid: 967 comm: kworker/0:2)
[  157.268600][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.358559][ T5777] usbhid 8-1:0.0: can't add hid device: -71
[  157.377569][ T5777] usbhid: probe of 8-1:0.0 failed with error -71
[  157.396936][ T5777] usb 8-1: USB disconnect, device number 7
[  157.428575][ T7665] loop2: detected capacity change from 0 to 1024
[  157.448970][ T7665] EXT4-fs: Ignoring removed nomblk_io_submit option
[  157.487801][ T7665] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  157.621072][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.807446][ T7674] loop2: detected capacity change from 0 to 1024
[  157.850177][ T7674] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  157.925581][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.997676][ T5792] block nbd6: Receive control failed (result -32)
[  158.030837][ T7679] block nbd6: shutting down sockets
[  158.129314][ T7681] loop7: detected capacity change from 0 to 2048
[  158.169372][ T7681] NILFS (loop7): broken superblock, retrying with spare superblock (blocksize = 1024)
[  158.227946][ T7686] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  158.253293][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  158.277283][ T7685] loop6: detected capacity change from 0 to 2048
[  158.355871][ T7685]  loop6: p1 < > p3 p4 < >
[  158.372258][ T7685] loop6: p3 start 4284289 is beyond EOD, truncated
[  158.432623][    C1] operation not supported error, dev loop6, sector 0 op 0x9:(WRITE_ZEROES) flags 0x8000800 phys_seg 0 prio class 2
[  158.556629][ T7691] loop7: detected capacity change from 0 to 128
[  158.568924][ T7691] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  158.603150][ T7691] ext4 filesystem being mounted at /56/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  158.791039][ T6831] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  158.963545][ T7703] loop4: detected capacity change from 0 to 512
[  158.971542][ T7703] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  158.994921][ T7703] EXT4-fs (loop4): 1 truncate cleaned up
[  159.001934][ T7703] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  159.068146][ T6426] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.172937][   T27] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  159.364420][   T27] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  159.375908][   T27] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  159.386374][   T27] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  159.396087][   T27] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.407327][   T27] usb 8-1: config 0 descriptor??
[  159.563023][ T5835] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  159.662681][   T27] usbhid 8-1:0.0: can't add hid device: -71
[  159.669421][   T27] usbhid: probe of 8-1:0.0 failed with error -71
[  159.679700][   T27] usb 8-1: USB disconnect, device number 8
[  159.767000][ T5835] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  159.780470][ T5835] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  159.792188][ T5835] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  159.802111][ T5835] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  159.816467][ T5835] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  159.825869][ T5835] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  159.834604][ T5835] usb 7-1: Manufacturer: syz
[  159.841189][ T5835] usb 7-1: config 0 descriptor??
[  159.944910][ T7724] loop2: detected capacity change from 0 to 1024
[  159.957724][ T7724] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  160.017740][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.105265][ T7728] netlink: 'syz.2.630': attribute type 1 has an invalid length.
[  160.198722][ T7731] loop4: detected capacity change from 0 to 1024
[  160.218785][ T7728] bond1: (slave vti0): The slave device specified does not support setting the MAC address
[  160.237730][ T7731] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  160.251251][ T7728] bond1: (slave vti0): Setting fail_over_mac to active for active-backup mode
[  160.271538][ T7731] EXT4-fs (loop4): orphan cleanup on readonly fs
[  160.272320][ T5835] appleir 0003:05AC:8243.0010: unknown main item tag 0x0
[  160.291417][ T7728] bond1: (slave vti0): making interface the new active one
[  160.306175][ T7728] bond1: (slave vti0): Enslaving as an active interface with an up link
[  160.309608][ T7731] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:478: comm syz.4.631: Invalid block bitmap block 0 in block_group 0
[  160.329549][ T5835] appleir 0003:05AC:8243.0010: No inputs registered, leaving
[  160.364898][ T7731] EXT4-fs (loop4): Remounting filesystem read-only
[  160.378551][ T7731] Quota error (device loop4): write_blk: dquota write failed
[  160.391239][ T5835] appleir 0003:05AC:8243.0010: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0
[  160.393210][ T7731] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  160.413846][ T7731] EXT4-fs (loop4): 1 orphan inode deleted
[  160.498422][ T7731] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  160.666013][ T7741] loop2: detected capacity change from 0 to 2048
[  160.701464][ T7741] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  160.719316][ T6426] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.969588][ T7744] loop2: detected capacity change from 0 to 128
[  160.997164][ T7744] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  161.017930][ T7744] ext4 filesystem being mounted at /189/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  161.124659][ T5785] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  161.493121][ T7739] loop7: detected capacity change from 0 to 131072
[  161.495660][ T7748] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 747
[  161.512047][ T7739] F2FS-fs (loop7): Wrong CP boundary, start(512) end(1536) blocks(0)
[  161.520436][ T7739] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  161.533301][ T7739] F2FS-fs (loop7): invalid crc value
[  161.572933][ T7739] F2FS-fs (loop7): Found nat_bits in checkpoint
[  161.634857][ T7739] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  161.642102][ T7739] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4
[  162.147714][ T7739] F2FS-fs (loop7): Start checkpoint disabled!
[  162.577224][ T5856] usb 7-1: USB disconnect, device number 6
[  162.698220][ T7774] loop6: detected capacity change from 0 to 32768
[  162.708155][ T7774] (syz.6.647,7774,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  162.746925][ T7774] (syz.6.647,7774,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  162.852288][ T7774] JBD2: Ignoring recovery information on journal
[  162.918872][ T7777] loop4: detected capacity change from 0 to 2048
[  162.928134][ T7774] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  162.969135][ T7777] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  163.241188][ T6785] ocfs2: Unmounting device (7,6) on (node local)
[  163.335542][ T7793] loop4: detected capacity change from 0 to 4096
[  163.356876][ T7793] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.574419][ T6426] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.672124][ T7802] loop7: detected capacity change from 0 to 8192
[  163.952913][ T5856] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  164.142852][ T5856] usb 5-1: Using ep0 maxpacket: 8
[  164.163278][ T5856] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  164.205188][ T5856] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  164.235937][ T5856] usb 5-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  164.265680][ T5856] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.292437][ T5856] usb 5-1: config 0 descriptor??
[  164.517160][ T7806] loop6: detected capacity change from 0 to 40427
[  164.535433][ T5856] usbhid 5-1:0.0: can't add hid device: -71
[  164.550532][ T7806] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  164.559301][ T5856] usbhid: probe of 5-1:0.0 failed with error -71
[  164.566243][ T7806] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  164.578811][ T5856] usb 5-1: USB disconnect, device number 10
[  164.608853][ T7806] F2FS-fs (loop6): Found nat_bits in checkpoint
[  164.656139][ T7806] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  164.663493][ T7806] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  164.831718][ T7827] bridge1: entered allmulticast mode
[  164.873045][   T27] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  164.924869][ T7829] syz.7.667: attempt to access beyond end of device
[  164.924869][ T7829] loop7: rw=2048, sector=0, nr_sectors = 8 limit=0
[  165.208361][ T7833] loop4: detected capacity change from 0 to 4096
[  166.075707][ T7833] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  166.720624][ T7841] loop6: detected capacity change from 0 to 1024
[  166.741086][ T7841] EXT4-fs: Ignoring removed nomblk_io_submit option
[  166.775372][ T7831] loop7: detected capacity change from 0 to 262144
[  166.783394][   T27] usb 3-1: Using ep0 maxpacket: 32
[  166.797941][   T27] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  166.808213][ T7831] F2FS-fs (loop7): invalid crc value
[  166.816126][ T7841] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  166.819226][   T27] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  166.838223][   T27] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  166.847707][ T7831] F2FS-fs (loop7): Found nat_bits in checkpoint
[  166.894671][ T7831] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  166.912786][   T27] usb 3-1: Product: syz
[  166.917698][   T27] usb 3-1: Manufacturer: syz
[  166.922302][   T27] usb 3-1: SerialNumber: syz
[  166.953895][   T27] usb 3-1: config 0 descriptor??
[  166.969058][ T7823] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  167.076177][ T6785] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.276904][ T5777] usb 3-1: USB disconnect, device number 10
[  167.396517][ T7851] loop4: detected capacity change from 0 to 40427
[  167.409917][ T7851] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  167.418267][ T7851] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  167.444657][ T7851] F2FS-fs (loop4): Found nat_bits in checkpoint
[  167.498892][ T7851] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  167.506314][ T7851] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  168.346820][ T7870] syz.4.679: attempt to access beyond end of device
[  168.346820][ T7870] loop4: rw=2048, sector=0, nr_sectors = 8 limit=0
[  168.775871][   T76] Bluetooth: hci4: Frame reassembly failed (-84)
[  168.954054][ T7882] loop7: detected capacity change from 0 to 1024
[  168.961721][ T7882] EXT4-fs: Ignoring removed nomblk_io_submit option
[  169.011828][ T7882] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  169.326488][ T6831] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.352401][ T7895] loop4: detected capacity change from 0 to 64
[  170.774858][ T7893] loop7: detected capacity change from 0 to 40427
[  170.784037][ T7893] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  170.797638][ T7893] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  170.817562][ T7893] F2FS-fs (loop7): Found nat_bits in checkpoint
[  170.824930][ T5792] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  171.002459][ T7893] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  171.027720][ T7893] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  171.208146][ T7917] loop2: detected capacity change from 0 to 1024
[  171.239435][ T7917] EXT4-fs: Ignoring removed nomblk_io_submit option
[  171.296595][ T7917] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.561225][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.663143][ T7930] loop4: detected capacity change from 0 to 128
[  171.697626][ T7930] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  171.750480][ T7930] ext4 filesystem being mounted at /111/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  171.896486][ T6426] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  171.959975][ T7938] loop2: detected capacity change from 0 to 512
[  171.979731][ T7938] EXT4-fs: Ignoring removed mblk_io_submit option
[  171.990601][ T7938] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  172.006228][ T7938] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec118, mo2=0002]
[  172.020215][ T7938] System zones: 1-12
[  172.038592][ T7938] EXT4-fs (loop2): 1 truncate cleaned up
[  172.049471][ T7938] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.150348][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.321361][ T7941] loop7: detected capacity change from 0 to 40427
[  172.330431][ T7941] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  172.338577][ T7941] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  172.352444][ T7941] F2FS-fs (loop7): Found nat_bits in checkpoint
[  172.388698][ T7941] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  172.396051][ T7941] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  173.229580][ T7979] ip6gre1: entered allmulticast mode
[  173.361037][ T7982] netlink: 8 bytes leftover after parsing attributes in process `syz.7.718'.
[  173.370194][ T7982] netlink: 'syz.7.718': attribute type 30 has an invalid length.
[  173.398033][ T7982] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  173.408659][ T7982] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  173.418069][ T7982] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  173.427125][ T7982] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  173.470088][ T7985] netlink: 8 bytes leftover after parsing attributes in process `syz.2.719'.
[  173.490059][ T7985] netlink: 28 bytes leftover after parsing attributes in process `syz.2.719'.
[  173.510397][ T7982] netlink: 8 bytes leftover after parsing attributes in process `syz.7.718'.
[  173.555316][ T7982] netlink: 'syz.7.718': attribute type 30 has an invalid length.
[  173.920964][ T7980] loop4: detected capacity change from 0 to 40427
[  173.942216][ T7980] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  173.969386][ T7980] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  174.036465][ T7980] F2FS-fs (loop4): Found nat_bits in checkpoint
[  174.123663][ T7980] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  174.130903][ T7980] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  174.165932][ T8006] xt_CT: No such helper "pptp"
[  174.301958][ T8019] netlink: 12 bytes leftover after parsing attributes in process `syz.7.730'.
[  174.325844][ T8019] netlink: 12 bytes leftover after parsing attributes in process `syz.7.730'.
[  175.465687][ T8038] syz.2.737: attempt to access beyond end of device
[  175.465687][ T8038] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  175.561894][ T8026] loop6: detected capacity change from 0 to 40427
[  175.572568][ T8026] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  175.581197][ T8026] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  175.618002][ T8026] F2FS-fs (loop6): Found nat_bits in checkpoint
[  175.680945][ T8026] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  175.691947][ T8026] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  175.693896][ T8053] loop7: detected capacity change from 0 to 64
[  175.772004][ T8053] overlayfs: upper fs needs to support d_type.
[  175.808419][ T8053] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  175.832825][ T8053] overlayfs: failed to set xattr on upper
[  175.848901][ T8053] overlayfs: ...falling back to redirect_dir=nofollow.
[  175.869181][ T8053] overlayfs: ...falling back to index=off.
[  175.892910][ T8053] overlayfs: ...falling back to uuid=null.
[  176.133515][ T5835] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  176.342834][ T5835] usb 3-1: Using ep0 maxpacket: 16
[  176.351031][ T5835] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  176.363500][ T5835] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  176.382817][ T5835] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.403824][ T5835] usb 3-1: config 0 descriptor??
[  176.521892][ T8061] loop4: detected capacity change from 0 to 40427
[  176.535420][ T8061] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  176.552857][ T8061] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  176.596807][ T8061] F2FS-fs (loop4): Found nat_bits in checkpoint
[  176.657898][ T8061] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  176.670651][ T8061] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  176.817331][ T5835] mcp2221 0003:04D8:00DD.0011: unknown main item tag 0x0
[  176.828798][ T5835] mcp2221 0003:04D8:00DD.0011: unknown main item tag 0x0
[  176.836349][ T5835] mcp2221 0003:04D8:00DD.0011: unknown main item tag 0x0
[  176.848745][ T5835] mcp2221 0003:04D8:00DD.0011: unknown main item tag 0x0
[  176.862940][ T5835] mcp2221 0003:04D8:00DD.0011: unknown main item tag 0x0
[  176.875296][ T5835] mcp2221 0003:04D8:00DD.0011: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[  176.925276][ T6831] Trying to free block not in datazone
[  176.932304][ T6831] Trying to free block not in datazone
[  176.947552][ T6831] Trying to free block not in datazone
[  177.054118][ T5835] usb 3-1: USB disconnect, device number 11
[  177.412594][ T8077] input: syz0 as /devices/virtual/input/input18
[  178.061446][ T8100] loop4: detected capacity change from 0 to 1024
[  178.069601][ T8100] EXT4-fs: Ignoring removed nomblk_io_submit option
[  178.109346][ T8102] loop6: detected capacity change from 0 to 2048
[  178.119702][ T8100] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  178.125492][ T8107] netlink: 4 bytes leftover after parsing attributes in process `syz.2.760'.
[  178.137825][ T8102] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024)
[  178.184268][ T8108] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  178.235475][ T8110] loop7: detected capacity change from 0 to 2048
[  178.283076][ T8110]  loop7: p1 < > p3 p4 < >
[  178.295662][ T8110] loop7: p3 start 4284289 is beyond EOD, truncated
[  178.356466][    C0] operation not supported error, dev loop7, sector 0 op 0x9:(WRITE_ZEROES) flags 0x8000800 phys_seg 0 prio class 2
[  178.384395][ T6426] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.489999][   T76] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  178.687180][ T8130] loop7: detected capacity change from 0 to 512
[  178.726867][ T8130] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  178.743184][ T8130] ext4 filesystem being mounted at /95/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  178.809944][ T8127] loop4: detected capacity change from 0 to 32768
[  178.819700][ T8127] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.768 (8127)
[  178.837798][ T8127] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  178.848190][ T8127] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  178.857188][ T8127] BTRFS info (device loop4): using free space tree
[  178.891334][ T8127] BTRFS info (device loop4): enabling ssd optimizations
[  178.898746][ T8127] BTRFS info (device loop4): auto enabling async discard
[  178.959608][ T6831] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.972443][ T6426] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  179.447155][ T8156] loop2: detected capacity change from 0 to 2048
[  179.481286][ T8156] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  179.515207][ T8162] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  179.722321][ T8172] loop2: detected capacity change from 0 to 128
[  179.750183][ T8172] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  179.767422][ T8172] ext4 filesystem being mounted at /225/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  179.791136][ T8176] loop4: detected capacity change from 0 to 512
[  179.827141][ T8176] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  179.843373][ T8176] ext4 filesystem being mounted at /130/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  179.859671][ T5785] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  179.959856][ T8183] loop2: detected capacity change from 0 to 64
[  180.031568][ T6426] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.095714][ T8185] netlink: 'syz.2.785': attribute type 10 has an invalid length.
[  180.224952][ T8191] loop4: detected capacity change from 0 to 2048
[  180.248448][ T8191] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  180.273110][ T8191] ext4 filesystem being mounted at /132/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  180.373414][ T8191] loop4: detected capacity change from 2048 to 64
[  180.403996][ T8197] netlink: 8 bytes leftover after parsing attributes in process `syz.2.788'.
[  180.418569][ T8197] netlink: 'syz.2.788': attribute type 30 has an invalid length.
[  180.446753][ T8197] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  180.456022][ T8197] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  180.465058][ T8197] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  180.473996][ T8197] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  180.490838][ T6426] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.493913][ T8197] netlink: 8 bytes leftover after parsing attributes in process `syz.2.788'.
[  180.527965][ T8192] kmmpd-loop4: attempt to access beyond end of device
[  180.527965][ T8192] loop4: rw=14337, sector=512, nr_sectors = 8 limit=64
[  180.547889][ T8197] netlink: 'syz.2.788': attribute type 30 has an invalid length.
[  180.556387][ T8192] Buffer I/O error on dev loop4, logical block 64, lost sync page write
[  180.736221][ T8201] loop7: detected capacity change from 0 to 2048
[  180.767628][ T8201] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  180.781085][ T8201] ext4 filesystem being mounted at /101/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  180.843003][ T8201] loop7: detected capacity change from 2048 to 64
[  180.908838][ T6831] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.958629][  T388] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  180.970625][ T8204] kmmpd-loop7: attempt to access beyond end of device
[  180.970625][ T8204] loop7: rw=14337, sector=512, nr_sectors = 8 limit=64
[  180.998537][ T8204] Buffer I/O error on dev loop7, logical block 64, lost sync page write
[  181.002839][ T5777] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  181.099850][  T388] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.225630][ T5777] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  181.237925][ T5777] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  181.254629][ T5777] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  181.265455][ T5777] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.276112][ T5777] usb 7-1: config 0 descriptor??
[  181.309038][  T388] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.410432][  T388] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.776933][ T5777] usbhid 7-1:0.0: can't add hid device: -71
[  181.783367][ T5777] usbhid: probe of 7-1:0.0 failed with error -71
[  181.802120][ T5777] usb 7-1: USB disconnect, device number 7
[  182.003466][ T5792] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  182.015404][ T5792] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  182.026732][ T5792] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  182.039685][ T5792] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  182.053312][ T5792] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  182.062490][ T5792] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  182.204968][ T5798] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  182.220257][ T5798] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  182.231539][ T5798] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  182.255115][ T5798] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  182.263032][ T5798] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  182.271973][ T5798] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  182.472169][ T8217] chnl_net:caif_netlink_parms(): no params data found
[  182.483875][ T8225] loop6: detected capacity change from 0 to 1024
[  182.540290][ T8225] hfsplus: xattr searching failed
[  182.550271][ T8225] hfsplus: xattr searching failed
[  182.762219][ T8229] xt_CT: No such helper "pptp"
[  182.964241][ T8217] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.971855][ T8217] bridge0: port 1(bridge_slave_0) entered disabled state
[  182.982097][ T8217] bridge_slave_0: entered allmulticast mode
[  182.991058][ T8217] bridge_slave_0: entered promiscuous mode
[  183.009028][ T8217] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.033089][ T8217] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.041021][ T8217] bridge_slave_1: entered allmulticast mode
[  183.049065][ T8217] bridge_slave_1: entered promiscuous mode
[  183.056105][ T8219] chnl_net:caif_netlink_parms(): no params data found
[  183.121330][  T388] hsr_slave_0: left promiscuous mode
[  183.127844][  T388] hsr_slave_1: left promiscuous mode
[  183.135374][  T388] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  183.144362][  T388] batman_adv: batadv0: Removing interface: batadv_slave_0
[  183.152160][  T388] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  183.160363][  T388] batman_adv: batadv0: Removing interface: batadv_slave_1
[  183.168862][  T388] bridge_slave_1: left allmulticast mode
[  183.174824][  T388] bridge_slave_1: left promiscuous mode
[  183.180784][  T388] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.191378][  T388] bridge_slave_0: left allmulticast mode
[  183.197961][  T388] bridge_slave_0: left promiscuous mode
[  183.204208][  T388] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.233788][  T388] veth1_macvtap: left promiscuous mode
[  183.239621][  T388] veth0_macvtap: left promiscuous mode
[  183.245644][  T388] veth1_vlan: left promiscuous mode
[  183.251187][  T388] veth0_vlan: left promiscuous mode
[  184.108558][ T5798] Bluetooth: hci1: command tx timeout
[  184.198209][  T388] team0 (unregistering): Port device team_slave_1 removed
[  184.284985][  T388] team0 (unregistering): Port device team_slave_0 removed
[  184.333076][ T5798] Bluetooth: hci2: command tx timeout
[  184.377579][  T388] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  184.464310][  T388] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  185.501761][  T388] bond0 (unregistering): Released all slaves
[  185.607219][ T8217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  185.620240][ T8217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  185.723703][ T8217] team0: Port device team_slave_0 added
[  185.738513][ T8217] team0: Port device team_slave_1 added
[  185.848442][ T8217] batman_adv: batadv0: Adding interface: batadv_slave_0
[  185.858734][ T8217] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  185.891651][ T8217] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  185.905019][ T8217] batman_adv: batadv0: Adding interface: batadv_slave_1
[  185.912116][ T8217] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  185.938566][ T8217] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  185.950044][ T8219] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.957660][ T8219] bridge0: port 1(bridge_slave_0) entered disabled state
[  185.977105][ T8219] bridge_slave_0: entered allmulticast mode
[  185.984442][ T8219] bridge_slave_0: entered promiscuous mode
[  186.012151][ T8219] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.023503][ T8219] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.030944][ T8219] bridge_slave_1: entered allmulticast mode
[  186.039254][ T8219] bridge_slave_1: entered promiscuous mode
[  186.071691][ T8217] hsr_slave_0: entered promiscuous mode
[  186.078153][ T8217] hsr_slave_1: entered promiscuous mode
[  186.084537][ T8217] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  186.092289][ T8217] Cannot create hsr debugfs directory
[  186.114562][ T8219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  186.139282][ T8219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  186.173963][ T5798] Bluetooth: hci1: command tx timeout
[  186.206101][ T8219] team0: Port device team_slave_0 added
[  186.220139][ T8219] team0: Port device team_slave_1 added
[  186.265364][ T8219] batman_adv: batadv0: Adding interface: batadv_slave_0
[  186.272525][ T8219] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  186.302888][ T8219] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  186.315910][ T8219] batman_adv: batadv0: Adding interface: batadv_slave_1
[  186.323230][ T8219] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  186.350827][ T8219] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  186.417459][  T388] netdevsim netdevsim7 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  186.428214][ T5798] Bluetooth: hci2: command tx timeout
[  186.433779][  T388] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.539139][  T388] netdevsim netdevsim7 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  186.550043][  T388] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.599012][ T8219] hsr_slave_0: entered promiscuous mode
[  186.605786][ T8219] hsr_slave_1: entered promiscuous mode
[  186.612335][ T8219] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  186.627009][ T8219] Cannot create hsr debugfs directory
[  186.667932][  T388] netdevsim netdevsim7 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  186.679601][  T388] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.765614][  T388] netdevsim netdevsim7 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  186.776443][  T388] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.095177][ T8217] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  187.116746][ T8217] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  187.141683][ T8217] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  187.176079][ T8217] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  187.378454][ T8219] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  187.389339][ T8219] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  187.434353][ T8219] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  187.446043][ T8219] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  187.640020][ T8217] 8021q: adding VLAN 0 to HW filter on device bond0
[  187.654013][ T8219] 8021q: adding VLAN 0 to HW filter on device bond0
[  187.717978][ T8219] 8021q: adding VLAN 0 to HW filter on device team0
[  187.733106][ T8217] 8021q: adding VLAN 0 to HW filter on device team0
[  187.782320][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.789690][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.799792][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.807205][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.820164][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.827592][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.886679][   T76] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.894065][   T76] bridge0: port 2(bridge_slave_1) entered forwarding state
[  188.254292][ T5798] Bluetooth: hci1: command tx timeout
[  188.316686][ T8219] 8021q: adding VLAN 0 to HW filter on device batadv0
[  188.385664][  T388] hsr_slave_0: left promiscuous mode
[  188.406395][  T388] hsr_slave_1: left promiscuous mode
[  188.417190][  T388] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  188.428324][  T388] batman_adv: batadv0: Removing interface: batadv_slave_0
[  188.439213][  T388] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  188.446977][  T388] batman_adv: batadv0: Removing interface: batadv_slave_1
[  188.456954][  T388] bridge_slave_1: left allmulticast mode
[  188.463025][  T388] bridge_slave_1: left promiscuous mode
[  188.469074][  T388] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.489607][  T388] bridge_slave_0: left allmulticast mode
[  188.494816][ T5798] Bluetooth: hci2: command tx timeout
[  188.496011][  T388] bridge_slave_0: left promiscuous mode
[  188.508069][  T388] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.539127][  T388] veth1_macvtap: left promiscuous mode
[  188.545415][  T388] veth0_macvtap: left promiscuous mode
[  188.551234][  T388] veth1_vlan: left promiscuous mode
[  189.327633][  T388] team0 (unregistering): Port device team_slave_1 removed
[  189.391690][  T388] team0 (unregistering): Port device team_slave_0 removed
[  189.459292][  T388] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  189.527638][  T388] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  190.333182][ T5792] Bluetooth: hci1: command tx timeout
[  190.580987][ T5792] Bluetooth: hci2: command tx timeout
[  190.633995][  T388] bond0 (unregistering): Released all slaves
[  190.801064][ T8217] 8021q: adding VLAN 0 to HW filter on device batadv0
[  191.166444][ T8219] veth0_vlan: entered promiscuous mode
[  191.212617][ T8219] veth1_vlan: entered promiscuous mode
[  191.313754][ T8219] veth0_macvtap: entered promiscuous mode
[  191.329830][ T8217] veth0_vlan: entered promiscuous mode
[  191.348024][ T8219] veth1_macvtap: entered promiscuous mode
[  191.358132][ T8217] veth1_vlan: entered promiscuous mode
[  191.385624][ T8219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.396490][ T8219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.407639][ T8219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.418925][ T8219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.430449][ T8219] batman_adv: batadv0: Interface activated: batadv_slave_0
[  191.452522][ T8219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.468450][ T8219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.480155][ T8219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.490862][ T8219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.502428][ T8219] batman_adv: batadv0: Interface activated: batadv_slave_1
[  191.527255][ T8219] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  191.536973][ T8219] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  191.546549][ T8219] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  191.556603][ T8219] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  191.572075][ T8217] veth0_macvtap: entered promiscuous mode
[  191.605963][ T8217] veth1_macvtap: entered promiscuous mode
[  191.614258][ T5792] Bluetooth: hci0: command 0x0406 tx timeout
[  191.674843][ T8217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.695949][ T8217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.715817][ T8217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.728272][ T8217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.738879][ T8217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.750105][ T8217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.762004][ T8217] batman_adv: batadv0: Interface activated: batadv_slave_0
[  191.792541][   T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  191.793107][ T8217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.800731][   T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  191.815507][ T8217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.829296][ T8217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.839990][ T8217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.850039][ T8217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.861544][ T8217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.875843][ T8217] batman_adv: batadv0: Interface activated: batadv_slave_1
[  191.891493][ T8217] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  191.902331][ T8217] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  191.911309][ T8217] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  191.921061][ T8217] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  191.949284][  T388] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  191.957754][  T388] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  192.054529][   T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  192.062409][   T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  192.157963][ T2973] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  192.171730][ T2973] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.037292][ T8286] loop6: detected capacity change from 0 to 1024
[  193.098635][ T8286] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.317447][ T6785] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.727058][ T8292] loop8: detected capacity change from 0 to 40427
[  193.742420][ T8292] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[  193.751687][ T8292] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  193.771779][ T8292] F2FS-fs (loop8): Found nat_bits in checkpoint
[  193.840524][ T8292] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  193.862757][ T8292] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  194.322943][    T8] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  194.673305][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  194.679688][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  195.031683][    T8] usb 5-1: device descriptor read/all, error -71
[  195.798399][ T8330] loop4: detected capacity change from 0 to 2048
[  195.863385][ T8330] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  195.902212][ T8324] loop2: detected capacity change from 0 to 32768
[  195.931851][ T8324] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.820 (8324)
[  195.969625][ T8324] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  195.980745][ T8324] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  195.989712][ T8324] BTRFS info (device loop2): setting nodatacow, compression disabled
[  195.998889][ T8324] BTRFS info (device loop2): max_inline at 0
[  196.005520][ T8324] BTRFS info (device loop2): enabling disk space caching
[  196.012954][ T8324] BTRFS info (device loop2): turning off barriers
[  196.019526][ T8324] BTRFS info (device loop2): turning on flush-on-commit
[  196.027878][ T8324] BTRFS info (device loop2): doing ref verification
[  196.035073][ T8324] BTRFS info (device loop2): force clearing of disk cache
[  196.042656][ T8324] BTRFS info (device loop2): enabling ssd optimizations
[  196.050976][ T8324] BTRFS info (device loop2): max_inline at 4096
[  196.057939][ T8324] BTRFS info (device loop2): disk space caching is enabled
[  196.115359][ T5777] kernel write not supported for file bpf-prog (pid: 5777 comm: kworker/1:3)
[  196.190675][ T8324] BTRFS info (device loop2): auto enabling async discard
[  196.208262][ T8324] BTRFS info (device loop2): rebuilding free space tree
[  196.252509][ T8359] loop8: detected capacity change from 0 to 512
[  196.274073][ T8324] BTRFS info (device loop2): disabling free space tree
[  196.277907][ T8359] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  196.292896][ T8324] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  196.313436][ T8324] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  196.326656][ T8359] EXT4-fs (loop8): 1 truncate cleaned up
[  196.344455][ T8359] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  196.466731][ T8359] EXT4-fs error (device loop8): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.8.826: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  196.509565][ T8359] EXT4-fs (loop8): Remounting filesystem read-only
[  196.643882][ T8219] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.661732][ T5785] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  197.196608][    T8] kernel write not supported for file bpf-prog (pid: 8 comm: kworker/0:0)
[  197.294739][ T8381] loop6: detected capacity change from 0 to 512
[  197.344952][ T8381] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  197.364684][ T8381] ext4 filesystem being mounted at /130/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  197.392824][ T5842] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  197.487378][ T8372] loop8: detected capacity change from 0 to 40427
[  197.489349][ T6785] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.509257][ T8372] F2FS-fs (loop8): build fault injection attr: rate: 690, type: 0x7ffff
[  197.518006][ T8372] F2FS-fs (loop8): Image doesn't support compression
[  197.552798][ T8372] F2FS-fs (loop8): Image doesn't support compression
[  197.573200][ T8372] F2FS-fs (loop8): invalid crc value
[  197.591315][ T8372] F2FS-fs (loop8): Found nat_bits in checkpoint
[  197.594566][ T5842] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  197.622865][ T5842] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  197.650653][ T8372] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  197.651730][ T5842] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  197.696148][ T5842] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.728394][ T5842] usb 3-1: config 0 descriptor??
[  197.735582][ T8390] f2fs_ckpt-7:8: attempt to access beyond end of device
[  197.735582][ T8390] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  197.757174][ T8390] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  197.769355][   T28] audit: type=1804 audit(1753831642.456:25): pid=8372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.8.831" name="/newroot/4/bus/bus" dev="loop8" ino=10 res=1 errno=0
[  198.139229][ T5842] usbhid 3-1:0.0: can't add hid device: -71
[  198.155999][ T5842] usbhid: probe of 3-1:0.0 failed with error -71
[  198.180243][ T8403] loop6: detected capacity change from 0 to 512
[  198.193446][ T5842] usb 3-1: USB disconnect, device number 12
[  198.209892][ T8403] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  198.265901][ T8403] EXT4-fs (loop6): 1 truncate cleaned up
[  198.283631][ T8403] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  198.315591][ T8403] EXT4-fs error (device loop6): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.6.842: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  198.347998][ T8403] EXT4-fs (loop6): Remounting filesystem read-only
[  198.410350][ T6785] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.478622][ T8410] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  198.629312][ T8419] loop8: detected capacity change from 0 to 164
[  198.654869][ T8419] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  198.692339][ T8419] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  198.706265][ T8419] Symlink component flag not implemented
[  198.713443][ T8419] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  198.725905][ T8419] rock: directory entry would overflow storage
[  198.732532][ T8419] rock: sig=0x4f50, size=4, remaining=3
[  198.738683][ T8419] iso9660: Corrupted directory entry in block 4 of inode 1792
[  198.750292][ T8419] Symlink component flag not implemented (255)
[  198.913845][    T8] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  198.962589][ T8431] netlink: 4 bytes leftover after parsing attributes in process `syz.2.852'.
[  199.106782][    T8] usb 5-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[  199.122856][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.131310][    T8] usb 5-1: Product: syz
[  199.136432][    T8] usb 5-1: Manufacturer: syz
[  199.141048][    T8] usb 5-1: SerialNumber: syz
[  199.156739][    T8] usb 5-1: config 0 descriptor??
[  199.594069][ T8442] loop2: detected capacity change from 0 to 512
[  199.607188][ T8442] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  199.636532][ T8442] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  199.676544][ T8442] ext4 filesystem being mounted at /244/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  199.749174][ T8439] loop8: detected capacity change from 0 to 40427
[  199.761622][ T8439] F2FS-fs (loop8): invalid crc value
[  199.794325][ T8439] F2FS-fs (loop8): Found nat_bits in checkpoint
[  199.850534][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.873354][ T8439] F2FS-fs (loop8): Start checkpoint disabled!
[  199.884101][ T8439] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  200.193621][    T8] asix 5-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  200.269988][ T8453] loop2: detected capacity change from 0 to 164
[  200.313488][ T8453] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  200.350859][ T3487] kworker/u4:10: attempt to access beyond end of device
[  200.350859][ T3487] loop8: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  200.396195][    T8] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  200.398953][ T3487] kworker/u4:10: attempt to access beyond end of device
[  200.398953][ T3487] loop8: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  200.407881][ T8453] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  200.443052][    T8] asix 5-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  200.463152][    T8] asix: probe of 5-1:0.0 failed with error -71
[  200.475497][ T8453] Symlink component flag not implemented
[  200.484543][    T8] usb 5-1: USB disconnect, device number 13
[  200.505538][ T8453] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  200.539731][ T3487] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  200.549112][ T8453] rock: directory entry would overflow storage
[  200.562422][ T8453] rock: sig=0x4f50, size=4, remaining=3
[  200.595498][ T8453] iso9660: Corrupted directory entry in block 4 of inode 1792
[  200.610111][ T8453] Symlink component flag not implemented (255)
[  200.773347][ T8457] loop2: detected capacity change from 0 to 2048
[  200.798114][ T8457] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  201.152917][ T8463] syzkaller0: entered allmulticast mode
[  201.161607][ T8455] loop6: detected capacity change from 0 to 32768
[  201.179429][ T8455] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  201.185263][ T8463] syzkaller0 (unregistering): left allmulticast mode
[  201.216464][ T8455] XFS (loop6): Ending clean mount
[  201.275917][ T6785] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  201.422999][   T27] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  201.585289][ T8481] loop6: detected capacity change from 0 to 136
[  201.655455][   T27] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  201.679422][   T27] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  201.692549][   T27] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  201.706095][   T27] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.721181][   T27] usb 9-1: config 0 descriptor??
[  202.012949][ T8481] loop6: detected capacity change from 0 to 32768
[  202.031938][ T8481] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop6 scanned by syz.6.867 (8481)
[  202.060457][   T27] usbhid 9-1:0.0: can't add hid device: -71
[  202.060750][ T8481] BTRFS info (device loop6): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  202.069388][   T27] usbhid: probe of 9-1:0.0 failed with error -71
[  202.081794][ T8481] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm
[  202.098687][ T8481] BTRFS info (device loop6): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  202.106059][   T27] usb 9-1: USB disconnect, device number 2
[  202.108979][ T8481] BTRFS info (device loop6): use zstd compression, level 3
[  202.127507][ T8481] BTRFS info (device loop6): using free space tree
[  202.171231][ T8483] loop2: detected capacity change from 0 to 32768
[  202.179229][ T8481] BTRFS info (device loop6): enabling ssd optimizations
[  202.183737][ T8483] XFS: attr2 mount option is deprecated.
[  202.186800][ T8481] BTRFS info (device loop6): auto enabling async discard
[  202.221403][   T28] audit: type=1800 audit(1753831646.906:26): pid=8481 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.867" name="file1" dev="loop6" ino=260 res=0 errno=0
[  202.255192][ T8483] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  202.333670][ T8509] netlink: 4 bytes leftover after parsing attributes in process `syz.4.874'.
[  202.378466][ T6785] BTRFS info (device loop6): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  202.390160][ T8483] XFS (loop2): Ending clean mount
[  202.398264][ T8483] XFS (loop2): Quotacheck needed: Please wait.
[  202.500307][ T8483] XFS (loop2): Quotacheck: Done.
[  202.729961][ T5785] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  203.451131][ T8523] loop8: detected capacity change from 0 to 40427
[  203.466040][ T8523] F2FS-fs (loop8): invalid crc value
[  203.504979][ T8523] F2FS-fs (loop8): Found nat_bits in checkpoint
[  203.552793][ T8523] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  203.630418][ T8523] syz.8.880: attempt to access beyond end of device
[  203.630418][ T8523] loop8: rw=2049, sector=45096, nr_sectors = 32 limit=40427
[  203.665388][ T8540] netlink: 4 bytes leftover after parsing attributes in process `syz.2.883'.
[  203.761182][ T8219] syz-executor: attempt to access beyond end of device
[  203.761182][ T8219] loop8: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  203.798508][ T8219] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  204.260428][  T388] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  204.260961][ T8548] loop4: detected capacity change from 0 to 32768
[  204.285183][ T8548] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.887 (8548)
[  204.323814][ T8548] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  204.335506][ T8548] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  204.354939][ T8548] BTRFS info (device loop4): setting nodatacow, compression disabled
[  204.363953][ T8548] BTRFS info (device loop4): max_inline at 0
[  204.372450][ T8548] BTRFS info (device loop4): enabling disk space caching
[  204.386016][ T8548] BTRFS info (device loop4): turning off barriers
[  204.392616][ T8548] BTRFS info (device loop4): turning on flush-on-commit
[  204.401379][ T8548] BTRFS info (device loop4): doing ref verification
[  204.408478][ T8548] BTRFS info (device loop4): force clearing of disk cache
[  204.416494][ T8548] BTRFS info (device loop4): enabling ssd optimizations
[  204.424251][ T8548] BTRFS info (device loop4): max_inline at 4096
[  204.431359][ T8548] BTRFS info (device loop4): disk space caching is enabled
[  204.488684][ T8548] BTRFS info (device loop4): auto enabling async discard
[  204.515296][ T8548] BTRFS info (device loop4): rebuilding free space tree
[  204.552481][ T8548] BTRFS info (device loop4): disabling free space tree
[  204.571080][ T8548] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  204.603698][ T8548] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  204.750625][ T8557] loop2: detected capacity change from 0 to 32768
[  204.769416][ T8557] (syz.2.889,8557,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  204.798630][ T8557] (syz.2.889,8557,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  204.844286][ T8557] JBD2: Ignoring recovery information on journal
[  204.858301][ T8217] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  204.968223][ T8557] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  205.499066][ T5785] ocfs2: Unmounting device (7,2) on (node local)
[  207.383396][ T8619] loop6: detected capacity change from 0 to 32768
[  207.402633][ T8619] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 scanned by syz.6.903 (8619)
[  207.430979][ T8619] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  207.441802][ T8619] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm
[  207.457613][ T8619] BTRFS info (device loop6): setting nodatacow, compression disabled
[  207.467255][ T8619] BTRFS info (device loop6): max_inline at 0
[  207.477304][ T8619] BTRFS info (device loop6): enabling disk space caching
[  207.485815][ T8619] BTRFS info (device loop6): turning off barriers
[  207.492662][ T8619] BTRFS info (device loop6): turning on flush-on-commit
[  207.505381][ T8619] BTRFS info (device loop6): doing ref verification
[  207.512423][ T8619] BTRFS info (device loop6): force clearing of disk cache
[  207.524560][ T8619] BTRFS info (device loop6): enabling ssd optimizations
[  207.532046][ T8619] BTRFS info (device loop6): max_inline at 4096
[  207.541409][ T8619] BTRFS info (device loop6): disk space caching is enabled
[  207.619137][ T8619] BTRFS info (device loop6): auto enabling async discard
[  207.639730][ T8619] BTRFS info (device loop6): rebuilding free space tree
[  207.675104][ T8619] BTRFS info (device loop6): disabling free space tree
[  207.693164][ T8619] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  207.703926][ T8619] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  207.964585][ T6785] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  208.021344][ T8657] syz.2.916[8657] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  208.021644][ T8657] syz.2.916[8657] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  208.060122][ T8659] 
[  208.075302][ T8659] =====================================================
[  208.082864][ T8659] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[  208.090889][ T8659] 6.6.100-syzkaller #0 Not tainted
[  208.096124][ T8659] -----------------------------------------------------
[  208.103256][ T8659] syz.8.917/8659 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  208.111459][ T8659] ffffffff8ca0a058 (tasklist_lock){.+.+}-{2:2}, at: send_sigurg+0xf0/0x3c0
[  208.120223][ T8659] 
[  208.120223][ T8659] and this task is already holding:
[  208.127995][ T8659] ffff88807af4dc98 (&f->f_owner.lock){...-}-{2:2}, at: send_sigurg+0x29/0x3c0
[  208.137025][ T8659] which would create a new lock dependency:
[  208.143737][ T8659]  (&f->f_owner.lock){...-}-{2:2} -> (tasklist_lock){.+.+}-{2:2}
[  208.151585][ T8659] 
[  208.151585][ T8659] but this new dependency connects a SOFTIRQ-irq-safe lock:
[  208.161066][ T8659]  (&client->buffer_lock){..-.}-{2:2}
[  208.161096][ T8659] 
[  208.161096][ T8659] ... which became SOFTIRQ-irq-safe at:
[  208.174435][ T8659]   lock_acquire+0x197/0x410
[  208.179491][ T8659]   _raw_spin_lock+0x2e/0x40
[  208.184194][ T8659]   evdev_pass_values+0xcb/0xab0
[  208.189277][ T8659]   evdev_events+0x1d8/0x330
[  208.193970][ T8659]   input_pass_values+0x907/0x1300
[  208.199215][ T8659]   input_event_dispose+0x3e8/0x6c0
[  208.204479][ T8659]   input_event+0x8c/0xc0
[  208.208810][ T8659]   hidinput_hid_event+0x1325/0x1c80
[  208.214176][ T8659]   hid_process_event+0x4b7/0x620
[  208.219403][ T8659]   hid_report_raw_event+0xf46/0x1760
[  208.224819][ T8659]   hid_input_report+0x434/0x520
[  208.229877][ T8659]   hid_irq_in+0x479/0x6d0
[  208.234492][ T8659]   __usb_hcd_giveback_urb+0x35f/0x520
[  208.240182][ T8659]   dummy_timer+0x8a3/0x31b0
[  208.246033][ T8659]   __hrtimer_run_queues+0x51e/0xc40
[  208.251423][ T8659]   hrtimer_run_softirq+0x187/0x2b0
[  208.257134][ T8659]   handle_softirqs+0x280/0x820
[  208.262183][ T8659]   __irq_exit_rcu+0xc7/0x190
[  208.267300][ T8659]   irq_exit_rcu+0x9/0x20
[  208.271839][ T8659]   sysvec_apic_timer_interrupt+0x56/0xc0
[  208.277683][ T8659]   asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  208.284260][ T8659] 
[  208.284260][ T8659] to a SOFTIRQ-irq-unsafe lock:
[  208.291911][ T8659]  (tasklist_lock){.+.+}-{2:2}
[  208.291943][ T8659] 
[  208.291943][ T8659] ... which became SOFTIRQ-irq-unsafe at:
[  208.305069][ T8659] ...
[  208.305081][ T8659]   lock_acquire+0x197/0x410
[  208.312669][ T8659]   _raw_read_lock+0x36/0x50
[  208.317759][ T8659]   do_wait+0x294/0xaf0
[  208.322523][ T8659]   kernel_wait+0xac/0x170
[  208.327278][ T8659]   call_usermodehelper_exec_work+0xb9/0x220
[  208.333483][ T8659]   process_scheduled_works+0xa45/0x15b0
[  208.339303][ T8659]   worker_thread+0xa55/0xfc0
[  208.344160][ T8659]   kthread+0x2fa/0x390
[  208.348311][ T8659]   ret_from_fork+0x48/0x80
[  208.352817][ T8659]   ret_from_fork_asm+0x11/0x20
[  208.357662][ T8659] 
[  208.357662][ T8659] other info that might help us debug this:
[  208.357662][ T8659] 
[  208.368017][ T8659] Chain exists of:
[  208.368017][ T8659]   &client->buffer_lock --> &f->f_owner.lock --> tasklist_lock
[  208.368017][ T8659] 
[  208.381795][ T8659]  Possible interrupt unsafe locking scenario:
[  208.381795][ T8659] 
[  208.390544][ T8659]        CPU0                    CPU1
[  208.395994][ T8659]        ----                    ----
[  208.401361][ T8659]   lock(tasklist_lock);
[  208.405860][ T8659]                                local_irq_disable();
[  208.412948][ T8659]                                lock(&client->buffer_lock);
[  208.420497][ T8659]                                lock(&f->f_owner.lock);
[  208.427989][ T8659]   <Interrupt>
[  208.431545][ T8659]     lock(&client->buffer_lock);
[  208.436576][ T8659] 
[  208.436576][ T8659]  *** DEADLOCK ***
[  208.436576][ T8659] 
[  208.445737][ T8659] 2 locks held by syz.8.917/8659:
[  208.450957][ T8659]  #0: ffff88807e6e8e78 (&u->lock){+.+.}-{2:2}, at: queue_oob+0x1cb/0x4e0
[  208.460928][ T8659]  #1: ffff88807af4dc98 (&f->f_owner.lock){...-}-{2:2}, at: send_sigurg+0x29/0x3c0
[  208.470625][ T8659] 
[  208.470625][ T8659] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[  208.481960][ T8659]   -> (&client->buffer_lock){..-.}-{2:2} {
[  208.488176][ T8659]      IN-SOFTIRQ-W at:
[  208.492984][ T8659]                         lock_acquire+0x197/0x410
[  208.500065][ T8659]                         _raw_spin_lock+0x2e/0x40
[  208.506624][ T8659]                         evdev_pass_values+0xcb/0xab0
[  208.513941][ T8659]                         evdev_events+0x1d8/0x330
[  208.520728][ T8659]                         input_pass_values+0x907/0x1300
[  208.528309][ T8659]                         input_event_dispose+0x3e8/0x6c0
[  208.536399][ T8659]                         input_event+0x8c/0xc0
[  208.543947][ T8659]                         hidinput_hid_event+0x1325/0x1c80
[  208.552085][ T8659]                         hid_process_event+0x4b7/0x620
[  208.559925][ T8659]                         hid_report_raw_event+0xf46/0x1760
[  208.567412][ T8659]                         hid_input_report+0x434/0x520
[  208.575585][ T8659]                         hid_irq_in+0x479/0x6d0
[  208.582497][ T8659]                         __usb_hcd_giveback_urb+0x35f/0x520
[  208.589982][ T8659]                         dummy_timer+0x8a3/0x31b0
[  208.596744][ T8659]                         __hrtimer_run_queues+0x51e/0xc40
[  208.604173][ T8659]                         hrtimer_run_softirq+0x187/0x2b0
[  208.611907][ T8659]                         handle_softirqs+0x280/0x820
[  208.619189][ T8659]                         __irq_exit_rcu+0xc7/0x190
[  208.625966][ T8659]                         irq_exit_rcu+0x9/0x20
[  208.632525][ T8659]                         sysvec_apic_timer_interrupt+0x56/0xc0
[  208.640500][ T8659]                         asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  208.649356][ T8659]      INITIAL USE at:
[  208.654500][ T8659]                        lock_acquire+0x197/0x410
[  208.662432][ T8659]                        _raw_spin_lock+0x2e/0x40
[  208.669964][ T8659]                        evdev_pass_values+0xcb/0xab0
[  208.677192][ T8659]                        evdev_events+0x1d8/0x330
[  208.683876][ T8659]                        input_pass_values+0x907/0x1300
[  208.691019][ T8659]                        input_event_dispose+0x3e8/0x6c0
[  208.698587][ T8659]                        input_event+0x8c/0xc0
[  208.705004][ T8659]                        hidinput_hid_event+0x1325/0x1c80
[  208.712374][ T8659]                        hid_process_event+0x4b7/0x620
[  208.719788][ T8659]                        hid_report_raw_event+0xf46/0x1760
[  208.727195][ T8659]                        hid_input_report+0x434/0x520
[  208.734516][ T8659]                        hid_irq_in+0x479/0x6d0
[  208.741586][ T8659]                        __usb_hcd_giveback_urb+0x35f/0x520
[  208.749205][ T8659]                        dummy_timer+0x8a3/0x31b0
[  208.755927][ T8659]                        __hrtimer_run_queues+0x51e/0xc40
[  208.763230][ T8659]                        hrtimer_run_softirq+0x187/0x2b0
[  208.770542][ T8659]                        handle_softirqs+0x280/0x820
[  208.777309][ T8659]                        __irq_exit_rcu+0xc7/0x190
[  208.783813][ T8659]                        irq_exit_rcu+0x9/0x20
[  208.790136][ T8659]                        sysvec_apic_timer_interrupt+0x56/0xc0
[  208.797854][ T8659]                        asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  208.805760][ T8659]    }
[  208.808420][ T8659]    ... key      at: [<ffffffff9720e8a0>] evdev_open.__key.28+0x0/0x20
[  208.817001][ T8659]  -> (&new->fa_lock){....}-{2:2} {
[  208.822325][ T8659]     INITIAL USE at:
[  208.826577][ T8659]                      lock_acquire+0x197/0x410
[  208.833272][ T8659]                      _raw_write_lock_irq+0xa3/0xe0
[  208.839984][ T8659]                      fasync_insert_entry+0xc8/0x270
[  208.846969][ T8659]                      lease_setup+0x86/0x110
[  208.853136][ T8659]                      generic_setlease+0xe32/0x1270
[  208.860169][ T8659]                      fcntl_setlease+0x268/0x340
[  208.866842][ T8659]                      do_fcntl+0x1cb/0x1380
[  208.872826][ T8659]                      __se_sys_fcntl+0xc9/0x1a0
[  208.879155][ T8659]                      do_syscall_64+0x55/0xb0
[  208.885318][ T8659]                      entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  208.893125][ T8659]     INITIAL READ USE at:
[  208.897533][ T8659]                           lock_acquire+0x197/0x410
[  208.904506][ T8659]                           _raw_read_lock_irqsave+0xb0/0x100
[  208.912184][ T8659]                           kill_fasync+0x192/0x4b0
[  208.919304][ T8659]                           lease_break_callback+0x26/0x30
[  208.926602][ T8659]                           __break_lease+0x4a7/0x12c0
[  208.934166][ T8659]                           do_dentry_open+0x823/0x1500
[  208.941414][ T8659]                           path_openat+0x274b/0x3190
[  208.948559][ T8659]                           do_filp_open+0x1c5/0x3d0
[  208.955543][ T8659]                           do_sys_openat2+0x12c/0x1c0
[  208.962779][ T8659]                           __x64_sys_openat+0x139/0x160
[  208.969810][ T8659]                           do_syscall_64+0x55/0xb0
[  208.976396][ T8659]                           entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  208.984495][ T8659]   }
[  208.987174][ T8659]   ... key      at: [<ffffffff96f15ac0>] fasync_insert_entry.__key+0x0/0x20
[  208.996043][ T8659]   ... acquired at:
[  208.999943][ T8659]    _raw_read_lock_irqsave+0xb0/0x100
[  209.005486][ T8659]    kill_fasync+0x192/0x4b0
[  209.010167][ T8659]    evdev_pass_values+0x54b/0xab0
[  209.015615][ T8659]    evdev_events+0x1d8/0x330
[  209.020390][ T8659]    input_pass_values+0x907/0x1300
[  209.025883][ T8659]    input_event_dispose+0x346/0x6c0
[  209.032048][ T8659]    input_inject_event+0x1f9/0x320
[  209.037813][ T8659]    evdev_write+0x32a/0x470
[  209.042990][ T8659]    vfs_write+0x288/0x940
[  209.049529][ T8659]    ksys_write+0x147/0x250
[  209.054111][ T8659]    do_syscall_64+0x55/0xb0
[  209.065371][ T8659]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  209.071796][ T8659] 
[  209.074106][ T8659] -> (&f->f_owner.lock){...-}-{2:2} {
[  209.079619][ T8659]    IN-SOFTIRQ-R at:
[  209.084224][ T8659]                     lock_acquire+0x197/0x410
[  209.090788][ T8659]                     _raw_read_lock_irqsave+0xb0/0x100
[  209.097817][ T8659]                     send_sigurg+0x29/0x3c0
[  209.103819][ T8659]                     sk_send_sigurg+0x6f/0xc0
[  209.110060][ T8659]                     tcp_check_urg+0x200/0x750
[  209.116496][ T8659]                     tcp_urg+0x161/0x3f0
[  209.122330][ T8659]                     tcp_rcv_established+0xa2e/0x1cf0
[  209.129183][ T8659]                     tcp_v4_do_rcv+0x4ed/0xb80
[  209.135693][ T8659]                     tcp_v4_rcv+0x2334/0x2a50
[  209.141884][ T8659]                     ip_protocol_deliver_rcu+0x20e/0x3f0
[  209.149134][ T8659]                     ip_local_deliver_finish+0x2ca/0x510
[  209.156365][ T8659]                     NF_HOOK+0x303/0x390
[  209.162301][ T8659]                     NF_HOOK+0x303/0x390
[  209.168229][ T8659]                     __netif_receive_skb+0xcc/0x290
[  209.175335][ T8659]                     process_backlog+0x380/0x6e0
[  209.181764][ T8659]                     __napi_poll+0xc0/0x460
[  209.188023][ T8659]                     net_rx_action+0x5ea/0xbf0
[  209.194277][ T8659]                     handle_softirqs+0x280/0x820
[  209.201181][ T8659]                     __irq_exit_rcu+0xc7/0x190
[  209.207721][ T8659]                     irq_exit_rcu+0x9/0x20
[  209.213877][ T8659]                     sysvec_apic_timer_interrupt+0xa4/0xc0
[  209.221457][ T8659]                     asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  209.229442][ T8659]                     pv_native_safe_halt+0x13/0x20
[  209.236334][ T8659]                     default_idle+0x13/0x20
[  209.242436][ T8659]                     default_idle_call+0x6c/0xa0
[  209.248954][ T8659]                     do_idle+0x1eb/0x510
[  209.254770][ T8659]                     cpu_startup_entry+0x43/0x60
[  209.261704][ T8659]                     start_secondary+0xee/0xf0
[  209.268027][ T8659]                     secondary_startup_64_no_verify+0x179/0x17b
[  209.275824][ T8659]    INITIAL USE at:
[  209.279830][ T8659]                    lock_acquire+0x197/0x410
[  209.286108][ T8659]                    _raw_write_lock_irq+0xa3/0xe0
[  209.292848][ T8659]                    __f_setown+0x3b/0x330
[  209.298689][ T8659]                    generic_setlease+0xe32/0x1270
[  209.305331][ T8659]                    fcntl_setlease+0x268/0x340
[  209.311758][ T8659]                    do_fcntl+0x1cb/0x1380
[  209.318107][ T8659]                    __se_sys_fcntl+0xc9/0x1a0
[  209.324354][ T8659]                    do_syscall_64+0x55/0xb0
[  209.330704][ T8659]                    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  209.338538][ T8659]    INITIAL READ USE at:
[  209.343249][ T8659]                         lock_acquire+0x197/0x410
[  209.349930][ T8659]                         _raw_read_lock_irqsave+0xb0/0x100
[  209.357478][ T8659]                         send_sigio+0x33/0x360
[  209.363798][ T8659]                         kill_fasync+0x228/0x4b0
[  209.370321][ T8659]                         lease_break_callback+0x26/0x30
[  209.377447][ T8659]                         __break_lease+0x4a7/0x12c0
[  209.384228][ T8659]                         do_dentry_open+0x823/0x1500
[  209.391085][ T8659]                         path_openat+0x274b/0x3190
[  209.397884][ T8659]                         do_filp_open+0x1c5/0x3d0
[  209.404916][ T8659]                         do_sys_openat2+0x12c/0x1c0
[  209.412042][ T8659]                         __x64_sys_openat+0x139/0x160
[  209.419298][ T8659]                         do_syscall_64+0x55/0xb0
[  209.426340][ T8659]                         entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  209.434348][ T8659]  }
[  209.436933][ T8659]  ... key      at: [<ffffffff96f14e40>] init_file.__key+0x0/0x20
[  209.445012][ T8659]  ... acquired at:
[  209.448973][ T8659]    _raw_read_lock_irqsave+0xb0/0x100
[  209.454717][ T8659]    send_sigio+0x33/0x360
[  209.459142][ T8659]    kill_fasync+0x228/0x4b0
[  209.463733][ T8659]    lease_break_callback+0x26/0x30
[  209.469127][ T8659]    __break_lease+0x4a7/0x12c0
[  209.474394][ T8659]    do_dentry_open+0x823/0x1500
[  209.479711][ T8659]    path_openat+0x274b/0x3190
[  209.484702][ T8659]    do_filp_open+0x1c5/0x3d0
[  209.489383][ T8659]    do_sys_openat2+0x12c/0x1c0
[  209.494233][ T8659]    __x64_sys_openat+0x139/0x160
[  209.499441][ T8659]    do_syscall_64+0x55/0xb0
[  209.504138][ T8659]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  209.510377][ T8659] 
[  209.512908][ T8659] 
[  209.512908][ T8659] the dependencies between the lock to be acquired
[  209.512916][ T8659]  and SOFTIRQ-irq-unsafe lock:
[  209.527048][ T8659] -> (tasklist_lock){.+.+}-{2:2} {
[  209.532280][ T8659]    HARDIRQ-ON-R at:
[  209.536568][ T8659]                     lock_acquire+0x197/0x410
[  209.543725][ T8659]                     _raw_read_lock+0x36/0x50
[  209.550294][ T8659]                     do_wait+0x294/0xaf0
[  209.556213][ T8659]                     kernel_wait+0xac/0x170
[  209.562770][ T8659]                     call_usermodehelper_exec_work+0xb9/0x220
[  209.570785][ T8659]                     process_scheduled_works+0xa45/0x15b0
[  209.578625][ T8659]                     worker_thread+0xa55/0xfc0
[  209.585106][ T8659]                     kthread+0x2fa/0x390
[  209.591031][ T8659]                     ret_from_fork+0x48/0x80
[  209.597290][ T8659]                     ret_from_fork_asm+0x11/0x20
[  209.604292][ T8659]    SOFTIRQ-ON-R at:
[  209.608846][ T8659]                     lock_acquire+0x197/0x410
[  209.615386][ T8659]                     _raw_read_lock+0x36/0x50
[  209.621958][ T8659]                     do_wait+0x294/0xaf0
[  209.628377][ T8659]                     kernel_wait+0xac/0x170
[  209.634656][ T8659]                     call_usermodehelper_exec_work+0xb9/0x220
[  209.642779][ T8659]                     process_scheduled_works+0xa45/0x15b0
[  209.650710][ T8659]                     worker_thread+0xa55/0xfc0
[  209.657776][ T8659]                     kthread+0x2fa/0x390
[  209.663732][ T8659]                     ret_from_fork+0x48/0x80
[  209.670017][ T8659]                     ret_from_fork_asm+0x11/0x20
[  209.676619][ T8659]    INITIAL USE at:
[  209.680795][ T8659]                    lock_acquire+0x197/0x410
[  209.686968][ T8659]                    _raw_write_lock_irq+0xa3/0xe0
[  209.693472][ T8659]                    copy_process+0x225d/0x3d70
[  209.699723][ T8659]                    kernel_clone+0x21b/0x840
[  209.705889][ T8659]                    user_mode_thread+0xde/0x130
[  209.712321][ T8659]                    rest_init+0x27/0x300
[  209.718136][ T8659]                    arch_call_rest_init+0xe/0x10
[  209.724731][ T8659]                    start_kernel+0x459/0x4e0
[  209.730900][ T8659]                    x86_64_start_reservations+0x2a/0x30
[  209.738271][ T8659]                    copy_bootdata+0x0/0xe0
[  209.744307][ T8659]                    secondary_startup_64_no_verify+0x179/0x17b
[  209.752105][ T8659]    INITIAL READ USE at:
[  209.756505][ T8659]                         lock_acquire+0x197/0x410
[  209.763443][ T8659]                         _raw_read_lock+0x36/0x50
[  209.769996][ T8659]                         do_wait+0x294/0xaf0
[  209.776250][ T8659]                         kernel_wait+0xac/0x170
[  209.782660][ T8659]                         call_usermodehelper_exec_work+0xb9/0x220
[  209.790723][ T8659]                         process_scheduled_works+0xa45/0x15b0
[  209.798618][ T8659]                         worker_thread+0xa55/0xfc0
[  209.805238][ T8659]                         kthread+0x2fa/0x390
[  209.811413][ T8659]                         ret_from_fork+0x48/0x80
[  209.817938][ T8659]                         ret_from_fork_asm+0x11/0x20
[  209.824885][ T8659]  }
[  209.827459][ T8659]  ... key      at: [<ffffffff8ca0a058>] tasklist_lock+0x18/0x40
[  209.835271][ T8659]  ... acquired at:
[  209.839068][ T8659]    _raw_read_lock+0x36/0x50
[  209.843742][ T8659]    send_sigurg+0xf0/0x3c0
[  209.848329][ T8659]    sk_send_sigurg+0x6f/0xc0
[  209.853090][ T8659]    queue_oob+0x3d7/0x4e0
[  209.857521][ T8659]    unix_stream_sendmsg+0xaa2/0xba0
[  209.862880][ T8659]    ____sys_sendmsg+0x5bf/0x950
[  209.867820][ T8659]    ___sys_sendmsg+0x220/0x290
[  209.872706][ T8659]    __sys_sendmmsg+0x275/0x4a0
[  209.877893][ T8659]    __x64_sys_sendmmsg+0xa0/0xb0
[  209.882931][ T8659]    do_syscall_64+0x55/0xb0
[  209.887511][ T8659]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  209.893591][ T8659] 
[  209.895904][ T8659] 
[  209.895904][ T8659] stack backtrace:
[  209.901789][ T8659] CPU: 0 PID: 8659 Comm: syz.8.917 Not tainted 6.6.100-syzkaller #0
[  209.909868][ T8659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  209.920155][ T8659] Call Trace:
[  209.923572][ T8659]  <TASK>
[  209.926749][ T8659]  dump_stack_lvl+0x16c/0x230
[  209.931542][ T8659]  ? load_image+0x3b0/0x3b0
[  209.936045][ T8659]  ? show_regs_print_info+0x20/0x20
[  209.941354][ T8659]  ? load_image+0x3b0/0x3b0
[  209.945988][ T8659]  ? print_shortest_lock_dependencies+0xf4/0x160
[  209.952674][ T8659]  __lock_acquire+0x678f/0x7c80
[  209.957622][ T8659]  ? verify_lock_unused+0x140/0x140
[  209.962813][ T8659]  ? verify_lock_unused+0x140/0x140
[  209.968010][ T8659]  lock_acquire+0x197/0x410
[  209.972708][ T8659]  ? send_sigurg+0xf0/0x3c0
[  209.977240][ T8659]  ? read_lock_is_recursive+0x20/0x20
[  209.982691][ T8659]  ? do_raw_read_lock+0x3d/0x90
[  209.987582][ T8659]  ? _raw_read_lock_irqsave+0xbc/0x100
[  209.993153][ T8659]  ? _raw_read_lock+0x50/0x50
[  209.997864][ T8659]  ? __lock_acquire+0x7c80/0x7c80
[  210.002917][ T8659]  ? do_raw_spin_lock+0x121/0x2c0
[  210.008339][ T8659]  _raw_read_lock+0x36/0x50
[  210.012904][ T8659]  ? send_sigurg+0xf0/0x3c0
[  210.017444][ T8659]  send_sigurg+0xf0/0x3c0
[  210.021896][ T8659]  sk_send_sigurg+0x6f/0xc0
[  210.026512][ T8659]  queue_oob+0x3d7/0x4e0
[  210.030783][ T8659]  ? scm_stat_add+0xc0/0xc0
[  210.035550][ T8659]  ? __might_sleep+0xe0/0xe0
[  210.040682][ T8659]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x10
[  210.046761][ T8659]  ? security_socket_getpeersec_dgram+0x83/0xa0
[  210.053033][ T8659]  unix_stream_sendmsg+0xaa2/0xba0
[  210.058342][ T8659]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  210.064603][ T8659]  ? aa_sk_perm+0x7fc/0x930
[  210.069193][ T8659]  ? unix_show_fdinfo+0x270/0x270
[  210.074221][ T8659]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0
[  210.080893][ T8659]  ? aa_sock_msg_perm+0x94/0x150
[  210.085932][ T8659]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  210.091314][ T8659]  ? security_socket_sendmsg+0x80/0xa0
[  210.096772][ T8659]  ? unix_show_fdinfo+0x270/0x270
[  210.101806][ T8659]  ____sys_sendmsg+0x5bf/0x950
[  210.106579][ T8659]  ? __asan_memset+0x22/0x40
[  210.111326][ T8659]  ? __sys_sendmsg_sock+0x30/0x30
[  210.116615][ T8659]  ? __import_iovec+0x5f2/0x860
[  210.121566][ T8659]  ? import_iovec+0x73/0xa0
[  210.126066][ T8659]  ___sys_sendmsg+0x220/0x290
[  210.130738][ T8659]  ? __sys_sendmsg+0x270/0x270
[  210.135520][ T8659]  __sys_sendmmsg+0x275/0x4a0
[  210.140291][ T8659]  ? __ia32_sys_sendmsg+0x90/0x90
[  210.145342][ T8659]  ? __ia32_sys_get_robust_list+0x90/0x90
[  210.151240][ T8659]  ? do_fcntl+0x934/0x1380
[  210.155660][ T8659]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  210.161637][ T8659]  ? lock_chain_count+0x20/0x20
[  210.166579][ T8659]  __x64_sys_sendmmsg+0xa0/0xb0
[  210.171435][ T8659]  do_syscall_64+0x55/0xb0
[  210.175843][ T8659]  ? clear_bhb_loop+0x40/0x90
[  210.180512][ T8659]  ? clear_bhb_loop+0x40/0x90
[  210.185265][ T8659]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  210.191330][ T8659] RIP: 0033:0x7f7292f8e9a9
[  210.195852][ T8659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  210.215942][ T8659] RSP: 002b:00007f7292dff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  210.224458][ T8659] RAX: ffffffffffffffda RBX: 00007f72931b5fa0 RCX: 00007f7292f8e9a9
[  210.232880][ T8659] RDX: 0000000000000001 RSI: 0000200000006c40 RDI: 0000000000000003
[  210.241144][ T8659] RBP: 00007f7293010d69 R08: 0000000000000000 R09: 0000000000000000
[  210.249461][ T8659] R10: 0000000000040015 R11: 0000000000000246 R12: 0000000000000000
[  210.258142][ T8659] R13: 0000000000000000 R14: 00007f72931b5fa0 R15: 00007ffdd56c5088
[  210.266384][ T8659]  </TASK>
[  210.358102][    C1] vkms_vblank_simulate: vblank timer overrun
[  210.478997][    C1] vkms_vblank_simulate: vblank timer overrun