last executing test programs:

4m42.986575894s ago: executing program 5 (id=2165):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000280)="eb4c", 0x2}], 0x1}, 0x4045)
recvmsg$unix(r0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x2122)
sendmsg$inet(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000012c0)="f9", 0x1}], 0x1}, 0x48844)

4m42.416358666s ago: executing program 5 (id=2170):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000780)={'pim6reg0\x00', 0x400})
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000040)=0x2)

4m41.780036665s ago: executing program 5 (id=2176):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x40, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2, 0xd}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x10, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x4000000000000}]}}]}, 0x40}}, 0x0)

4m41.299395401s ago: executing program 5 (id=2178):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a55414, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)

4m40.913832558s ago: executing program 5 (id=2181):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x20605)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x0, 0xfffffffe, 0x0, 'queue1\x00', 0x8001})
writev(r0, &(0x7f0000000580)=[{&(0x7f0000000000)="218292", 0xfff6}], 0x2)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000180)={0x3, 0x6e, 0x0, 'queue0\x00', 0x3})

4m40.284980017s ago: executing program 5 (id=2185):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000180)={r1, 0x8}, 0x8)

4m39.184052076s ago: executing program 32 (id=2185):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000180)={r1, 0x8}, 0x8)

4m38.055029043s ago: executing program 1 (id=2199):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000140)=@updsa={0xf0, 0x10, 0x1, 0x0, 0x200000, {{@in6=@mcast1, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32}, {@in6=@private1, 0x0, 0x32}, @in=@local, {0xfffffffffffffffd}, {}, {0xfffffffc, 0x0, 0xfffffffe}, 0x200, 0x8000000, 0xa}}, 0xf0}}, 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="040e07050220"], 0xa)
syz_usb_connect$cdc_ncm(0x6, 0x6f, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e1301"], 0x16)

4m37.206557869s ago: executing program 1 (id=2204):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'veth1_virt_wifi\x00', <r1=>0x0})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="c14d0000000000002800128008000100687372001c00028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r1], 0x48}, 0x1, 0x0, 0x0, 0x44800}, 0x0)

4m35.064469038s ago: executing program 1 (id=2217):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
listen(r0, 0x3)
setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, 0x0, 0x0)

4m34.728563053s ago: executing program 1 (id=2220):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x210090, &(0x7f0000000400)={[{@user_xattr}, {@noauto_da_alloc}, {@nojournal_checksum}, {@nobh}, {}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7b1}}, {@i_version}, {@data_err_ignore}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@user_xattr}, {@min_batch_time={'min_batch_time', 0x3d, 0x9}}]}, 0x3, 0x5a0, &(0x7f0000000c80)="$eJzs3c9rG8ceAPDvylLs/HgvDoTw8ng8Aj00JY0c2/2RQg/psbShgbbn1NiKCZajYMkhdgNNDs2llxJ6KQ2U3vsH9NBD6KXH/hWBNhBKMC00F5WVV44cSbZsy40TfT6w9szuSrOzs99hViOxAQysE+mfXMTxiPgyiTjcsi0f2cYTq/utPLoxnS5J1Osf/p5Ekq1r7p9k/w9mmf9ExE+fR5zKtZdbXVqemyqXSwtZfqw2f3WsurR8+vL81GxptnRlYnLy7OuTE2+9+UbXY09ayuzFKxf+/PqDe++e/WIoIh4cuZPEuTiUbWutx5YMr8vdbM2cqNez4yvEuadeNr6twvaurbQDe8dQFueFiDheOFxoRv2G6lobXgSfpeEMDKhki/E/rL+AF0RzHNC8t9/2ffBz6uE7qzdA7fXPr342EiONe6MDK8m6O6P0Dmi0D+WnZfzw29076RI7+RwCYItu3oqIM/l8e/+XZP3f9p3pYZ+ny9D/wT/nXjr+ebV9/DMcubXxT3QY/xzsELvbsXn85x70oZiu0vHf2x3Hv2uTVqNDWe5fjTFfIbl0uVxK+7Z/R8TJKAyn+Y3mc86u3K9329Y6/kuXtPzmWDA7jgf59XNMMTNVm9pJnVs9vBXx347j32St/ZMO7Z+ej497LONY6e7/u23bvP67q/5dxMsd2//JHEey8fzkWON6GGteFe3+uH3sl27ld67/zz/uQlU7Stv/wMb1H01a52urWy/j25HHpW7btnv970s+aqT3ZeuuT9VqC+MR+5L329dPPHltM9/cP63/yZc6x/9G1//+iPikx/rfPvr9/9rX1od7q//uSus/8zgiem7/rSfuv/fpN93K7639X2ukTmZrWvq//d3et9cD3On5AwAAAAAAgL0kFxGHIskVYyRL53LF4ur3O47GgVy5Uq2dulRZvDITjd/KjkYh15zpPtzyfYjx7PuwzfzEU/nJiDgSEV8N7W/ki9OV8syzrjwAAAAAAAAAAAAAAAAAAADsEQfXfv8f637/n/p16FkfHbDr8qvP/wYG0KaP/O/Hk56APWnT+AdeWOIfBpf4h8El/mEgNab4xD8MLvEPg0v8w+AS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBXF86fT5f6yqMb02l+5trS4lzl2umZUnWuOL84XZyuLFwtzlYqs+VScboyv9n7lSuVq+MTsXh9rFaq1saqS8sX5yuLV2oXL89PzZYuljxnHAAAAAAAAAAAAAAAAAAAANpVl5bnpsrl0kIfEoVyuZSLiF52juhToc9d4q8dv0/abjfzXc7zSNawu1qLJJ6sye+JsyrR78Sz7ZcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoNXfAQAA//84yy7/")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r0, &(0x7f0000000400)=""/4096, 0x1000)

4m33.86849569s ago: executing program 1 (id=2226):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010002000020fedbdf252500000008000300", @ANYRES32=r2, @ANYBLOB="08002600b41400000a000600ffffffffffff000008003500000000000a0034"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

4m32.428733394s ago: executing program 1 (id=2239):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="c0000000190001000000000010000000e00000020000000000000000000000006401010200000000000000000000000000000000000000000a00008006000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000001910be1a000000000000000000000000000000000000000008000000000000000000000000000000fdffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000b86b6e"], 0xc0}, 0x1, 0x0, 0x0, 0x4008011}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="d40000001b001d0328bd7000fcdbdf25ffffffff000000000000000000000000fe8000000000000000000000000000264e2000014e2404000200000087000000", @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="08000000000000000100010000000000f4ffffffffffffff04000000000000000200000000000000ba410000000091ad07000000000000000000008000000000ffffff7f0000000003000000000000000400000000000000080000000000000003000000b86b6e000000030100020000040000000000000008001f0001"], 0xd4}, 0x1, 0x0, 0x0, 0x4090}, 0x0)

4m32.056063412s ago: executing program 33 (id=2239):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="c0000000190001000000000010000000e00000020000000000000000000000006401010200000000000000000000000000000000000000000a00008006000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000001910be1a000000000000000000000000000000000000000008000000000000000000000000000000fdffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000b86b6e"], 0xc0}, 0x1, 0x0, 0x0, 0x4008011}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="d40000001b001d0328bd7000fcdbdf25ffffffff000000000000000000000000fe8000000000000000000000000000264e2000014e2404000200000087000000", @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="08000000000000000100010000000000f4ffffffffffffff04000000000000000200000000000000ba410000000091ad07000000000000000000008000000000ffffff7f0000000003000000000000000400000000000000080000000000000003000000b86b6e000000030100020000040000000000000008001f0001"], 0xd4}, 0x1, 0x0, 0x0, 0x4090}, 0x0)

2m24.576663906s ago: executing program 6 (id=3297):
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)='a', 0xdd02}], 0xc, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0xc}}], 0x30}], 0x1, 0x0)

2m24.063752822s ago: executing program 6 (id=3300):
r0 = fanotify_init(0xf00, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x441, 0x0)
fanotify_mark(r0, 0x1, 0x800002b, r1, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4)

2m23.806918144s ago: executing program 6 (id=3304):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="140100002f00011b00000000ecdbdf2501"], 0x114}], 0x1, 0x0, 0x0, 0x4001}, 0x20000000)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002f00010000000000fcdbdf2503"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
recvfrom(r0, 0x0, 0x0, 0x42, 0x0, 0x0)

2m23.416191931s ago: executing program 6 (id=3309):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nobarrier}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x10}}, {@bh}, {@init_itable}]}, 0xfc, 0x57a, &(0x7f0000000800)="$eJzs3V9rW+UfAPDvSdPu7++3DsZQL2SwCydz6drqnCA4L0WHA72foc3KaLqMJh1rHbhduBtvZAgiDsQX4L2XwzfgqxjoYMgoeiFC5KQnXdYmTZtlpls+Hzjt8+Sc0+d885zv6fPkJCSAoXUs/ZGLeDkivk4iDrWsy0e28tjadquPbsykSxL1+id/JJFkjzW3T7LfB7LKSxHxy5cRJ3Ob260ur8wXy+XSYlafqC1cnagur5y6vFCcK82VrkxNT599a3rqnZEzfYv19Qt/fffxvQ/OfnV89dufHhy+k8S5OJita43jKdxsrRwr/pOVRuPchg0n+9DYbpIM+gDoyUiW56ORXgMOxUiW9cCL74uIqANDKpH/MKSa44Dm3L5P8+DnxsP31yZAjdjHWuPPr702Ensbc6P9q8kTM6N0vjveh/bTNn7+/e6ddImtX4fY16UOsCM3b0XE6Xx+8/U/ya5/vTvdePF4axvbGLb/PzBI99Lxzxvtxn+59fFPtBn/HGiTu73onv+5B31opqN0/Pdu2/Hv+qVrfCSr/a8x5htNLl0ul05HxP8j4kTUu976OLt6v95pXev4L13S9ptjwew4HuT3PLnPbLFWjIixHkN+wsNbEa/k28WfrPd/0qb/0+fjwjbbOFq6+2qndd3jf7bqP0a81rb/H3drstX9ybfPTDTOh4nmWbHZn7eP/tqp/UHH3zy1toh/PGm9X1vdeRs/7P271Gldr+f/WPJpo9xMguvFWm1xMmIs+Wjz41OP923Wm9un5/+J41tf/9qd/+nk67Ntxn/7yO3Gpu3urA26/9P4Z3fU/zsv3P/w8+87tb+9/n+zUTqRPZJd/9rLzpXtHuDTPn8AAAAAAACwm+Qi4mAkucJ6OZcrFNbe33Ek9ufKlWrt5KXK0pXZaHxWdjxGc8073Yda3g8xmb0ftlmf2lCfjojDEfHNyL5GvTBTKc8OOngAAAAAAAAAAAAAAAAAAADYJQ50+Px/6reRQR8d8Mw1vphgz6CPAhiErl/5349vegJ2pa75D7yw5D8ML/kPw0v+w/CS/zC85D8ML/kPw0v+AwAAAAAAAAAAAAAAAAAAAAAAAAAAQF9dOH8+Xeqrj27MpPXZa8tL85Vrp2ZL1fnCwtJMYaayeLUwV6nMlUuFmcpCt79XrlSuTk7F0vWJWqlam6gur1xcqCxdqV28vFCcK10sjf4nUQEAAAAAAAAAAAAAAAAAAMDzpbq8Ml8sl0uLCh0L78WuOIxnGeCannbP97DX2MBDHqbCrax7d7bXAC9KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDBvwEAAP//UswvjA==")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3004099, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
llistxattr(&(0x7f0000002300)='./file0\x00', 0x0, 0xfffffdf3)

2m22.559850861s ago: executing program 6 (id=3315):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x268, 0x238, 0xc8, 0x8, 0x238, 0x5803, 0x300, 0x2e8, 0x2e8, 0x300, 0x2e8, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast1, [], [0x0, 0x0, 0xff000000], 'erspan0\x00', 'geneve1\x00', {}, {}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x2000000000000}}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x14, 0x7f, 0xfde3}}}, {{@ipv6={@remote, @mcast2, [0x0, 0x0, 0xff000000], [], 'macvtap0\x00', 'syzkaller1\x00'}, 0x0, 0xa8, 0xc8}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2c8)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f0000000000)=0x3, 0x4)

2m21.46388988s ago: executing program 6 (id=3328):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bond_slave_1\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x100}}}]}, 0x38}}, 0x4c840)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newtfilter={0x5c, 0x2c, 0xf3f, 0x30bd28, 0x24dfdbfd, {0x0, 0x0, 0x0, r1, {0xb}, {0x0, 0xfff3}, {0xd, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x1, 0x0, 0x0, {{0xfff9, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x1}, {0x3ff, 0xc0}}}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x9}}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)

2m20.869756892s ago: executing program 34 (id=3328):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bond_slave_1\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x100}}}]}, 0x38}}, 0x4c840)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newtfilter={0x5c, 0x2c, 0xf3f, 0x30bd28, 0x24dfdbfd, {0x0, 0x0, 0x0, r1, {0xb}, {0x0, 0xfff3}, {0xd, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x1, 0x0, 0x0, {{0xfff9, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x1}, {0x3ff, 0xc0}}}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x9}}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)

6.211534207s ago: executing program 4 (id=4389):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$ocfs2(&(0x7f00000026c0), &(0x7f0000004780)='./file0\x00', 0x200000, &(0x7f0000000340)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c636f686572656e63793d66756c6c2c6572726f72733d636f6e74696e75652c6865617274626561743d6e6f6e652c6572726f72733d636f6e74696e75652c6e6f696e74722c67727071756f74612c001796fa694353e3807803df5ea6fd4d6e6a2613d336eb62b863dcd89e37b45f8bd04199a14c48b3e553e035ab300ba3c60c27682a8ab5656969d829535c0862f6e3a35f15fe4d50c0d5c74631344625d6224c436474bb101ff47a14c51e342ca291c09c35d9d31b06b6b86cb9dccae387b5f1e7c5e1d445d52845a3fa4c77234ea9d37c8a277c85e69a85cc6ffeb225bebbca91b569b80ee303c9a21c58db5d96fb87f1713e0e9b896e37becae2e7a978259a0847e9fb08dcb8b9f84f616463da2507db1b3489769e99"], 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzZ1ezmybb/UibpOnHJBFctCybPlXrQ1yrNpo2H9pWU2Wd3Ww3q7M76+6MFgxSgyAKghIEFT+oCqUvtSAG+lKLUPADaRVKRdH6IlKogg8GbaArM3Nvdu6d2d7JTtLS9veDdvaee8+5Z/a/99w590wKseqphdXiwmqxtFSszN6/ekvxc5VybXEuFF4lr/X56c6VyEn2r50j7/vAR+65JYQ/HPvah9bW1tZC3XDo6EDLz+f/fXq29TVRyNSpt9u5taY/1h556edveaUj8pwIIexo61ddXwjhY78IYUsIYSQuG41fB0MI20IIUQjh0d/868cDvXShxdl7X3ju2JnD+85MPf7YMxfmj254YBTCd8u7b55ffHF/323Pv+MynR4AAF7RB48fufvo5IHwZBSGzvW3f17fGb8mn4/vfNun7nq4f33/Gt3pexVDBQAAgIz1+f9w9HKH9bpkZS1ZEnzigRN3PxWt7zexfX07dNeR298/eSBe/43a9t8aF/3zvX2NNdTsum92/XckU7/z+u/6eR7+6rO/XHrr5vuf9C8573CIChOp7UJhYiKEY1PN7V3R1kK5slp95/2V2tLJzZ/3jSKdf3b1fn1Bv9v8RzPV89b/d3/i8z8b7O/lHYyF7F9tfbvY/qdMB+n8Nx7Lf/KlqKv8xzL18vK/4+nt53+1pZd3kD0jlyKdf/NC3Nd6QLE5ANTz/2Z/fv47Mu3n5f/9qXOPntjE93/q48xwVO/rQGoEeDku3+ArTGSk828GkRo641/kRtf//zL5X5NpPy//Oyv/+N3ferj/bzT+j0/10uabRzr/ZhDF1BHr1/9IIf/6vzbTfl7+vz3152c/2dO9uj3/ev/H3f+7ks4/vhGnB8/Gb7Lb8X9npv28/HeN3ffQwib6/eHBuJ9DURhr+dbpufotbGh9vboxpanvXt7ESd4E0vk3f2upS2eo+dK4/ofzx/9dmfbz8n9oz9ffc7qn7/92Hv8njf9dSec/2Ci7lPxfyuS/O9N+Xv4/PP33v9x3mcf/+vZB+Xclnf/Wtv3rz38KXc3/rsvUz3v+s2/0qUf+2sP8P+lfct7k+U/yHGI8aj7/obN0/ldteFy39/89mXp51/+3/vP80/t7Gf+jAU8AepDOf1uzsMMEsNv8r8+0n5f/F+758sf/tIn5X+MT30CSf8v8f0uz/Kjxvyvp/Lc3C1P/GOrBxv8b9/+oPff/ZvK/IdN+Xv4XDk30f+Uy3//r/R/v8Cibdun8hzY8rp7/77u4/9+YqZeX/xf3/vTFm3v6/B/CpLn+pqXzv3rD4xrX/0B+/jdl6uXl/51v/PqJB3vo/9t7qEs2/+a9PnU5xZ/Nu53/FzPt5+X/o/HzZ/dfgfnfre7/XUnn31w1v5T8s/P/vZn28/L/3pEfrPRfgec/d8gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgU0bj1+EQFSZS24XCxEQIY/H2rrA1mimdnJ4pV2Y/sxrCjri8GEaj+XJlplSeXliqnJybLpXLldkQron37wgD0Wq5Up1eLC1fe7GtwejUXGmlOjNXqoYQdsbl14ftSVszC9XF0nLj2KTOVVHps7VKtTRRW51bCbsvlm9LyudXKrXl6y62dXWhsrJ8qrQ0fXJh5d2Tk5OTYc/FPo9Ecw9U55aqzd4299brJHWHo5Y309h9Q8v5Pl2prSyVyo3yG1vqlCuzpXJLnZtazlddqS3Nlqpz0+XKfHK+YkvdlvfW2L033jceRlLvL6mbdTB+vf3Q8Y8eP3ygbX8xSue9VFucm9ze+W8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDeuJ29717dDCH3NrUII4WDyQxT/l3L23heeO3bm8L4zU48/9syF+aOdjgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh535equjiOACfGd/7WiCltBFyGRgiojsJC/pFJJXXyJZtWge1SsigKDCMaFkQBEHtooKgVVD5F0QtXLaqNrVoYRBBxehMXu4IN7zQMed5YDgzzL1nvjBw78z5HA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD6cXbHYlfWXtq1eWnr7g+hMz/3fwhhNFne/7y3I/SEEL5+mTkdVmkLPU39v5mcGy9fNfm9t3/84fXRZO31F98trtsdknSo4XhnkqZDQ2vvf6O6M/hsejAJIY1dCFEsjD05UwshdMQuhCh+fpy/mP2+/xe7EKLo/3C3K7v/tdiFEMXW3Z/6avkzHtVzvn5hsPG/v9UjeBuP6KxDb09eeZe6qZX3Mn//T/LN+2A1zJ448v557CKIZnZu6mjsGgAAgL/rXIv8P2xZ3r9/OQk93eXc/1tT/t/b1P/q+f+Ke9tvjM20FUJsK41NZsfD+9rpc+M7NXD19uua8Z6qkv9Xm/y/2uT/1Sb/rzb5f7XJ/8m8kv9X0uObexZfxC6CaOT/AABQPYeOT0zVh0eyl/9NPzrLeX1f3tbzPP3BremBRw3jRvLDf9vhYxMHDg6P5Pe9PCC4sv5DunT2ez7fo7ktTDbNu2i1/kPv04X5a53lT9T/cP5GUV9xXes/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/2J17GgbBKAyj321F1EarogkLPwk+0MCIAKQwowEdTBiAgRBQwEDOWe5NnuUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnu9f5XXx/aUx0muNSFPZZdf+OZ5mP3PfDsv77HHjVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjYgQMZAAAAAGH+1nm0HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKcCAAD//wTsyzo=")
symlink(&(0x7f0000000100)='./file2\x00', &(0x7f0000000580)='./file0\x00')

5.210879989s ago: executing program 4 (id=4395):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000340)={0x44, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r2}, @val={0xc}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}]}, 0x44}}, 0x0)

4.463137888s ago: executing program 4 (id=4402):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file0\x00', 0x0, &(0x7f0000000040)={[{@compress_algo={'compress', 0x3d, 'zstd'}}]}, 0x5, 0x559a, &(0x7f0000005680)="$eJzs3X2QVWUdB/Bzd1lYZGI3BMGBFShfQEIhpVRS7kBBuDJtkjU2GQtioaAwzBI1ii04WLgam1kz5QxCiwjDUmszGmXlygyQk9PWjIPIgjLThjG9SMXEFjU2e+99Lveey+5eyVxfPh9m99zn/s7znOeeOX/c72WfcyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIoujgjtr/rB1ZV75+06hFt199cPSq0RNWVDWdHHWg+rzdl/absWjovuntdw6b0bH6SPX65tsu6IyiRKpfItN/3vSPX/+FufPmlIcBaz+Z3lZWdnfIdNfD6Ub/vCe7+uX/zI+iqCw2QGlmu7s0p52IHyBaXjhgj8pmbVsycEGyduvmp+ouX7J1XOFLp0t5X0+gr2Suq45T11Iy9bsktke2nXPpJfIu0XT/+AX3prwIAOB1mVST2mTfjmbe4mbb9fF6rJ2MtRtj7fAOoTG3cSbS4/bvbp5j4vU+mmcyHRUGdDvPWD1z/rPtmnj/WDsWNV7HPPN3zUSa8u7muSxW76t5AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALyVvFa3Ys34z714sOyX549bvfLk4WvLL3zoq/8uWXrzS68dqlnzl7ah+6a33zlsRsfqI9Xrm2+7oDOKKlP9EunuiWknXr1kYvWcUeuf+N7ETc+OP16aGTds++XsHO0PD66siKIFOZWOMOzRwVFUk19INaPvFhZuTT2YHQoAAAC8k5yb+l2SbafjYFleO5FKk4nUvyAdFstmbVsycEGyduvmp+ouX7J13JmPV9PNeMnTjpdtV576SeQE4xB/4+OdqoddlxeM07P4iPE8P+X5l1+oGHHtT5+pOu+mlde/NPKax9tmfnP48UX7K+8YtGrc2CsK8n9lz/k/nDn5HwAAgP+F/B8fp2e95f/PzK+75Y5HvnJszD2HVw66+8H9G4eVH7nplsn7/jj8hosvvqz2xoL8PybvkAX5P8w45P+S6MzyPwAAALyV/b/zf7JgnJ71lv/bhzff/MB7Di2sbOt4evtlK/b0X3j1RUMOPHTR3In3XjdozPkNBfl/UnH5v1/utMOTz4UJL66IoknFn1QAAAAgT/h/91MfLYS8nv7kIJ7XW+dtGd3y6swvTxj78KH6P1Vtnvj5jUMe37lh5jd2PXf3/RPbzi7I/8ni8n/Zm/NyAQAAgCI0HTpnxNBPJ38e3X/01vnf/+yuR+9b+sWrLtnbOWvC2l9UP72jviD/1xSX/wf0zcsBAAAATuPE+GsW/mPnkd9e1/yJ+5qO/v5Lq0p/NaNp9/62hqZ/bh81e/XkgvxfW1z+Pyuzzax8SHfaE/4K4VsVUVTe9WBZurA3apyWLQAAAABvkJDT75ryfMm9A6edu2Xub06Me+KFPZ/aN3vxhnPWTGp69n2tiz9y4WMF+X9Zz/f/D3c6COv/8+7/V7D+P6eQvuvfVDcGAAAA4N2ocD1/uD1++psLuvv+/WLX///w6xv+mqiqf/ID8342q/P9zT/Z2zr1wZNVf5hz/OGW5MgnL32xIP/XF5f/S3O3b+T3/wEAAMAZeLt9/9+NBeP0rLf7/7c980j1o1d+6GtXza2buuN3H77iz68Mn9qwPXpl+UfbFx342K5fF+T/xuLyf9gOyn15reH83FMRRSO6HmTuJrgtTHdxrNBSllNIn/hYj7mhR6bQMiCnkLIs1uODFVE0tutBfazw3lBojBWODc4UNsYKbaGQuR6yhR/ECq3hSvvO4Mx044Ufh0JmgUVLWEExKLskItbj79316Cqctkd79uAAAADvKiE8Z7JsWX4zikfZlkRvO5zV2w4lve1Q2tsO/WI7xHfs7vmoNr8Qnv/Rt294ecBdD2yom7Jl04KqhrPX/euxyZNuX7Z2Z93SziF/W7euIP9vLC7/h1PRP73pbv1/FNb/Z77XMLv+vzYUKmOFllCoid8xoCYcIx12G8IxKmsyPY6NyBYAAADgHS18LlDax/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/7J373FW1nXiwL8zzIUZhplRMS+RISaKwTCMKYaZID/TnwQOq6WFJgSDjgxCXEzQTUTd1VzB2+ZtE0jdtIwoNbVUeGnekspLsKl5SfHSK41lS5Js133NnPM9nPOcOc5BQBn3/f5jzvecz/f6nMuc7/M85/sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/N2z85GVfeHmfj/xg3cKBi1eP+krfI4cMn3DMNTceu/jhb0/e777f//8+aw575sydR60955XRi245de+3QmjuKFeSKl5y6F/XNQwePabvotuvGbz0kYF/qUjXm46HXu1/StN3zoutru0dwh0lIZQlA4NrUoHy9P2aWF/fmhB2CJsCmRIt1akSyYbDA1UhLAmbApmq7qoKoSYrcOwT9624uD1xRVUIe4cQKpNtPFuZaqMqGRhQkQpUJwPTy1KBv76TkgncWZoKwBaLb4bMi355c26G+s7LFXj9lW+1jn2wksPrERP1hfO9MXIbdypLRfKB5i162vKqY5vIe3us9G7rBu+2vO18iact+4tU+hvKO5tClaF0csuUiXPaZsdHSkNDQ49CNW2j5/np9WdN2px0t3kdxg7Ub5XX4aoLe49d/OhRw2+tG35Dn0ELN25pNwtt3m2tMqRfc93meYxG+DzpBm+/vG9J/XzpCiHsf9v42798wcs3L7h87K4HPbHTsDc+u/vdLT+75YTxxx++fsVXf//jvPl//bvP/+PLOd6W5uSOrb5dm5qbx0dqYmJdbWpuDgAAAN1Gd9hr+srq/5722X3HDX185OrqW2+659SL7/v8tT9r3a/t4bE77fj8vvN+lDf/71fc8f94yL8me7QrQxjRkTi3LoRdOx5PBW6O3flqXQh7dqSacwMjE4GVIezWkRiYqSpRomcs0S8ReLU2HRiRCDwYA82JwI0xcEkicF4MLE8EJsXAykTgsBgIrbnj2K82PY6iA1UxMCG1EZfHsxD+XBtbS2yrZzJVAQAAbCXp2WF57t2scx22NEOcXi6v6ipDPAO7YIbKRA3JGWxmWlWwhrKuaijtqobMuOe/+/Dzai7pqua80zBKcjNcWXXLpT8aNumNu2e8tOG0Iz7x2quP1S/96afXXfPGU9Mr79/j8ofz5v+N7z7/r+ykIyV5x/9DGNfxN+YuTUfaMvEJzTkZAAAAgC3w1sADvvydsq/NfeH3jwz75K+vfez1lQ9/dO8zb1v7/Bk/+NZ3au4fnTf/H1Hc+f9xn0iPrMxhVdwNMbUuhMbcQKrag/MDqaPevdIBAAAA6A4yx+Mzx8Jb07epU7ST8+n8/M2bmT8e+B/Raf7131p2/Y6feGT2Q7W3zXhqw+NfWTl64bEz3xh05dmP7HvoQU+N/Gze/L+5uPP/q3NvU514MPbi8roQemYFHoq9bA906BcDLxyaG0iP/8G4AS6KVaVPTMhUdVEsMSEGGhOBJYVKPJYpsWtuIP1kZRo/NzOO1nSJrAAAAAC87+LugHhcPp7/v2LBXZf9x41/umzVgUtnnzz98de+V1H5zknL7zyxzwX39li008hJefP/CZt3/n/HPDjv9P62XiEMKQuhR/KHAauqUwsDxkBNSTpxT3Wqrh7JqhZUh3Bw+8CSVb2YXv+/LLnG4JNVqapiYNf+N60f0J64oSqEIdmBNeOXHtCemJMIZBr/YlUIH28fbbLxn/RMNV6ebPyqniHskRXIVDWpZwjtjVUkq7q/Mn0dg2RVyytD2CkrkKlqWGUIcwMA3VX8Xzo5+8FZc+dNndjW1jJzGybiTvyqMKW1raVh0vS2yZUF+jQ50eecdYzOyR9TsZe++V16jaLVx0ytKyad+aFgY3Zb6R35eWcOpu/HL0PlHeNsKs+5u39yyPvuld9EyPoqVWjIpdt4yNXZlWx6EvPqj/krQq/Qc86slpkNZ0ycPXvm0NTfYrM3pf7G40ypbTU0ua2qO+tbES+PgstlJbzXbTUgu5Ihs6fNGDJr7rzBrdMmntxycstpwz7VNKxp6P5NjUPaB5X+28VIB3RWc2Kk7ywtclhbcaS7l2VV8n58aEhISHS3xE2Xj39m0UcXV3538UmXPHH++WefcvrOt1057ft9p48fdOXnlkz9et78f8a7z//jp0784E+vz1Do+H99PMyfenzTYf4JMbCk2OP/9YWO5mdODOiXCMyPgfkO8wMAAPDhEHdHxr2Zcad07SvfOP1/Tjii9NA/HP2LpqGDdrnw1qkDbnx94+kf23vekmvLKvKv/ze/uN//b6X1/zNL1x9VaJn/gbFEY6H1/5PL/GfW/59faP3/5DL/mfX/l3wA6//PyQQSm+TP1v8HAAA+DN6/9f+7XN4/eYGAvAxdLu+fvEBAXoYul/Ev9gIBm73+/89/XrbDx47YrW/ZF56YuNedB/7mpGkP7vKjUVev+3RT/TfPWPPzZXnz/0uKm/9buB8AAAC2Hyfs+6UBC14a8vVzpj/ww8Ezdn7purOfH3HPL4/75MYxfddVr+v76bz5/5Li5v/v//p/odD5//0KBZoLLQxo/T8AAAC6qULr//3t42d987p+O24Y1O/M29+6emrJ8L2fO/XXbRc9NOrwj435xyWTrs2b/y8vbv4fT7sozckde/N2bWpNu5Bc025dbeYnAwAAANA9lIaGhvIi8+YsjDryvbf5dHop0HdLZ9vtE6vWnHvvdX8fcvP5C9Ydf3rtQUf+oeyQOydf99KCU/boX/Pc2rz5/8ri5v85v8tYdWHvsYsfPWr427fWDb+hz6CFGzcd/wcAAAC2nWL3SwAAAAAAAAAAAAAAAB+8Y1b95Kz/+uWY4+4cNu/qR3d+/OT//PqsM1on/aLtiHUHPLv0hk/tk/f7/zCuo1yh3//H6/7F3xf0yckdW+16/b/0/WNHL5vbsWThqtoQ9soOTF0wdYeQvjb/PtmBFScO3KU9sSBZ4u7nDnu5PXFSMnDk4B03tCc+kwhMiIsk7pYMxKsqbuidCMTlFZ9MBuL2WJ4MVKQDF/ZOjaMkua3+UJPaViXJbfV0TQh1WYHMtrqjJtVGSXKAVyQCmQF+LRmIAxybDpQme7WsV6pXMVATiy7uleoVAADbrfgtsDxMaW1raYxf4ePt7mW5t1HOkmXn5FdbUmTzv0svTbb6mKl1xaR7JL+LbrrWeHmobB/C0Lyvq9lZSjpGuXVq6WLT9Skw5K5WeystUC5pczddReERVaVG1DBpetvk8i4Hvn/XWZrKuswyNG+yk52ltGOTFlFLEX0pYkRFbpsiuhzvl4aGhh6JXMNjsD7k6OoVUezv9bPX+Sv0KsjOs3zUQQOOW/bcgRMWPXnQtKnhI5e9M2Li5FmHXPHiU0vnjxw0oUfe/L++uPl/Zfa4NqQvBjA/Xlnv4LoQJhQ5IgAAAPjwO+W05y674P5LX32hecDL04dcuuK3c6+aV1Z783mHP3336W+OX3jSlsYHDHtj6Kl3/ebcjU2jHrqy99X3X7PTkXU//H/Vvea+tWLQmy/cvVfe/L9fcfP/uAcrfSg4tbdjZbz+/7l1IXRcWr8+Fbg5DverdSHs2ZFqjiVSF9Q/KpZoTAVujjtMBsYSE5pzq+oZA8sTgVdr04GVicCDMZDeS3FTSO/KubQ2hAM6UuNyS8yIJeoTgaNjoF8i0BADjYlA7xgYkQi83jsdaE4EHo2B0Jq7rW7tnd5WAAAAmyM9zyrPvRuS87zlZV1lKOkqQ3VXGUq7ylDZVYZCo4j3fxwzlCdOXinJylSerLUqUUtehngx/M3uV16G8FhuzmTBvKbj+QeZ8w1KcjNccWbF9Dc/33/R8UPGrB/ftPhzc38a/uHtOW9d8OYvz6977pqNJXnz/8bi5v/Vubep1h+M8/9N1/9LBR6K3bs8njreLwZeODQ3kN4x8GCc7F6Uqao5XSI9ab8olhgRA/0SgRkxMCIRmDAuHViyS24gPdPONH5upvHWdImsAAAAALzv4g6CuJsmzv+fXTv+iWnjf3vQZX1nLzx/+VFffvrXx736i3t73v3d/osebitZuzpv/j+iuPl/bK9XdmPnxd6s7R3CHSWbepMJDK5JBeJ+jJr48/i+NSHskLWDI1OipTpVoiLRcHigKvUL9YpkVXdVpdYYiPePfeK+FRe3J66oCmHvrL0vmTaerUy1UZUMDKhIBaqTgellqUDc85MJ3FmaCsAWy+wVjC+o9KkuGfWdlyvw+vuwXBM0Oby8faCd5OvsN1fbSmXygfQ+1YzNe9ryqmObyHt7rPRu647vtnrvtuwvUulvKO9sClWG0sktUybOaZsdH8n+JWuebfQ8Z/9KtZj0Vngdzn/vve1aZbIDjYmPj8bOy3X+OiyJ1a26sPfYxY8eNfzWuuE39Bm0cGPR3Sgg/lB45rCr6rM377ZWGdKvuW73edLs86Q7/hvo52kLIYy7d+xFjYfcuHDSiP7X73xH7fDLvzT4lkMbnx1XM2eXw8e89sV5efP/5uLm/2WJ2w4b48acVRfCvlkbd1Xc/KPqUp+DWYHUp+RO+YHUIfeXagt+cgIAAMDWltndkdlf0Jq+TZ0Qnpwn5+dv3sz8cX/FiE7zF9vv/lecsnL0hAN/23f8XoccvM9Zdy04er+/Tbz+tT9Wj5z0wPd+tfr6vPn/hHef//dMdNPxf8f/2UYc/+/U9r4rumfygflbtCs6rzq2Ccf/O7W9v9sc/++U4/+O/3fG8f8uOP7fqe39acv7ljTDl64Qwr9f/vm/vX3Pbv02LC393pQH5vU//rLvL1r2k52f+efH/mn69H33/FXe/H9GcfN/6/91vmhfZv2/CYXW/5tRaP2/+db/AwAAtqkCC80l53l5q/flZUiu3peXocsFArtcYtD6f5u9/t+L/3Lpgr2mjv3GiWc9dnDvR+tHrRkz6O8nvbrnmuuevHLoIyf8/dt58//5xc3/48uhV3br3WX9v37jClR1SQzMsDAgAAAA26NCOwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4YJ31xynnjVjw+J+ap39l/fLx32nd8fGHprzefMQPRy87es0pu5xyb581hz1z5s6j1p7zyuhFt5y691shtHaUK0kVLzn0r+saBo8e03fR7dcMXvrIwL9UpustT99+NCd3bPXt2hCWZD1SExPratvvbAocO3rZ3LL2xKraEPbKDkxdMHWH9sSNtSHskx1YceLAXdoTC5Il7n7usJfbEyclA0cO3nFDe+Iz6UBJsrv/1jvV3ZJkdy/uHUJdViDT3VN751aVaeOIdKA02cZ3a1JtxEBNLHpVTaqNGGiLJVp7hjCkLIQeyaoeqUxV1SNZ1U8rU1X1SFZ1dmUIB4cQypJVPV+RqqosOfLHKlJVxcCu/W9aP6A9sbQihCHZgTXjlx7QnpiZCGQaP6YihI+3v2SSjd9anmq8PNn4v5aHsEcIoSJZ4s2yVImKZIkXy0LYKSuwaSOWhTA38OEQP30mZz84a+68qRPb2lpmbsNERbqtqjClta2lYdL0tsmViT4VUpKVfuec9z72360/a1L77epjptYVky5Llyvv6HJTec7d/bf33sd+VWdXsun5yKs/5q8IvULPObNaZjacMXH27JlDU3+Lzd6U+tsjHU1tq6HdZVsNyK5kyOxpM4bMmjtvcOu0iSe3nNxy2rBPNQ1rGrp/U+OQ9kGl/26NkS59/0e6e1lWJe/H+19CQqK7JUpzPt0at/fP8bwv+ps6Wh4qOz6g86YV2VlKOka5NQY98j2O+L18TelyREPzJg55WZq6zrJ/3mRiU5aqVJaOr3V5k8Psmko7Nmm8XxoaGnoU2g71uXezN+8bW7B5n05vumLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwv+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAD//+GI8JI=")
r0 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000100)=ANY=[], 0xb, 0x0, &(0x7f0000000100))
fallocate(r0, 0x1, 0x0, 0x1001f0)

4.355162816s ago: executing program 7 (id=4403):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fd1ff7907001175f37538e486dd6317010000003a00db536873f45f08c6feaa70e2aef57b20000000000000000000000000ac1414aa"], 0xfdef)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

4.084721959s ago: executing program 2 (id=4406):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {}, 0xfd}, 0x18)
connect$can_j1939(r0, &(0x7f0000000080)={0x1d, r1, 0x0, {0x0, 0xff, 0x2}, 0xff}, 0x18)

3.820116382s ago: executing program 2 (id=4408):
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x8001, @loopback, 0xfffffffc}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000005c0)={0x0, @in6={{0xa, 0x4e22, 0x0, @empty, 0x3}}, 0x208001, 0x848, 0x0, 0x0, 0xb3550aa4ba87834d, 0x80000}, 0x9c)

3.57412365s ago: executing program 7 (id=4410):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace(0x10, r0)
ptrace$peeksig(0x4209, r0, 0x0, 0x0)

3.398011985s ago: executing program 3 (id=4411):
r0 = eventfd2(0x0, 0x0)
io_setup(0x81, &(0x7f0000000400)=<r1=>0x0)
read$eventfd(r0, &(0x7f0000000000), 0x8)
io_submit(r1, 0x3, &(0x7f0000001600)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xd5, r0, 0x0, 0x0, 0x3, 0x0, 0x1, r0}, 0x0, 0x0])

3.263783154s ago: executing program 7 (id=4412):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r0, &(0x7f0000000100)=[{&(0x7f00000004c0)='4', 0x1}], 0x9)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r1, &(0x7f0000019200)=""/102400, 0x19000, 0x1000000000)

3.259528201s ago: executing program 8 (id=4413):
r0 = syz_open_dev$swradio(&(0x7f0000000140), 0x0, 0x2)
r1 = dup(r0)
read(r1, &(0x7f0000000040), 0x0)
ioctl$VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000000)={0xf0f046})

2.836657609s ago: executing program 7 (id=4414):
syz_mount_image$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9902)

2.80422249s ago: executing program 3 (id=4415):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000300)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0)
readv(r1, &(0x7f0000000040)=[{&(0x7f0000001640)=""/244, 0xf4}], 0x1)

2.772521608s ago: executing program 8 (id=4416):
unshare(0x62020600)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0xa8)
fadvise64(r0, 0x2400000, 0x2, 0x500)

2.744145069s ago: executing program 2 (id=4417):
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)='a', 0x1}], 0x1, 0x0, 0x0, 0x44}], 0x1, 0x0)
r0 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r1 = add_key$user(&(0x7f0000000400), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000480)='\n', 0x1, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000480)={r1, r0, r0}, &(0x7f0000000580)=""/204, 0xcc, &(0x7f0000000680)={&(0x7f00000004c0)={'sha3-384\x00'}})

2.524760047s ago: executing program 3 (id=4418):
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}})

2.447973454s ago: executing program 2 (id=4419):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x60, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xeb3}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0xe}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x20004080)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)

2.138731136s ago: executing program 2 (id=4421):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a)
r1 = socket(0x2a, 0x2, 0x87)
sendfile(r1, r0, 0x0, 0x9)

2.136397864s ago: executing program 7 (id=4433):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0xdd008d5803396e68}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000013c0)=@newtfilter={0x84, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xb, 0xd}, {}, {0x7, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa}, {0x4c, 0x2, [@TCA_BASIC_POLICE={0x48, 0x4, [@TCA_POLICE_AVRATE={0x8, 0x4, 0x7ff}, @TCA_POLICE_TBF={0x3c, 0x1, {0x6, 0x10000000, 0x92, 0x5, 0x9bc, {0x2, 0x2, 0x4, 0x9, 0xff}, {0x2, 0x1, 0x8, 0x9, 0x80, 0x8e}, 0x1, 0x4, 0x6}}]}]}}, @TCA_RATE={0x6, 0x5, {0x1, 0x2}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0)

2.027182492s ago: executing program 4 (id=4422):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000080)='hugetlb.2MB.rsvd.max_usage_in_bytes\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0xd)

1.932905894s ago: executing program 0 (id=4424):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000340)={@hyper})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f0000000140)={0x0, 0x6, 0xffffffffffffffcb, 0xa277})

1.821153263s ago: executing program 3 (id=4425):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x109942, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000580))
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000001c0)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0xe, 0x7}]})
write$ppp(r0, &(0x7f0000000140)="0a16", 0x2)

1.749824687s ago: executing program 8 (id=4426):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0)
ioctl$COMEDI_CMD(r1, 0x80506409, &(0x7f0000000180)={0x1, 0x80, 0x80, 0xd, 0x10, 0xfffffed8, 0x2, 0x0, 0x20, 0x1, 0x20, 0x1, &(0x7f0000000600)=[0x7], 0x1, 0x0})
close_range(r0, 0xffffffffffffffff, 0x0)

1.743936619s ago: executing program 0 (id=4427):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'geneve1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x1c, 0x0, 0x1, 0x70bd29, 0xffffffbe, {{0x2}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x48080}, 0x20004056)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="5800000010000300"/20, @ANYRES32=r1, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028005000400010000001c001a8018000a80140007"], 0x58}, 0x1, 0x2}, 0x80)

1.671299507s ago: executing program 7 (id=4428):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = shmget$private(0x0, 0x800000, 0x200, &(0x7f0000800000/0x800000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xbbdccba4532b503b)
syz_clone(0x668c7400, 0x0, 0x0, 0x0, 0x0, 0x0)

1.425075381s ago: executing program 8 (id=4429):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'gre0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

1.171807035s ago: executing program 0 (id=4430):
r0 = gettid()
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/l2cap\x00')
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000000280)=""/231, 0xe7}], 0x1, 0x5, 0x0)

1.109825367s ago: executing program 8 (id=4431):
r0 = socket(0x10, 0x2, 0x0)
write(r0, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})

1.051403278s ago: executing program 3 (id=4432):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f00000028c0)='./file1\x00', 0x2a08800, &(0x7f0000000040)=ANY=[], 0x1, 0x6af, &(0x7f0000003180)="$eJzs3ctrHPcdAPDvjFYrrQuOktiJWwIVMaSlorYeyK16idtD0SGU4B5CSy+LvY6F10qQlCKb0qrvaw/5A9KDDoWcCr0b0tJTm1uuOpVAoZecdFOZ2ZndlVa71trSru18PjA7v5nfc77z2J0RYgL40lqdi8rDSGJ17q3tbHlvd6m5t7s0VWQ3IyJLpxGV1iyS9Yjkk4jr0Zriq9nKonzSr58P11ZufPbF3uetpUox5eXTQfVOZqeYYjYiJop5r8nHau9m3/YGq7dTSXsLs4BdLgMH43bQY2eY6k943gJPg6T1vdljJuJcREwXvwOiuDqkox3d6RvqKgcAAADPqBf2Yz+24/y4xwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPkuL9/0kxpWV6NpLy/f+VYl2mGhE30jGPeXhJO/VwrOMAAAAAAAAAgNPx9f3Yj+04Xy4ftP40Xsk/L+SfX4kPYjMasRFXYjvqsRVbsRELETHT1VB1u761tbEQrz+y5uKxNRdHsbUAAAAAAAAA8Nz6Tax2/v4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPgyRiojXLpwtleibSSkRMR0Q1K7cT8WmZfkYkZaLWtfLheMYCAAAAj236uJWf/mNgnRf2Yz+243y5fJDk9/yv5PfL0/FBrMdWrMVWNKMRt4p76OyuP93bXWru7S7d29tdyjv+2UFLq53v/2+ooectRuvZw/E9X8pL1OJ2rOVrrsTNfDC3Is1rZi4V42lPhzv5dTam2puFE47sVjHPOvtT91OE05YOW2EmrzTZjsh8MbasoRcHR+KRe6cysKeFSNtPfi4M6KncpGTImJ8r60XEH47E/M3//OUnJ2zmDLQjkUYeicWuo++VdhSmjq/8jb99/M6d5vrdO7c3587sMBqVo8fEUlckXh189D3lkagMWX6+faS3NmU1fhg/jrmYjbdjI9bi55EdD40oroxRL8plnzNdUYroidT1Q0tvP2ok1WK/tK6iaVxs5/SOqR5b0YjZmMpT9Xg9r3s+1iKJ9+JWNOJaXGufesuxHCtde/hi3z2cV8ivtOlwZ/3lb3ZCGH888ph2oH+etODwWl+pWVxf7Ipr9zV3Js/rXtOJ0ksn+D4a8tpY+VqRyPr4bT7/6VPyEP5oJBa6IvHy4Ej8OT83Npvrdzfu1N/v0/7OkeU3Jjvp35/lN/PQsh3yUkwXV5LDR0eW93L7KnM4XtXiLy6tvLQn72KelyTlmfqjrjP1WizGQnynOFOrxW+43pYW87xXe/MmypFf6so79Hsr3vvXeOIJwJDOfetctfbf2r9rH9V+V7tTe2v6B1PfnXqtGpN/n/xeZX7ijfS15K/xUfyyc/8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vs37D+7Wm83GxvGJtH/W6SaS4kU+/cpUohan1VfxwsJfdWVNxllv4P0H1d5N3jn1vmJE++vJEuWbq560nXeuj2DMExGjjGrMHHcWTJ1SxHoT2eaVayaik1V0eOzLRYHnwdWte+9f3bz/4Ntr9+rvNt5trE8uL6/MryxfW7p6e63ZmG99jnuUwFno/B7oV+Lj0Q4IAAAAAAAAAAAAeKRR/FdDV3ezY9xUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bm1OheVyUhiYf7KfLa8t7vUzKYy3SlZiYg0jUh+EZF8EnE9WlPMdDWX9Ovnw7WVG599sfd5p61KWT4dVK9UHZi7U0wxGxETxXxgGwcHJ27vZr/2Tixpb2EWsMtl4GDc/h8AAP//ZlAA0Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101041, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xe7c)
write$FUSE_INIT(r0, &(0x7f0000004580)={0x50, 0x0, 0x0, {0x7, 0x2d, 0x6, 0x8000, 0x6, 0x4, 0x8, 0x1, 0x0, 0x0, 0x20, 0x5}}, 0x50)

722.801326ms ago: executing program 2 (id=4434):
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@mcast1, 0x1, 0x2, 0x2, 0x6}, 0x20)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x5})
ioctl(r0, 0x8b32, &(0x7f0000000040))

489.900821ms ago: executing program 0 (id=4435):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)={0x9c, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa, 0x0, 0x2}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_LABELS={0x8, 0x16, 0x1, 0x0, [0x4a9]}]}, 0x9c}}, 0x0)

425.183331ms ago: executing program 8 (id=4436):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002cbd700000120000010000000c0002000200000000000000400007800c00018008000100", @ANYRES32=r0, @ANYBLOB="0c00018008000100", @ANYRES32=r0, @ANYBLOB="0c00018008000100", @ANYRES32=r1, @ANYBLOB="2400018008000100", @ANYRES32=r0, @ANYBLOB="0c00018008000100", @ANYRES32=r1, @ANYBLOB="0c000500e201"], 0x6c}}, 0x4)

291.075672ms ago: executing program 4 (id=4437):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x2}, 0x20)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r1, 0xffffffffffffffff, 0x0)

217.10242ms ago: executing program 0 (id=4438):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r2=>0x0}, &(0x7f0000000000)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000040)={0x8, 0x101, 0x2, 0x990, 0x1000, 0x7, 0x0, 0x9, r2}, 0x20)

78.821067ms ago: executing program 0 (id=4439):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000100), 0xff, 0x4a1, &(0x7f00000004c0)="$eJzs3MtvVFUYAPDvTh+8aUVEQdAqGomPlhZUFi7UaOJCExNd4LK2BZGBGloTIY0WY3BpSNwblyb+Be7cGHVhTNxq4tKQEG1MKK5q7gum02mZlpYpnd8vmc45c1/nu+eemXPv6b0BtK2+9E8SsT0ifo+Injw7f4a+/G12Zmrk+szUSBJzc2/9nWTzXZuZGilnLZfbVmQOVSIqnyXxYrJwuxPnL5werlbHzhX5gckzHwxMnL/wzKkzwyfHTo6dHTp27OiRweefG3p2VeJM47q27+Px/Xtfe+fyGyPHL7/707dpsfYcyKfXxnFL1xsE1EBfutf+mcvUT3t8GWW/G+yoSSedLSwIy9IREWl1dWXtvyc64mbl9cSrn7a0cMCaSn+bNi0+eXoO2MCSaHUJgNYof+jT89/ydYe6HuvC1Zciuov07MzUyOyN+DujUnzetYbb74uI49P/fZW+YrnXIQAAViDr2zzdqP9XiT3Zez7WsbMYQ+mNiHsiYldE3BsRuyPivohs3vujOx7IF57raXL7fXX5hf2fypWGZV4laf/vhZq+32xN/MVbb0eR25HF35WcOFUdO1zsk0PRtSnNDy6xje9f+e2LxabV9v/SV7r9si9YFOBKZ90FutHhyeHV2glXL0bs62wUf3JjJCA9AvZGxL7lrXpnmTj15Df7F5vp1vEvYRXGmea+jngir//pqIu/lCw9PjmwOapjhwfKo2Khn3+99GaR7K6fdlvxr4K0/rfOP/6LKReL955/k3y8tiuq1bFzE8vfxqU/Pl/0nGalx3938nY2Zv3Le/lnHw1PTp4bjOhOXs/y5Y7OPh+6uWyZL+dP4z90sHH731Usk8b/YESkB/GBiHgoIh4uyv5IRDwaEQeXiP/Hlx97f4n4k0iipfU/2vD7L4nYnCV6k9rx+hUkOk7/8N1iI+bN1f/RmM6+a3PZ998tNFvA29+DAAAAsP5VImJ7JJX+PN23PSqV/v78f/h3x9ZKdXxi8qkT4x+eHc3vEeiNrkp5paun5nroYDJdrDHPDxXXisvpR4rrxl92bMny/SPj1dEWxw7tbtv89h9l+0/91dHq0gFrzv1a0L7q23+lReUA7rxmfv+dC8DG1KD9b2lFOYA7z/k/tK9G7f+Turz+P2xMC9v/nw0eWQdsRPr/0L60f2hf2j+0pWbv4i+fp7DihwDMS5Q3C6x8PZubvsN//SX61mTNZQ2tZeG3xM1PorJqa55eB5WyzhNpi1nJ4rGz+WdhzE80eFgNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAXej/AAAA//+q8eIl")
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
readlinkat(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, 0xb4)
readlink(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000004c0)=""/79, 0x4f)

56.118145ms ago: executing program 3 (id=4440):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000500), 0x100, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f00000000c0)={0x6, "1f938a7b853b3a9b0b00000000000000008900", <r1=>0xffffffffffffffff})
prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0)
ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, 0x0)

0s ago: executing program 4 (id=4441):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0xdd008d5803396e68}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000013c0)=@newtfilter={0x84, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xb, 0xd}, {}, {0x7, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa}, {0x4c, 0x2, [@TCA_BASIC_POLICE={0x48, 0x4, [@TCA_POLICE_AVRATE={0x8, 0x4, 0x7ff}, @TCA_POLICE_TBF={0x3c, 0x1, {0x6, 0x10000000, 0x92, 0x5, 0x9bc, {0x2, 0x2, 0x4, 0x9, 0xff}, {0x2, 0x1, 0x8, 0x9, 0x80, 0x8e}, 0x1, 0x4, 0x6}}]}]}}, @TCA_RATE={0x6, 0x5, {0x1, 0x2}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0)

kernel console output (not intermixed with test programs):

824455][ T5779] usb 5-1: config 0 descriptor??
[  455.861496][T14097] loop6: lost filesystem error report for type 5 error -117
[  455.863642][T14097] EXT4-fs error (device loop6): ext4_do_update_inode:5690: inode #16: comm syz.6.3240: corrupted inode contents
[  455.923685][T14097] loop6: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[  455.933117][T14097] EXT4-fs error (device loop6): ext4_truncate:4690: inode #16: comm syz.6.3240: mark_inode_dirty error
[  455.982247][T14097] loop6: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[  455.985052][T14097] EXT4-fs error (device loop6) in ext4_process_orphan:345: Corrupt filesystem
[  456.044502][T14097] loop6: lost filesystem error report for type 5 error -117
[  456.054205][T14097] EXT4-fs (loop6): 1 truncate cleaned up
[  456.058875][T14119] loop0: detected capacity change from 0 to 1024
[  456.091174][   T36] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  456.120040][ T5779] RobotFuzz Open Source InterFace, OSIF 5-1:0.0: version d4.15 found at bus 005 address 021
[  456.135061][T14097] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  456.170345][   T36] EXT4-fs error (device loop6): ext4_release_dquot:7068: comm kworker/u8:2: Failed to release dquot type 1
[  456.186513][T14119] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  456.209923][T14097] ext4 filesystem being mounted at /154/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  456.302441][T14119] ext4 filesystem being mounted at /489/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  456.325708][   T30] audit: type=1326 audit(1777723946.561:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14126 comm="syz.3.3253" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f479f99cdd9 code=0x0
[  456.346842][T14094] i2c i2c-1: adapter quirk: no zero length (addr 0x0007, size 0, read)
[  456.419561][ T5834] usb 5-1: USB disconnect, device number 21
[  456.463901][T14119] EXT4-fs error (device loop0): ext4_map_blocks:833: inode #15: comm syz.0.3249: lblock 0 mapped to illegal pblock 0 (length 6)
[  456.640084][ T5622] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  456.681898][T11246] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  456.802111][T14135] loop0: detected capacity change from 0 to 1024
[  456.833324][T14135] ext3: Unknown parameter 'noacl'
[  456.906182][T14137] netlink: 'syz.2.3257': attribute type 10 has an invalid length.
[  456.972959][T14140] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3257'.
[  457.173328][T14137] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  457.235512][T14137] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[  457.403926][T14147] input: syz1 as /devices/virtual/input/input36
[  457.471675][T14140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  457.587356][T14140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  457.704108][T14140] bond0 (unregistering): (slave netdevsim1): Releasing backup interface
[  457.804151][T14140] bond0 (unregistering): Released all slaves
[  458.040359][T14162] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3268'.
[  458.839683][T14190] kernel read not supported for file /file0 (pid: 14190 comm: syz.0.3280)
[  458.868327][   T30] audit: type=1800 audit(1777723949.111:116): pid=14190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3280" name="file0" dev="mqueue" ino=34581 res=0 errno=0
[  458.904053][T14192] loop7: detected capacity change from 0 to 64
[  459.170483][ T5354] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  459.369037][ T5354] usb 4-1: Using ep0 maxpacket: 8
[  459.424089][ T5354] usb 4-1: config 0 has no interfaces?
[  459.445682][ T5354] usb 4-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b
[  459.473266][ T5354] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  459.510704][ T5354] usb 4-1: Product: syz
[  459.534943][ T5354] usb 4-1: Manufacturer: syz
[  459.551868][ T5354] usb 4-1: SerialNumber: syz
[  459.591276][ T5354] usb 4-1: config 0 descriptor??
[  459.806150][T14204] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.850904][ T5834] usb 4-1: USB disconnect, device number 25
[  460.116348][T14219] loop7: detected capacity change from 0 to 1024
[  460.180834][T14219] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  460.245084][T14219] ext4 filesystem being mounted at /162/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  460.370916][T14219] EXT4-fs error (device loop7): ext4_map_blocks:833: inode #15: comm syz.7.3290: lblock 0 mapped to illegal pblock 0 (length 6)
[  460.582611][T11400] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  460.668638][T14234] loop3: detected capacity change from 0 to 512
[  460.715341][T14234] EXT4-fs error (device loop3): ext4_expand_extra_isize_ea:2810: inode #11: comm syz.3.3295: corrupted xattr block 95: invalid header
[  460.821137][T14234] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  460.828960][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  460.831118][T14234] EXT4-fs error (device loop3): ext4_validate_block_bitmap:431: comm syz.3.3295: bg 0: block 7: invalid block bitmap
[  460.838186][    C1] EXT4-fs (loop3): initial error at time 1777723951: ext4_expand_extra_isize_ea:2810: inode 11
[  460.867418][    C1] EXT4-fs (loop3): last error at time 1777723951: ext4_expand_extra_isize_ea:2810: inode 11
[  460.889032][T14234] loop3: lost filesystem error report for type 5 error -117
[  460.893147][T14240] net_ratelimit: 2631 callbacks suppressed
[  460.893171][T14240] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  460.915790][T14240] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  460.990033][T14234] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6679: Corrupt filesystem
[  461.001840][T14240] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  461.008293][T14240] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  461.051223][T14234] loop3: lost filesystem error report for type 5 error -117
[  461.051607][T14240] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  461.065441][T14240] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  461.074461][T14234] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2972: inode #11: comm syz.3.3295: corrupted xattr block 95: invalid header
[  461.111388][T14240] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  461.117855][T14240] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  461.122395][T14234] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  461.142175][T14234] EXT4-fs warning (device loop3): ext4_evict_inode:287: xattr delete (err -117)
[  461.159198][T14240] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  461.166998][T14240] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  461.215442][T14234] EXT4-fs (loop3): 1 orphan inode deleted
[  461.226221][T14234] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  461.458078][T14252] netlink: 256 bytes leftover after parsing attributes in process `syz.6.3304'.
[  461.555111][ T5625] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  461.907518][T14265] loop6: detected capacity change from 0 to 1024
[  461.940403][T14265] EXT4-fs: Ignoring removed bh option
[  461.999381][T14265] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  462.512093][T14278] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3314'.
[  462.920741][T11246] EXT4-fs error (device loop6): ext4_read_inline_dir:1493: inode #12: block 7: comm syz-executor: path /166/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0
[  462.956875][T11246] EXT4-fs (loop6): Remounting filesystem read-only
[  463.237670][T14294] dummy0: entered allmulticast mode
[  463.413205][T14298] netlink: 148 bytes leftover after parsing attributes in process `syz.2.3323'.
[  463.435608][T14296] dummy0: left allmulticast mode
[  463.495337][T14301] netlink: 88 bytes leftover after parsing attributes in process `syz.7.3324'.
[  463.529619][T11246] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  463.737274][T14305] loop0: detected capacity change from 0 to 128
[  463.858399][   T36] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  464.219224][   T36] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  464.353770][T14320] loop7: detected capacity change from 0 to 256
[  464.373247][T14320] exfat: Deprecated parameter 'utf8'
[  464.398540][T14320] exfat: Deprecated parameter 'utf8'
[  464.416712][T14320] exfat: Deprecated parameter 'utf8'
[  464.493352][T14320] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  464.523587][   T36] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  464.696725][ T5644] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  464.724331][ T5644] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  464.734081][ T5644] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  464.758602][ T5644] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  464.774757][ T5644] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  465.020717][   T36] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.017239][   T36] bridge_slave_1: left allmulticast mode
[  466.066843][   T36] bridge_slave_1: left promiscuous mode
[  466.082487][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  466.157112][   T36] bridge_slave_0: left allmulticast mode
[  466.186132][   T36] bridge_slave_0: left promiscuous mode
[  466.232888][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  466.296040][T14369] loop7: detected capacity change from 0 to 128
[  466.400322][T14372] netlink: 'syz.0.3354': attribute type 1 has an invalid length.
[  466.433703][T14372] netlink: 'syz.0.3354': attribute type 2 has an invalid length.
[  466.474839][T14372] netlink: 'syz.0.3354': attribute type 1 has an invalid length.
[  466.859811][ T5634] Bluetooth: hci3: command tx timeout
[  467.294444][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  467.328337][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  467.356791][   T36] bond0 (unregistering): Released all slaves
[  467.392741][   T36] bond1 (unregistering): Released all slaves
[  467.854887][ T5283] 8021q: adding VLAN 0 to HW filter on device eth9
[  468.347874][   T36] hsr_slave_0: left promiscuous mode
[  468.366713][   T36] hsr_slave_1: left promiscuous mode
[  468.385161][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  468.417170][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  468.443498][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  468.456930][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  468.486569][   T36] veth1_macvtap: left promiscuous mode
[  468.496785][   T36] veth0_macvtap: left promiscuous mode
[  468.513493][   T36] veth1_vlan: left promiscuous mode
[  468.529204][   T36] veth0_vlan: left promiscuous mode
[  468.929601][ T5634] Bluetooth: hci3: command tx timeout
[  469.161748][   T36] team0 (unregistering): Port device team_slave_1 removed
[  469.198387][   T36] team0 (unregistering): Port device team_slave_0 removed
[  470.264790][T14457] bridge0: port 2(bridge_slave_1) entered disabled state
[  470.285224][T14473] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3391'.
[  470.763322][T14484] netlink: 'syz.4.3394': attribute type 10 has an invalid length.
[  470.786149][   T36] IPVS: stop unused estimator thread 0...
[  470.829055][T14490] netlink: 14 bytes leftover after parsing attributes in process `syz.4.3394'.
[  470.923605][T14484] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  470.954946][T14484] bond0: (slave netdevsim1): Enslaving as an active interface with a down link
[  471.009957][ T5634] Bluetooth: hci3: command tx timeout
[  471.103185][T14490] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  471.174453][T14490] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  471.263659][T14490] bond0 (unregistering): (slave netdevsim1): Releasing backup interface
[  471.354512][T14490] bond0 (unregistering): Released all slaves
[  471.654731][T14321] bridge0: port 1(bridge_slave_0) entered blocking state
[  471.705958][T14321] bridge0: port 1(bridge_slave_0) entered disabled state
[  471.739621][T14321] bridge_slave_0: entered allmulticast mode
[  471.780269][T14321] bridge_slave_0: entered promiscuous mode
[  471.824857][T14321] bridge0: port 2(bridge_slave_1) entered blocking state
[  471.862301][T14321] bridge0: port 2(bridge_slave_1) entered disabled state
[  471.893941][T14321] bridge_slave_1: entered allmulticast mode
[  471.926514][T14321] bridge_slave_1: entered promiscuous mode
[  472.032775][ T5283] 8021q: adding VLAN 0 to HW filter on device eth10
[  472.126098][T14521] loop7: detected capacity change from 0 to 256
[  472.147747][T14521] exfat: Deprecated parameter 'utf8'
[  472.159781][T14321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  472.178329][T14521] exfat: Deprecated parameter 'namecase'
[  472.226404][T14321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  472.319165][T14521] exFAT-fs (loop7): failed to load upcase table (idx : 0x0001fe89, chksum : 0xf974f890, utbl_chksum : 0xe619d30d)
[  472.505462][T14321] team0: Port device team_slave_0 added
[  472.531793][T14321] team0: Port device team_slave_1 added
[  472.660517][T14321] batman_adv: batadv0: Adding interface: batadv_slave_0
[  472.688430][T14321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  472.808987][T14321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  472.982381][T14544] cgroup: fork rejected by pids controller in /syz4
[  473.036302][T14321] batman_adv: batadv0: Adding interface: batadv_slave_1
[  473.073343][T14321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  473.110926][ T5634] Bluetooth: hci3: command tx timeout
[  473.135864][T14321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  473.279148][ T5844] usb 3-1: new full-speed USB device number 32 using dummy_hcd
[  473.403536][T14321] hsr_slave_0: entered promiscuous mode
[  473.433341][T14321] hsr_slave_1: entered promiscuous mode
[  473.454387][T14321] debugfs: 'hsr0' already exists in 'hsr'
[  473.479339][T14321] Cannot create hsr debugfs directory
[  473.514016][ T5844] usb 3-1: unable to get BOS descriptor or descriptor too short
[  473.534285][ T5844] usb 3-1: not running at top speed; connect to a high speed hub
[  473.566188][ T5844] usb 3-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40
[  473.611774][ T5844] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  473.643909][ T5844] usb 3-1: Product: syz
[  473.661311][ T5844] usb 3-1: Manufacturer: syz
[  473.687069][ T5844] usb 3-1: SerialNumber: syz
[  474.012539][ T5844] usb 3-1: BAAD HEADPHONE p_chmask mismatch
[  474.415047][T14571] loop3: detected capacity change from 0 to 32768
[  474.432287][T14571] (syz.3.3422,14571,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  474.437446][ T5844] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  474.471631][T14571] (syz.3.3422,14571,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  474.527958][T14571] JBD2: Ignoring recovery information on journal
[  474.580905][ T5283] 8021q: adding VLAN 0 to HW filter on device eth11
[  474.596661][T14571] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  474.722433][ T5844] usb 3-1: USB disconnect, device number 32
[  474.895691][ T5613] udevd[5613]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  475.052555][ T5625] ocfs2: Unmounting device (7,3) on (node local)
[  475.740685][ T5644] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  475.764505][ T5644] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  475.774176][ T5644] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  475.785895][ T5644] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  475.795474][ T5644] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  476.262704][   T78] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  476.416467][T14602] tipc: Started in network mode
[  476.431605][T14602] tipc: Node identity ac14140f, cluster identity 4711
[  476.471386][T14602] tipc: New replicast peer: 255.255.255.255
[  476.489391][T14602] tipc: Enabled bearer <udp:syz2>, priority 10
[  476.705652][   T78] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  476.805041][T14321] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  476.828513][T14321] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  476.925995][   T78] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  476.970544][T14321] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  477.000268][T14321] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  477.032627][T14321] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  477.039556][ T5779] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  477.080716][T14321] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  477.113442][ T5644] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  477.136126][ T5644] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  477.145784][ T5644] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  477.154822][ T5644] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  477.173716][ T5644] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  477.200484][ T5779] usb 4-1: Using ep0 maxpacket: 16
[  477.213413][ T5779] usb 4-1: config index 0 descriptor too short (expected 52, got 36)
[  477.235837][ T5779] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[  477.272334][ T5779] usb 4-1: config 0 has no interface number 0
[  477.285017][ T5779] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  477.306547][ T5779] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  477.336841][ T5779] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  477.348413][   T78] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  477.366965][ T5779] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.380484][ T5779] usb 4-1: Product: syz
[  477.397079][ T5779] usb 4-1: Manufacturer: syz
[  477.407260][ T5779] usb 4-1: SerialNumber: syz
[  477.429990][ T5779] usb 4-1: config 0 descriptor??
[  477.436257][T14321] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  477.452416][T14614] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  477.469983][T14614] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  477.490825][T14321] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  477.511648][ T5283] 8021q: adding VLAN 0 to HW filter on device eth12
[  477.634950][  T800] tipc: Node number set to 2886997007
[  477.775482][T14614] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  477.811566][T14614] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  477.890287][ T5644] Bluetooth: hci2: command tx timeout
[  478.388391][   T78] bridge_slave_1: left promiscuous mode
[  478.400946][   T78] bridge0: port 2(bridge_slave_1) entered disabled state
[  478.440720][   T78] bridge_slave_0: left allmulticast mode
[  478.457932][   T78] bridge_slave_0: left promiscuous mode
[  478.473270][   T78] bridge0: port 1(bridge_slave_0) entered disabled state
[  478.485569][ T5779] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  478.504115][ T5834] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  478.514657][ T5779] asix 4-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  478.548973][ T5779] asix 4-1:0.251: probe with driver asix failed with error -71
[  478.601125][ T5779] usb 4-1: USB disconnect, device number 26
[  478.683563][ T5834] usb 1-1: Using ep0 maxpacket: 8
[  478.703280][ T5834] usb 1-1: unable to get BOS descriptor or descriptor too short
[  478.734456][ T5834] usb 1-1: config 4 interface 0 has no altsetting 0
[  478.796364][ T5834] usb 1-1: string descriptor 0 read error: -22
[  478.804030][ T5834] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  478.824943][ T5834] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  478.884501][ T5834] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  478.925148][ T5834] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  478.941312][ T5834] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  478.956108][ T5834] usb 1-1: media controller created
[  479.021299][ T5834] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  479.229240][   T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  479.249127][ T5644] Bluetooth: hci4: command tx timeout
[  479.285493][   T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  479.314292][   T78] bond0 (unregistering): Released all slaves
[  479.405655][T14662] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3446'.
[  479.540027][   T78] IPVS: stopping master sync thread 12151 ...
[  479.969732][ T5644] Bluetooth: hci2: command tx timeout
[  479.990316][T14321] 8021q: adding VLAN 0 to HW filter on device bond0
[  480.318085][ T5834] usb 1-1: USB disconnect, device number 27
[  480.613703][   T78] hsr_slave_0: left promiscuous mode
[  480.633275][   T78] hsr_slave_1: left promiscuous mode
[  480.659035][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  480.680332][   T78] batman_adv: batadv0: Removing interface: batadv_slave_0
[  480.718846][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  480.735281][   T78] batman_adv: batadv0: Removing interface: batadv_slave_1
[  480.814668][   T78] veth1_macvtap: left promiscuous mode
[  480.831302][   T78] veth0_macvtap: left promiscuous mode
[  480.843685][   T78] veth1_vlan: left promiscuous mode
[  480.865374][   T78] veth0_vlan: left promiscuous mode
[  481.090493][ T5897] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  481.265077][ T5897] usb 4-1: config 0 has an invalid interface number: 50 but max is 0
[  481.288205][ T5897] usb 4-1: config 0 has no interface number 0
[  481.310931][ T5897] usb 4-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  481.329281][ T5644] Bluetooth: hci4: command tx timeout
[  481.352796][ T5897] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  481.368966][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  481.386172][ T5897] usb 4-1: Product: syz
[  481.399080][ T5897] usb 4-1: Manufacturer: syz
[  481.403732][ T5897] usb 4-1: SerialNumber: syz
[  481.426600][ T5897] usb 4-1: config 0 descriptor??
[  481.463560][ T5897] yurex 4-1:0.50: USB YUREX device now attached to Yurex #0
[  481.785825][ T5897] usb 4-1: USB disconnect, device number 27
[  481.821941][ T5897] yurex 4-1:0.50: USB YUREX #0 now disconnected
[  481.843676][   T78] team0 (unregistering): Port device team_slave_1 removed
[  481.916914][   T78] team0 (unregistering): Port device team_slave_0 removed
[  482.049343][ T5644] Bluetooth: hci2: command tx timeout
[  482.368544][ T5283] 8021q: adding VLAN 0 to HW filter on device eth13
[  482.551744][T14321] 8021q: adding VLAN 0 to HW filter on device team0
[  482.583070][T12441] bridge0: port 1(bridge_slave_0) entered blocking state
[  482.590313][T12441] bridge0: port 1(bridge_slave_0) entered forwarding state
[  482.793812][T14724] loop3: detected capacity change from 0 to 128
[  482.812070][T14724] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x61417272 (sector = 1)
[  482.967393][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  482.974654][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  483.078122][T14731] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3466'.
[  483.413196][ T5644] Bluetooth: hci4: command tx timeout
[  483.517316][T14593] bridge0: port 1(bridge_slave_0) entered blocking state
[  483.539321][T14593] bridge0: port 1(bridge_slave_0) entered disabled state
[  483.569446][T14593] bridge_slave_0: entered allmulticast mode
[  483.583529][T14593] bridge_slave_0: entered promiscuous mode
[  483.612474][   T36] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x61417272 (sector = 1)
[  483.614600][T14593] bridge0: port 2(bridge_slave_1) entered blocking state
[  483.656076][T14593] bridge0: port 2(bridge_slave_1) entered disabled state
[  483.678728][T14593] bridge_slave_1: entered allmulticast mode
[  483.704728][T14593] bridge_slave_1: entered promiscuous mode
[  483.932118][T14593] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  484.110201][T14593] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  484.128793][T14759] loop0: detected capacity change from 0 to 256
[  484.139984][ T5644] Bluetooth: hci2: command tx timeout
[  484.166933][T14759] exfat: Deprecated parameter 'utf8'
[  484.180118][T14759] exfat: Deprecated parameter 'namecase'
[  484.198198][T14759] exfat: Deprecated parameter 'namecase'
[  484.216457][T14759] exfat: Deprecated parameter 'utf8'
[  484.250713][T14759] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012153, chksum : 0xc9bffc20, utbl_chksum : 0xe619d30d)
[  484.289936][T14759] exFAT-fs (loop0): failed to test first cluster bit of root dir(5)
[  484.449424][T14593] team0: Port device team_slave_0 added
[  484.472337][T14621] bridge0: port 1(bridge_slave_0) entered blocking state
[  484.480370][T14621] bridge0: port 1(bridge_slave_0) entered disabled state
[  484.487641][T14621] bridge_slave_0: entered allmulticast mode
[  484.496385][T14621] bridge_slave_0: entered promiscuous mode
[  484.515146][T14593] team0: Port device team_slave_1 added
[  484.545913][T14621] bridge0: port 2(bridge_slave_1) entered blocking state
[  484.553660][T14621] bridge0: port 2(bridge_slave_1) entered disabled state
[  484.569715][T14621] bridge_slave_1: entered allmulticast mode
[  484.578455][T14621] bridge_slave_1: entered promiscuous mode
[  484.813662][T14772] overlayfs: failed to clone lowerpath
[  484.842748][T14621] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  484.946377][T14593] batman_adv: batadv0: Adding interface: batadv_slave_0
[  484.971997][T14593] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  485.036403][T14593] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  485.055292][T14621] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  485.220174][T14593] batman_adv: batadv0: Adding interface: batadv_slave_1
[  485.245749][T14593] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  485.322786][T14593] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  485.379300][ T5762] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  485.397683][T14621] team0: Port device team_slave_0 added
[  485.435799][T14621] team0: Port device team_slave_1 added
[  485.448708][ T5283] 8021q: adding VLAN 0 to HW filter on device eth14
[  485.491487][ T5644] Bluetooth: hci4: command tx timeout
[  485.553595][ T5762] usb 1-1: config 0 has an invalid interface number: 50 but max is 0
[  485.577343][ T5762] usb 1-1: config 0 has no interface number 0
[  485.589345][T14621] batman_adv: batadv0: Adding interface: batadv_slave_0
[  485.591704][ T5762] usb 1-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  485.606902][T14621] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  485.632007][ T5762] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  485.646280][ T5762] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  485.647419][T14621] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  485.670571][ T5762] usb 1-1: Product: syz
[  485.682245][ T5762] usb 1-1: Manufacturer: syz
[  485.695899][ T5762] usb 1-1: SerialNumber: syz
[  485.731623][ T5762] usb 1-1: config 0 descriptor??
[  485.736966][T14593] hsr_slave_0: entered promiscuous mode
[  485.765869][T14593] hsr_slave_1: entered promiscuous mode
[  485.784226][T14593] debugfs: 'hsr0' already exists in 'hsr'
[  485.790423][ T5762] yurex 1-1:0.50: USB YUREX device now attached to Yurex #0
[  485.797872][T14593] Cannot create hsr debugfs directory
[  485.821172][T14621] batman_adv: batadv0: Adding interface: batadv_slave_1
[  485.829468][T14621] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  485.857524][T14621] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  486.004366][ T5897] usb 1-1: USB disconnect, device number 28
[  486.050620][ T5897] yurex 1-1:0.50: USB YUREX #0 now disconnected
[  486.216918][T14621] hsr_slave_0: entered promiscuous mode
[  486.241258][T14621] hsr_slave_1: entered promiscuous mode
[  486.248405][T14621] debugfs: 'hsr0' already exists in 'hsr'
[  486.255467][T14621] Cannot create hsr debugfs directory
[  487.164526][T14321] 8021q: adding VLAN 0 to HW filter on device batadv0
[  487.230316][  T800] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  487.448780][  T800] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  487.484519][  T800] usb 1-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[  487.508526][  T800] usb 1-1: Product: syz
[  487.518727][  T800] usb 1-1: Manufacturer: syz
[  487.546672][  T800] usb 1-1: SerialNumber: syz
[  487.567508][  T800] usb 1-1: config 0 descriptor??
[  487.588011][  T800] ch341 1-1:0.0: ch341-uart converter detected
[  487.624284][T14593] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  487.743963][ T5283] 8021q: adding VLAN 0 to HW filter on device eth15
[  487.905591][T14593] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  488.060531][T14593] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  488.233587][T14593] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  488.425920][T14321] veth0_vlan: entered promiscuous mode
[  488.436237][  T800] usb 1-1: failed to send control message: -71
[  488.461962][  T800] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  488.517912][T14321] veth1_vlan: entered promiscuous mode
[  488.534203][  T800] usb 1-1: USB disconnect, device number 29
[  488.572230][  T800] ch341 1-1:0.0: device disconnected
[  488.940110][T14853] pim6reg: entered allmulticast mode
[  489.088689][T14859] pim6reg: left allmulticast mode
[  489.198424][T14321] veth0_macvtap: entered promiscuous mode
[  489.255689][T14867] tipc: Started in network mode
[  489.269082][T14867] tipc: Node identity ac14140f, cluster identity 4711
[  489.283091][T14867] tipc: New replicast peer: 255.255.255.255
[  489.304755][T14867] tipc: Enabled bearer <udp:syz2>, priority 10
[  489.351178][T14321] veth1_macvtap: entered promiscuous mode
[  489.372333][T14593] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  489.404367][T14593] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  489.576374][T14593] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  489.620554][T14593] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  489.654433][T14593] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  489.687140][T14593] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  489.718863][T14593] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  489.749064][T14593] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  489.954189][T14321] batman_adv: batadv0: Interface activated: batadv_slave_0
[  490.120665][T14321] batman_adv: batadv0: Interface activated: batadv_slave_1
[  490.429399][ T5748] tipc: Node number set to 2886997007
[  490.447554][T12441] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  490.475573][T12441] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  490.584209][T12441] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  490.599309][ T5748] hid-generic 0005:10CF:0003.0037: hidraw0: BLUETOOTH HID v0.0d Device [syz1] on aa:aa:aa:aa:aa:aa
[  490.620693][T12441] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  491.131776][T14915] loop0: detected capacity change from 0 to 256
[  491.475366][   T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  491.532462][   T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  491.696015][T12441] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  491.736633][T12441] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  492.147792][T14593] 8021q: adding VLAN 0 to HW filter on device bond0
[  492.217120][T14621] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  492.245503][T14621] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  492.265003][T14621] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  492.328238][T14621] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  492.395331][T14621] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  492.445697][T14621] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  492.477394][T14593] 8021q: adding VLAN 0 to HW filter on device team0
[  492.506370][T14621] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  492.552778][T14621] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  492.607556][   T78] bridge0: port 1(bridge_slave_0) entered blocking state
[  492.614799][   T78] bridge0: port 1(bridge_slave_0) entered forwarding state
[  492.702855][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[  492.710080][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[  492.850206][ T5748] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  493.024106][ T5748] usb 9-1: config 0 has no interfaces?
[  493.046005][ T5748] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  493.094492][ T5748] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  493.124566][ T5748] usb 9-1: SerialNumber: syz
[  493.144595][T14970] binder: 14969:14970 ioctl c0306201 0 returned -14
[  493.196175][ T5748] usb 9-1: config 0 descriptor??
[  493.398544][T14621] 8021q: adding VLAN 0 to HW filter on device bond0
[  493.535121][T14621] 8021q: adding VLAN 0 to HW filter on device team0
[  493.587853][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  493.595138][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  493.636975][ T5844] usb 9-1: USB disconnect, device number 2
[  493.969927][ T5748] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  494.124935][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[  494.132198][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[  494.159379][ T5748] usb 1-1: Using ep0 maxpacket: 16
[  494.173872][ T5748] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  494.215272][ T5748] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  494.274685][ T5748] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00
[  494.331094][ T5748] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.390677][ T5748] usb 1-1: config 0 descriptor??
[  494.742263][ T5769] usb 9-1: new full-speed USB device number 3 using dummy_hcd
[  494.872574][ T5748] hid_parser_main: 30 callbacks suppressed
[  494.872606][ T5748] konepure 0003:1E7D:2DB4.0038: unknown main item tag 0x0
[  494.927502][ T5748] konepure 0003:1E7D:2DB4.0038: unknown main item tag 0x0
[  494.947910][ T5769] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  494.965200][ T5748] konepure 0003:1E7D:2DB4.0038: unknown main item tag 0x0
[  494.986023][ T5769] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 768, setting to 64
[  495.000878][ T5748] konepure 0003:1E7D:2DB4.0038: unknown main item tag 0x0
[  495.037065][ T5748] konepure 0003:1E7D:2DB4.0038: hidraw1: USB HID v0.00 Device [HID 1e7d:2db4] on usb-dummy_hcd.0-1/input0
[  495.059021][ T5769] usb 9-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  495.093016][ T5769] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  495.156713][ T5769] usb 9-1: config 0 descriptor??
[  495.184150][ T5748] usb 1-1: USB disconnect, device number 30
[  495.205142][T14995] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22
[  495.516783][T15013] fido_id[15013]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  495.731881][ T5769] elan 0003:04F3:0755.0039: unknown main item tag 0x0
[  495.763159][ T5769] elan 0003:04F3:0755.0039: unknown main item tag 0x0
[  495.786903][ T5769] elan 0003:04F3:0755.0039: unknown main item tag 0x0
[  495.848691][ T5769] elan 0003:04F3:0755.0039: unknown main item tag 0x0
[  495.857304][T14593] 8021q: adding VLAN 0 to HW filter on device batadv0
[  495.868375][ T5769] elan 0003:04F3:0755.0039: unknown main item tag 0x0
[  495.944166][ T5769] elan 0003:04F3:0755.0039: hidraw1: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.8-1/input0
[  496.030321][ T5769] usb 9-1: USB disconnect, device number 3
[  496.290112][T15032] fido_id[15032]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[  496.924053][T14621] 8021q: adding VLAN 0 to HW filter on device batadv0
[  497.344172][T14593] veth0_vlan: entered promiscuous mode
[  497.395938][T15071] loop3: detected capacity change from 0 to 32768
[  497.413325][T15071] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.3539 (15071)
[  497.430079][T15071] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  497.440258][T15071] BTRFS info (device loop3): using sha256 checksum algorithm
[  497.482933][T15076] loop0: detected capacity change from 0 to 512
[  497.496117][T14593] veth1_vlan: entered promiscuous mode
[  497.662090][T15071] BTRFS info (device loop3): rebuilding free space tree
[  497.677900][T15076] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  497.737831][T15071] BTRFS info (device loop3): enabling ssd optimizations
[  497.744894][T15071] BTRFS info (device loop3): using spread ssd allocation scheme
[  497.753451][T15071] BTRFS info (device loop3): turning on async discard
[  497.760285][T15071] BTRFS info (device loop3): enabling free space tree
[  497.767065][T15071] BTRFS info (device loop3): force clearing of disk cache
[  497.783824][T14593] veth0_macvtap: entered promiscuous mode
[  497.812092][T14593] veth1_macvtap: entered promiscuous mode
[  497.877758][T14593] batman_adv: batadv0: Interface activated: batadv_slave_0
[  497.897085][T15076] EXT4-fs (loop0): shut down requested (2)
[  497.972078][ T5834] usb 3-1: new low-speed USB device number 33 using dummy_hcd
[  497.996083][T14593] batman_adv: batadv0: Interface activated: batadv_slave_1
[  498.075097][T12441] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  498.105024][ T5622] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  498.117085][T12441] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  498.161272][T12441] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  498.184524][ T5834] usb 3-1: config index 0 descriptor too short (expected 6427, got 27)
[  498.187927][T12441] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  498.235049][ T5834] usb 3-1: config 0 has an invalid interface number: 21 but max is 0
[  498.273106][ T5834] usb 3-1: config 0 has no interface number 0
[  498.322549][ T5834] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt
[  498.397574][ T5834] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  498.450653][ T5834] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  498.533911][ T5834] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.622288][ T5834] usb 3-1: config 0 descriptor??
[  498.764808][ T5625] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  498.790568][   T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  498.821429][   T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  499.166149][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  499.200371][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  499.233015][T14621] veth0_vlan: entered promiscuous mode
[  499.303979][T14621] veth1_vlan: entered promiscuous mode
[  499.355640][ T5834] input: USB Keyspan Remote 06cd:0202 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.21/input/input37
[  499.528834][T14621] veth0_macvtap: entered promiscuous mode
[  499.550231][ T5834] input: failed to attach handler kbd to device input37, error: -5
[  499.622358][ T5834] usb 3-1: USB disconnect, device number 33
[  499.628496][T14621] veth1_macvtap: entered promiscuous mode
[  499.825208][T14621] batman_adv: batadv0: Interface activated: batadv_slave_0
[  499.917402][T14621] batman_adv: batadv0: Interface activated: batadv_slave_1
[  500.014054][T12444] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  500.044078][T12444] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  500.074280][T12444] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  500.122616][T12444] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  500.306287][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[  500.779438][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  500.818217][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  501.080561][T12441] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  501.126364][T12441] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  501.144835][T15157] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3556'.
[  501.278081][T15157] ipvlan2: entered allmulticast mode
[  501.304766][T15157] syz_tun: entered allmulticast mode
[  501.327724][T15164] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3558'.
[  501.648442][T15172] netlink: 204 bytes leftover after parsing attributes in process `syz.7.3431'.
[  501.688499][T15172] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3431'.
[  502.093619][T15182] netem: change failed
[  502.652535][T15201] loop0: detected capacity change from 0 to 128
[  502.755067][T15201] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  502.787655][T15201] ext4 filesystem being mounted at /560/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  502.843891][T15205] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3573'.
[  503.008749][T15207] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3574'.
[  503.066373][T15207] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3574'.
[  503.118130][T15207] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3574'.
[  503.215004][T15216] loop7: detected capacity change from 0 to 512
[  503.245326][T15216] EXT4-fs: Ignoring removed nomblk_io_submit option
[  503.285520][ T5622] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  503.299276][T15216] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002]
[  503.379302][T15216] System zones: 0-2, 18-18, 34-34
[  503.386222][T15216] EXT4-fs (loop7): orphan cleanup on readonly fs
[  503.467934][T15216] EXT4-fs error (device loop7): ext4_validate_block_bitmap:440: comm syz.7.3577: bg 0: block 248: padding at end of block bitmap is not set
[  503.558308][T15216] loop7: lost filesystem error report for type 5 error -117
[  503.560712][    C0] EXT4-fs (loop7): last error at time 1777723993: ext4_validate_block_bitmap:440
[  503.593196][T15223] program syz.3.3591 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  503.632054][T15216] Quota error (device loop7): write_blk: dquota write failed
[  503.694002][T15216] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[  503.738117][T15216] EXT4-fs error (device loop7): ext4_acquire_dquot:7032: comm syz.7.3577: Failed to acquire dquot type 1
[  503.793285][T15216] loop7: lost filesystem error report for type 5 error -117
[  503.835820][T15216] EXT4-fs (loop7): 1 truncate cleaned up
[  503.874615][T15216] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  503.984407][T15233] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3581'.
[  504.035972][T15216] EXT4-fs error (device loop7): ext4_lookup:1787: inode #2: comm syz.7.3577: deleted inode referenced: 12
[  504.292275][T14621] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  504.660638][ T5779] usb 4-1: new low-speed USB device number 28 using dummy_hcd
[  504.715483][ T5762] Process accounting resumed
[  504.874170][ T5779] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  504.945468][ T5779] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  505.023131][ T5779] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8
[  505.123811][ T5779] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  505.200617][ T5779] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  505.300833][T15239] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  505.376130][ T5779] hub 4-1:1.0: bad descriptor, ignoring hub
[  505.387090][T15253] netlink: 'syz.4.3588': attribute type 30 has an invalid length.
[  505.428690][ T5779] hub 4-1:1.0: probe with driver hub failed with error -5
[  505.498770][ T5779] cdc_wdm 4-1:1.0: skipping garbage
[  505.552378][ T5779] cdc_wdm 4-1:1.0: skipping garbage
[  505.615449][ T5779] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  505.668200][ T5779] cdc_wdm 4-1:1.0: Unknown control protocol
[  505.742809][T15243] loop7: detected capacity change from 0 to 131072
[  505.784914][ T5779] usb 4-1: USB disconnect, device number 28
[  505.885148][T15243] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  505.902861][T15243] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  506.082919][T15243] F2FS-fs (loop7): recover xattr in inode (7), error(0)
[  506.091047][T15243] F2FS-fs (loop7): set inode (7) has corrupted xattr
[  507.308612][T15299] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.3605'.
[  507.432205][T15301] netlink: 'syz.3.3606': attribute type 14 has an invalid length.
[  508.304741][T15325] loop3: detected capacity change from 0 to 2048
[  508.347876][T15325] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[  508.426793][T15325] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  508.549629][   T30] audit: type=1800 audit(1777723998.791:117): pid=15325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3613" name="file1" dev="loop3" ino=1367 res=0 errno=0
[  508.646769][   T30] audit: type=1800 audit(1777723998.821:118): pid=15325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3613" name="file1" dev="loop3" ino=1367 res=0 errno=0
[  508.943064][T15341] xt_hashlimit: size too large, truncated to 1048576
[  509.462538][T15361] loop0: detected capacity change from 0 to 128
[  509.509658][T15361] EXT4-fs (loop0): Test dummy encryption mode enabled
[  509.562850][T15361] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a806c018, mo2=0042]
[  509.620111][T15361] System zones: 1-3, 19-19, 35-36
[  509.642800][T15361] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  509.669594][T15361] ext4 filesystem being mounted at /566/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  509.955905][ T5622] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  512.470445][T15457] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3662'.
[  512.512210][T15457] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3662'.
[  512.620506][T15463] loop4: detected capacity change from 0 to 164
[  512.840065][ T1137] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  512.996650][T15473] tc_dump_action: action bad kind
[  513.043330][ T1137] usb 1-1: config 0 interface 0 altsetting 12 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  513.092891][ T1137] usb 1-1: config 0 interface 0 altsetting 12 endpoint 0x81 has invalid wMaxPacketSize 0
[  513.134706][ T1137] usb 1-1: config 0 interface 0 has no altsetting 0
[  513.169350][ T1137] usb 1-1: New USB device found, idVendor=1e7d, idProduct=3264, bcdDevice= 0.00
[  513.207119][ T1137] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.248147][ T1137] usb 1-1: config 0 descriptor??
[  513.511366][ T5769] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  513.681256][ T5769] usb 5-1: config 0 has an invalid interface number: 50 but max is 0
[  513.710460][ T5769] usb 5-1: config 0 has no interface number 0
[  513.718141][ T1137] isku 0003:1E7D:3264.003A: unknown main item tag 0x0
[  513.743547][ T5769] usb 5-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  513.756782][ T1137] isku 0003:1E7D:3264.003A: unknown main item tag 0x0
[  513.781647][ T1137] isku 0003:1E7D:3264.003A: unknown main item tag 0x0
[  513.800367][ T5769] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  513.813444][ T1137] isku 0003:1E7D:3264.003A: unknown main item tag 0x0
[  513.823302][ T5769] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.833246][ T1137] isku 0003:1E7D:3264.003A: unknown main item tag 0x0
[  513.841668][ T5769] usb 5-1: Product: syz
[  513.848688][ T5769] usb 5-1: Manufacturer: syz
[  513.853534][ T1137] isku 0003:1E7D:3264.003A: unknown main item tag 0x0
[  513.860711][ T5769] usb 5-1: SerialNumber: syz
[  513.865412][ T1137] isku 0003:1E7D:3264.003A: report_id 1698913893 is invalid
[  513.876436][ T1137] isku 0003:1E7D:3264.003A: item 0 4 1 8 parsing failed
[  513.887825][ T5769] usb 5-1: config 0 descriptor??
[  513.983118][ T5769] yurex 5-1:0.50: USB YUREX device now attached to Yurex #0
[  513.993049][ T1137] isku 0003:1E7D:3264.003A: parse failed
[  514.009916][ T1137] isku 0003:1E7D:3264.003A: probe with driver isku failed with error -22
[  514.046893][ T1137] usb 1-1: USB disconnect, device number 31
[  514.094919][T15498] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3682'.
[  514.186236][T15501] netlink: 'syz.3.3683': attribute type 58 has an invalid length.
[  514.274823][ T5769] usb 5-1: USB disconnect, device number 22
[  514.295357][ T5769] yurex 5-1:0.50: USB YUREX #0 now disconnected
[  514.390583][T15506] random: crng reseeded on system resumption
[  514.441372][T15506] loop3: detected capacity change from 0 to 512
[  514.789600][T14917] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  514.835071][ T5769] IPVS: starting estimator thread 0...
[  514.857094][T15517] net_ratelimit: 3527 callbacks suppressed
[  514.857121][T15517] IPVS: fo: SCTP 172.20.20.187:0 - no destination available
[  514.953293][T15519] IPVS: using max 22 ests per chain, 52800 per kthread
[  514.981473][T14917] usb 3-1: config 0 has no interfaces?
[  514.997718][T14917] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  515.033168][T14917] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.055660][T14917] usb 3-1: config 0 descriptor??
[  515.342540][T14917] usb 3-1: USB disconnect, device number 34
[  515.602632][T15538] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  515.818849][   T30] audit: type=1326 audit(1777724006.061:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15542 comm="syz.0.3702" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96cc59cdd9 code=0x7ffc0000
[  515.879814][   T30] audit: type=1326 audit(1777724006.091:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15542 comm="syz.0.3702" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96cc59cdd9 code=0x7ffc0000
[  515.965887][   T30] audit: type=1326 audit(1777724006.101:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15542 comm="syz.0.3702" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f96cc59cdd9 code=0x7ffc0000
[  516.063782][   T30] audit: type=1326 audit(1777724006.101:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15542 comm="syz.0.3702" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96cc59cdd9 code=0x7ffc0000
[  516.148555][   T30] audit: type=1326 audit(1777724006.101:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15542 comm="syz.0.3702" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96cc59cdd9 code=0x7ffc0000
[  516.236768][   T30] audit: type=1326 audit(1777724006.101:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15542 comm="syz.0.3702" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f96cc59cdd9 code=0x7ffc0000
[  516.329093][   T30] audit: type=1326 audit(1777724006.101:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15542 comm="syz.0.3702" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96cc59cdd9 code=0x7ffc0000
[  516.994218][T15549] loop0: detected capacity change from 0 to 32768
[  517.183689][T15549] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  517.796940][T15588] option changes via remount are deprecated (pid=15587 comm=syz.8.3721)
[  517.823012][ T5622] ocfs2: Unmounting device (7,0) on (node local)
[  517.939634][T15586] loop3: detected capacity change from 0 to 8192
[  518.614805][T15605] can0: slcan on ttynull.
[  518.809936][ T1137] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  518.979103][ T1137] usb 9-1: Using ep0 maxpacket: 32
[  518.996413][ T1137] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  519.018348][ T1137] usb 9-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  519.042459][ T1137] usb 9-1: config 0 interface 0 has no altsetting 0
[  519.059093][ T1137] usb 9-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  519.071542][ T1137] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.090376][ T1137] usb 9-1: Product: syz
[  519.100580][ T1137] usb 9-1: Manufacturer: syz
[  519.110738][ T1137] usb 9-1: SerialNumber: syz
[  519.131844][ T1137] usb 9-1: config 0 descriptor??
[  519.585242][ T1137] gs_usb 9-1:0.0: Configuring for 174 interfaces
[  519.600014][T15605] can0 (unregistered): slcan off ttynull.
[  519.886506][T15626] Bluetooth: hci6: Frame reassembly failed (-84)
[  519.904307][   T78] Bluetooth: hci6: Frame reassembly failed (-84)
[  519.988792][ T1137] gs_usb 9-1:0.0: Couldn't get bit timing const for channel 1 (-EPROTO)
[  520.078373][T15629] macvlan0: entered promiscuous mode
[  520.097630][T15629] netlink: 'syz.3.3736': attribute type 1 has an invalid length.
[  520.129923][T15629] netlink: 'syz.3.3736': attribute type 2 has an invalid length.
[  520.143347][ T1137] gs_usb 9-1:0.0: probe with driver gs_usb failed with error -71
[  520.154771][T15633] sch_fq: defrate 0 ignored.
[  520.190206][ T1137] usb 9-1: USB disconnect, device number 4
[  520.570220][  T988] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  520.767609][  T988] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  520.825214][  T988] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.865093][  T988] usb 3-1: Product: syz
[  520.875118][  T988] usb 3-1: Manufacturer: syz
[  520.895160][  T988] usb 3-1: SerialNumber: syz
[  520.926096][  T988] usb 3-1: config 0 descriptor??
[  521.247524][T15664] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  521.276642][T15664] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  521.295688][T15664] bond0: (slave ipvlan2): Error -95 calling set_mac_address
[  521.396973][  T988] usb 3-1: Firmware: major: 0, minor: 16, hardware type: ATUSB (0)
[  521.611523][  T988] usb 3-1: failed to fetch extended address, random address set
[  521.900296][ T5644] Bluetooth: hci6: Entering manufacturer mode failed (-110)
[  522.327316][T15686] loop0: detected capacity change from 0 to 4096
[  522.346545][T15690] loop3: detected capacity change from 0 to 256
[  522.354080][T15686] EXT4-fs: Ignoring removed bh option
[  522.388483][T15686] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  522.428990][   T30] audit: type=1800 audit(1777724012.651:126): pid=15690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3753" name="file1" dev="loop3" ino=1048861 res=0 errno=0
[  522.631149][T15686] EXT4-fs error (device loop0): ext4_empty_dir:3100: inode #12: block 80: comm syz.0.3752: bad entry in directory: directory entry overrun - offset=12, inode=6, rec_len=4096, size=4096 fake=0
[  522.652717][T15686] EXT4-fs (loop0): Remounting filesystem read-only
[  522.663081][T15686] EXT4-fs warning (device loop0): ext4_empty_dir:3104: inode #12: comm syz.0.3752: directory missing '..'
[  522.996640][  T988] usb 3-1: USB disconnect, device number 35
[  523.186118][ T5622] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  524.383746][ T5769] usb 4-1: new full-speed USB device number 29 using dummy_hcd
[  524.560483][ T5769] usb 4-1: not running at top speed; connect to a high speed hub
[  524.584036][ T5769] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  524.620064][ T5769] usb 4-1: New USB device found, idVendor=041e, idProduct=3237, bcdDevice= 0.40
[  524.650194][ T5769] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  524.678283][ T5769] usb 4-1: Product: syz
[  524.688545][ T5769] usb 4-1: Manufacturer: syz
[  524.705786][ T5769] usb 4-1: SerialNumber: syz
[  524.993998][ T5769] usb 4-1: 2:1: invalid format type 0x1001 is detected, processed as PCM
[  525.028091][ T5769] usb 4-1: 2:1 : sample bitwidth 51 in over sample bytes 2
[  525.261359][ T5769] usb 4-1: USB disconnect, device number 29
[  525.609288][ T6284] udevd[6284]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  526.628508][T15783] netlink: 71 bytes leftover after parsing attributes in process `syz.0.3792'.
[  526.640690][T15784] netlink: 'syz.4.3791': attribute type 12 has an invalid length.
[  526.676375][T15784] netlink: 120 bytes leftover after parsing attributes in process `syz.4.3791'.
[  526.855858][T15786] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3793'.
[  527.096561][T15770] loop7: detected capacity change from 0 to 131072
[  527.110069][T15770] F2FS-fs (loop7): invalid crc value
[  527.143732][T15791] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3795'.
[  527.248385][T15770] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  527.269277][T15770] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4
[  527.335889][   T30] audit: type=1326 audit(1777724017.581:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15794 comm="syz.4.3794" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2ed639cdd9 code=0x0
[  527.637322][T15803] pim6reg1: tun_chr_ioctl cmd 1074025677
[  527.652131][T15803] pim6reg1: linktype set to 823
[  528.732695][T15831] loop4: detected capacity change from 0 to 512
[  528.854221][T15831] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  528.994338][T15831] EXT4-fs (loop4): 1 truncate cleaned up
[  529.007562][T15831] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  529.343361][T14593] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  529.370482][T15843] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3815'.
[  529.781830][T15849] netlink: 'syz.0.3818': attribute type 12 has an invalid length.
[  529.816771][T15849] netlink: 'syz.0.3818': attribute type 29 has an invalid length.
[  529.851977][T15849] netlink: 148 bytes leftover after parsing attributes in process `syz.0.3818'.
[  529.885034][T15849] netlink: 'syz.0.3818': attribute type 1 has an invalid length.
[  529.914315][T15849] netlink: 'syz.0.3818': attribute type 2 has an invalid length.
[  529.941452][T15849] netlink: 11 bytes leftover after parsing attributes in process `syz.0.3818'.
[  530.261463][   T24] kernel write not supported for file /uinput (pid: 24 comm: kworker/1:0)
[  530.435905][T15859] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3823'.
[  531.114736][T15853] loop8: detected capacity change from 0 to 32768
[  531.404526][T15853] ERROR: (device loop8): dbAdjCtl: the maximum free buddy is not the old root
[  531.404526][T15853] 
[  531.457987][T15853] ERROR: (device loop8): remounting filesystem as read-only
[  531.909590][ T5769] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  532.069017][ T5769] usb 4-1: Using ep0 maxpacket: 32
[  532.085464][T15903] loop4: detected capacity change from 0 to 64
[  532.100243][ T5769] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  532.145145][ T5769] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  532.203074][ T5769] usb 4-1: config 0 descriptor??
[  532.226509][T15903] hfs: request for non-existent node 131072 in B*Tree
[  532.259046][T15903] hfs: request for non-existent node 131072 in B*Tree
[  532.450000][ T5769] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  532.502762][ T5769] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  532.533853][ T5769] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  532.562570][ T5769] usb 4-1: media controller created
[  532.652295][T15893] az6027: more than 2 i2c messages at a time is not handled yet. TODO.
[  532.657929][ T5769] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  532.774177][ T5769] az6027: usb out operation failed. (-71)
[  532.806712][ T5769] az6027: usb out operation failed. (-71)
[  532.827837][ T5769] stb0899_attach: Driver disabled by Kconfig
[  532.849330][ T5769] az6027: no front-end attached
[  532.849330][ T5769] 
[  532.869494][ T5769] az6027: usb out operation failed. (-71)
[  532.893334][ T5769] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  532.936809][ T5769] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input38
[  532.983170][ T5769] dvb-usb: schedule remote query interval to 400 msecs.
[  533.006656][ T5769] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  533.057860][ T5769] usb 4-1: USB disconnect, device number 30
[  533.067187][T15922] loop4: detected capacity change from 0 to 1024
[  533.130088][T15922] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  mounting read-only.
[  533.327262][ T5769] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  533.964325][T15912] loop8: detected capacity change from 0 to 40427
[  533.982668][T15937] loop3: detected capacity change from 0 to 4096
[  533.995883][T15912] F2FS-fs (loop8): build fault injection rate: 771
[  534.010242][T15937] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[  534.024685][T15912] F2FS-fs (loop8): invalid crc value
[  534.535043][T15912] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  534.630838][T15912] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  535.792652][   T30] audit: type=1326 audit(1777724026.041:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15976 comm="syz.3.3873" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f479f99cdd9 code=0x7ffc0000
[  535.799458][T15979] loop4: detected capacity change from 0 to 64
[  535.910149][   T30] audit: type=1326 audit(1777724026.071:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15976 comm="syz.3.3873" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f479f99cdd9 code=0x7ffc0000
[  536.011722][T15982] overlayfs: statfs failed on './file0'
[  536.021458][   T30] audit: type=1326 audit(1777724026.071:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15976 comm="syz.3.3873" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f479f99cdd9 code=0x7ffc0000
[  536.147782][   T30] audit: type=1326 audit(1777724026.071:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15976 comm="syz.3.3873" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f479f99cdd9 code=0x7ffc0000
[  536.426374][T15993] loop0: detected capacity change from 0 to 256
[  536.472663][T15993] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  536.484442][T15996] loop3: detected capacity change from 0 to 64
[  536.569622][   T30] audit: type=1800 audit(1777724026.811:132): pid=15993 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3880" name="file1" dev="loop0" ino=1048862 res=0 errno=0
[  536.685981][T15998] FAT-fs (loop0): error, corrupted file size (i_pos 196, 16779008)
[  536.688630][   T30] audit: type=1800 audit(1777724026.841:133): pid=15993 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3880" name="file1" dev="loop0" ino=1048862 res=0 errno=0
[  536.767893][T15998] FAT-fs (loop0): Filesystem has been set read-only
[  536.823986][T15998] FAT-fs (loop0): error, corrupted file size (i_pos 196, 16779008)
[  537.381028][T16008] overlayfs: upper fs does not support file handles, falling back to index=off.
[  537.417780][T16008] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  538.586073][T16038] netlink: 'syz.8.3900': attribute type 2 has an invalid length.
[  538.838546][T16027] loop0: detected capacity change from 0 to 32768
[  538.877298][T16027] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.3892 (16027)
[  538.913151][T16043] overlayfs: upper fs does not support file handles, falling back to index=off.
[  538.960556][T16043] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  539.236341][T16044] loop8: detected capacity change from 0 to 32768
[  539.300689][T16044] XFS (loop8): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  539.354554][T16027] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  539.438553][T16044] XFS (loop8): Starting recovery (logdev: internal)
[  539.459779][T16027] BTRFS info (device loop0): using crc32c checksum algorithm
[  539.481000][T16044] XFS (loop8): Metadata CRC error detected at xfs_refcountbt_read_verify+0x26/0xe0, xfs_refcountbt block 0x8 
[  539.493427][T16044] XFS (loop8): Unmount and run xfs_repair
[  539.499282][T16044] XFS (loop8): First 128 bytes of corrupted metadata buffer:
[  539.506682][T16044] 00000000: 52 33 46 43 00 00 00 03 ff ff ff ff ff ff ff ff  R3FC............
[  539.515668][T16044] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10  ................
[  539.526199][T16044] 00000020: ed 37 bf 6e 74 ea 4e 01 af ba 5f ee 27 4b 0f 3a  .7.nt.N..._.'K.:
[  539.535165][T16044] 00000030: 00 00 00 00 ea d5 90 f3 00 00 00 07 00 00 00 01  ................
[  539.544153][T16044] 00000040: 00 00 0b fe 00 00 00 02 00 00 0c 20 00 00 13 e0  ........... ....
[  539.553076][T16044] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  539.562084][T16044] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  539.571344][T16044] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  539.582407][T16044] XFS (loop8): Filesystem has been shut down due to log error (0x2).
[  539.590684][T16044] XFS (loop8): Please unmount the filesystem and rectify the problem(s).
[  539.599665][T16044] XFS (loop8): log mount/recovery failed: error -74
[  539.616350][T16044] XFS (loop8): log mount failed
[  539.782225][T16027] BTRFS info (device loop0): setting nodatasum
[  539.796176][T16027] BTRFS info (device loop0): enabling ssd optimizations
[  539.822634][T16027] BTRFS info (device loop0): disabling tree log
[  539.864076][T16027] BTRFS info (device loop0): turning on async discard
[  539.899093][T16027] BTRFS info (device loop0): enabling free space tree
[  539.952367][T16027] BTRFS info (device loop0): enabling auto defrag
[  540.044290][T16036] loop3: detected capacity change from 0 to 32768
[  540.084949][T16036] 
[  540.084949][T16036]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  540.084949][T16036] 
[  540.178985][  T988] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  540.360142][  T988] usb 5-1: unable to get BOS descriptor or descriptor too short
[  540.372526][ T5625] 
[  540.372526][ T5625]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  540.372526][ T5625] 
[  540.402676][  T988] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 64, changing to 7
[  540.409988][ T5625] 
[  540.409988][ T5625]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  540.409988][ T5625] 
[  540.452795][  T988] usb 5-1: New USB device found, idVendor=0582, idProduct=004c, bcdDevice= 0.40
[  540.492062][  T988] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  540.523957][  T988] usb 5-1: Product: syz
[  540.542066][  T988] usb 5-1: Manufacturer: syz
[  540.570041][  T988] usb 5-1: SerialNumber: syz
[  541.021987][ T5622] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  541.049887][  T988] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  541.173514][  T988] usb 5-1: 2:1 : unknown format tag 0x4 is detected.  processed as MPEG.
[  541.197269][  T988] usb 5-1: found format II with max.bitrate = 4, frame size=7372
[  541.433336][T16079] loop7: detected capacity change from 0 to 32768
[  541.550066][T16079] ERROR: (device loop7): dbAdjCtl: the maximum free buddy is not the old root
[  541.550066][T16079] 
[  541.722005][  T988] usb 5-1: parse_audio_format_rates_v2v3(): unable to retrieve sample rate range (clock 0)
[  541.763447][T16079] ERROR: (device loop7): remounting filesystem as read-only
[  542.201774][T16089] loop3: detected capacity change from 0 to 32768
[  542.311424][T16089] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.3913 (16089)
[  542.577359][T16089] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  542.587694][T16089] BTRFS info (device loop3): using xxhash64 checksum algorithm
[  542.712587][T16089] BTRFS info (device loop3): rebuilding free space tree
[  542.713619][T16086] loop8: detected capacity change from 0 to 131072
[  542.808343][  T988] usb 5-1: USB disconnect, device number 23
[  542.937504][T16089] BTRFS info (device loop3): setting nodatasum
[  542.945330][T16089] BTRFS info (device loop3): allowing degraded mounts
[  542.953568][T16089] BTRFS info (device loop3): turning on async discard
[  542.960442][T16089] BTRFS info (device loop3): enabling free space tree
[  542.967226][T16089] BTRFS info (device loop3): force clearing of disk cache
[  542.974782][T16089] BTRFS info (device loop3): force zlib compression, level 3
[  543.004936][T16086] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  543.028772][T16086] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  543.136205][T16089] BTRFS info (device loop3): balance: start -susage=1,usage=1..0,drange=6..6,vrange=8..15,limit=2,stripes=7..3
[  543.149333][T16089] BTRFS info (device loop3): balance: ended with status: 0
[  543.326527][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  543.386600][ T5625] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  544.118966][ T5762] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  544.277200][T16130] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3924'.
[  544.331514][ T5762] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  544.373768][ T5762] usb 4-1: config 0 has no interface number 0
[  544.422423][ T5762] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  544.465766][ T5762] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  544.493179][ T5762] usb 4-1: Product: syz
[  544.507861][ T5762] usb 4-1: Manufacturer: syz
[  544.553304][ T5762] usb 4-1: SerialNumber: syz
[  544.605832][ T5762] usb 4-1: config 0 descriptor??
[  544.821000][T16136] nbd0: detected capacity change from 0 to 127
[  544.877952][ T5644] block nbd0: Receive control failed (result -32)
[  544.890819][ T5611] block nbd0: Send control failed (result -32)
[  544.893131][ T5762] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  544.897789][ T5611] block nbd0: Request send failed, requeueing
[  544.914185][ T4957] block nbd0: Dead connection, failed to find a fallback
[  544.924971][ T4957] block nbd0: shutting down sockets
[  544.930707][ T4957] blk_print_req_error: 60 callbacks suppressed
[  544.930732][ T4957] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  544.949798][ T4957] buffer_io_error: 60 callbacks suppressed
[  544.949824][ T4957] Buffer I/O error on dev nbd0, logical block 0, async page read
[  544.966220][ T5611] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  544.978529][ T5611] Buffer I/O error on dev nbd0, logical block 1, async page read
[  544.987552][ T5611] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  544.996663][ T5611] Buffer I/O error on dev nbd0, logical block 2, async page read
[  545.005412][ T5611] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.019708][ T5611] Buffer I/O error on dev nbd0, logical block 3, async page read
[  545.028402][ T5611] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.038279][ T5611] Buffer I/O error on dev nbd0, logical block 0, async page read
[  545.047093][ T5611] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.056612][ T5611] Buffer I/O error on dev nbd0, logical block 1, async page read
[  545.064628][ T5611] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.075702][ T5611] Buffer I/O error on dev nbd0, logical block 2, async page read
[  545.083994][ T5611] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.094333][ T5611] Buffer I/O error on dev nbd0, logical block 3, async page read
[  545.102764][ T5611] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.115585][ T5611] Buffer I/O error on dev nbd0, logical block 0, async page read
[  545.124516][ T5611] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.133959][ T5611] Buffer I/O error on dev nbd0, logical block 1, async page read
[  545.204819][ T5611] ldm_validate_partition_table(): Disk read failed.
[  545.207534][ T5762] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  545.272706][ T5762] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  545.280930][ T5611] Dev nbd0: unable to read RDB block 0
[  545.323021][ T5611]  nbd0: unable to read partition table
[  545.337080][ T5762] usb 4-1: media controller created
[  545.392227][ T5611] ldm_validate_partition_table(): Disk read failed.
[  545.435969][ T5762] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  545.461746][ T5611] Dev nbd0: unable to read RDB block 0
[  545.499812][ T5611]  nbd0: unable to read partition table
[  545.571293][ T5762] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[  545.814726][ T5762] usb 4-1: USB disconnect, device number 31
[  545.934575][T16157] loop0: detected capacity change from 0 to 16
[  545.998444][T16157] erofs (device loop0): mounted with root inode @ nid 36.
[  546.007134][T16132] loop7: detected capacity change from 0 to 32768
[  546.054805][T16132] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.3925 (16132)
[  546.126471][T16132] BTRFS info (device loop7): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  546.160747][T16132] BTRFS info (device loop7): using sha256 checksum algorithm
[  546.377414][T16132] BTRFS info (device loop7): enabling ssd optimizations
[  546.448512][T16132] BTRFS info (device loop7): turning on async discard
[  546.490161][T16132] BTRFS info (device loop7): enabling free space tree
[  547.065731][T14621] BTRFS info (device loop7): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  547.343337][T16193] nbd1: detected capacity change from 0 to 127
[  547.391482][ T5644] block nbd1: Receive control failed (result -104)
[  547.816212][T16208] netlink: 'syz.8.3949': attribute type 9 has an invalid length.
[  548.030144][ T5762] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  548.229910][ T5762] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[  548.276633][ T5762] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  548.305179][ T5762] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  548.326061][ T5762] usb 1-1: config 220 has no interface number 2
[  548.339232][ T5762] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  548.399308][ T5762] usb 1-1: config 220 interface 0 has no altsetting 0
[  548.422136][ T5762] usb 1-1: config 220 interface 76 has no altsetting 0
[  548.446188][ T5762] usb 1-1: config 220 interface 1 has no altsetting 0
[  548.473065][ T5762] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  548.497201][ T5762] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  548.526029][ T5762] usb 1-1: Product: syz
[  548.541075][ T5762] usb 1-1: Manufacturer: syz
[  548.556840][ T5762] usb 1-1: SerialNumber: syz
[  548.623826][   T30] audit: type=1804 audit(1777724038.831:134): pid=16227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3959" name="/newroot/771/file1" dev="tmpfs" ino=3973 res=1 errno=0
[  548.700389][T16231] tipc: Started in network mode
[  548.705514][T16231] tipc: Node identity ac14140f, cluster identity 4711
[  548.718755][T16231] tipc: New replicast peer: 255.255.255.255
[  548.729239][T16231] tipc: Enabled bearer <udp:syz2>, priority 10
[  548.843350][ T5762] uvcvideo 1-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  548.870795][ T5762] uvcvideo 1-1:220.0: No valid video chain found.
[  548.898440][ T5762] usb 1-1: selecting invalid altsetting 0
[  548.954185][ T5762] usb 1-1: selecting invalid altsetting 0
[  548.970072][ T5762] usbtest 1-1:220.1: probe with driver usbtest failed with error -22
[  548.987363][ T5762] usb 1-1: USB disconnect, device number 32
[  549.251288][T16218] loop4: detected capacity change from 0 to 32768
[  549.341247][T16218] JBD2: Ignoring recovery information on journal
[  549.613437][T16218] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  549.841562][T14917] tipc: Node number set to 2886997007
[  550.389162][T14593] ocfs2: Unmounting device (7,4) on (node local)
[  550.855492][T16253] loop7: detected capacity change from 0 to 131072
[  550.902007][T16253] F2FS-fs (loop7): Test dummy encryption mode enabled
[  551.037091][T16253] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  551.052803][T16253] F2FS-fs (loop7): Mounted with checkpoint version = 753bd00b
[  552.188495][T16303] bridge0: port 1(bridge_slave_0) entered disabled state
[  553.580683][T16311] loop8: detected capacity change from 0 to 32768
[  553.625049][T16311] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.3995 (16311)
[  553.629853][ T5644] block nbd2: Receive control failed (result -32)
[  553.788979][T16311] BTRFS info (device loop8): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  553.821929][T16311] BTRFS info (device loop8): using sha256 checksum algorithm
[  554.025768][T16311] BTRFS info (device loop8): enabling ssd optimizations
[  554.069198][T16311] BTRFS info (device loop8): turning on async discard
[  554.082013][T16311] BTRFS info (device loop8): enabling free space tree
[  554.171191][T16354] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4008'.
[  554.615951][T14321] BTRFS info (device loop8): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  555.970474][T14917] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  556.148985][T14917] usb 5-1: Using ep0 maxpacket: 16
[  556.180714][T14917] usb 5-1: config 0 has an invalid interface number: 251 but max is 0
[  556.218210][T14917] usb 5-1: config 0 has no interface number 0
[  556.245581][T14917] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  556.277342][T14917] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  556.283478][T16393] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4023'.
[  556.315008][T14917] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  556.345317][T14917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  556.374490][T14917] usb 5-1: Product: syz
[  556.391159][T14917] usb 5-1: Manufacturer: syz
[  556.407553][T14917] usb 5-1: SerialNumber: syz
[  556.481676][T14917] usb 5-1: config 0 descriptor??
[  556.507956][T16382] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  556.565169][T16382] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  556.824426][T16397] loop8: detected capacity change from 0 to 32768
[  556.825598][T16400] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4026'.
[  556.881209][T16397] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  556.889738][T16397] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  556.909167][T16400] netlink: 'syz.0.4026': attribute type 30 has an invalid length.
[  556.920501][T16382] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  556.928062][T16382] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  556.942916][T16400] netlink: 'syz.0.4026': attribute type 1 has an invalid length.
[  556.981437][T16397] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 1ms
[  556.999294][   T24] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  557.016343][   T24] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  557.281409][   T24] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 265ms
[  557.367141][T14917] asix 5-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver
[  557.378132][   T24] gfs2: fsid=syz:syz.0: jid=0: Done
[  557.399098][T16397] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  557.403569][T14917] asix 5-1:0.251: probe with driver asix failed with error -524
[  557.744782][   T24] usb 5-1: USB disconnect, device number 24
[  557.975964][T16397] gfs2: fsid=syz:syz.0: found 1 quota changes
[  558.011604][T16424] Attempt to restore checkpoint with obsolete wellknown handles
[  558.721135][T16438] netem: change failed
[  559.091053][T16444] loop0: detected capacity change from 0 to 2048
[  559.133846][T16444] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  559.320425][T16448] netlink: 'syz.2.4046': attribute type 6 has an invalid length.
[  559.370674][T16448] netlink: 'syz.2.4046': attribute type 6 has an invalid length.
[  559.619077][ T1137] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  559.696803][T16458] loop7: detected capacity change from 0 to 256
[  559.800912][ T1137] usb 5-1: Using ep0 maxpacket: 8
[  559.827587][ T1137] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  559.837935][T16458] exFAT-fs (loop7): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d)
[  559.876952][ T1137] usb 5-1: config 0 has no interface number 0
[  559.894701][ T1137] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  559.932020][ T1137] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  559.983438][ T1137] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  560.023767][ T1137] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  560.072430][ T1137] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  560.107292][ T1137] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  560.153862][ T1137] usb 5-1: config 0 descriptor??
[  560.186886][ T1137] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  560.491122][T14917] usb 5-1: USB disconnect, device number 25
[  560.497132][    C0] ldusb 5-1:0.55: usb_submit_urb failed (-19)
[  560.539982][T14917] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  560.707852][T16450] ldusb: No device or device unplugged -19
[  561.262599][T16495] netem: change failed
[  561.402445][T16476] loop0: detected capacity change from 0 to 32768
[  561.463471][T16476] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  561.487575][T16504] program syz.4.4068 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  561.590107][T16476] XFS (loop0): Ending clean mount
[  561.738832][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[  562.028004][ T5622] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  562.506610][T16533] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4080'.
[  562.591152][T16536] loop7: detected capacity change from 0 to 16
[  562.615428][T16536] erofs (device loop7): mounted with root inode @ nid 36.
[  562.780137][T16540] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.4082'.
[  562.819823][T16540] openvswitch: netlink: Message has 5 unknown bytes.
[  563.325235][T16559] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4091'.
[  563.484759][T16563] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4093'.
[  563.569189][T16563] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4093'.
[  563.596557][T16563] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4093'.
[  563.693185][T16563] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4093'.
[  563.815397][T16576] netlink: 220 bytes leftover after parsing attributes in process `syz.0.4099'.
[  563.825146][T16577] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4100'.
[  565.004126][T16615] bond1: entered promiscuous mode
[  565.016766][T16621] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4116'.
[  565.658980][T14917] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  565.833169][T14917] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  565.868703][T14917] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  565.910011][T14917] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  565.927952][T14917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  565.949987][T14917] usb 4-1: Product: syz
[  565.959848][T14917] usb 4-1: Manufacturer: syz
[  565.980209][T14917] usb 4-1: SerialNumber: syz
[  566.222829][T16629] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  566.246778][T16654] ªªªªªª: renamed from vlan0 (while UP)
[  566.264917][T16629] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  566.331702][T14917] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  566.383693][T14917] usb 4-1: USB disconnect, device number 32
[  566.454974][T16657] loop8: detected capacity change from 0 to 16
[  566.500204][T16657] MTD: Attempt to mount non-MTD device "/dev/loop8"
[  566.731014][T16665] Invalid logical block size (257)
[  566.869008][T14917] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  566.871793][T16643] loop0: detected capacity change from 0 to 32768
[  566.922251][T16643] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.4128 (16643)
[  566.993701][T16643] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  567.039078][T16643] BTRFS info (device loop0): using crc32c checksum algorithm
[  567.053007][T14917] usb 4-1: Using ep0 maxpacket: 8
[  567.072017][T14917] usb 4-1: config index 0 descriptor too short (expected 301, got 72)
[  567.099110][T14917] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  567.150257][T14917] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  567.189659][T14917] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  567.199774][T14917] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  567.211213][T14917] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  567.246407][T14917] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  567.262373][T14917] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  567.272120][T14917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  567.286859][T16643] BTRFS info (device loop0): turning on async discard
[  567.316763][T16643] BTRFS info (device loop0): enabling free space tree
[  567.399804][T16643] BTRFS info (device loop0): enabling auto defrag
[  567.438605][T16643] BTRFS info (device loop0): force zlib compression, level 3
[  567.480299][T16643] BTRFS info (device loop0): max_inline set to 0
[  567.673817][T14917] usb 4-1: usb_control_msg returned -71
[  567.681107][T16692] loop4: detected capacity change from 0 to 32768
[  567.695128][T14917] usbtmc 4-1:16.0: can't read capabilities
[  567.701264][T14917] usbtmc 4-1:16.0: Failed to submit iin_urb
[  567.708085][T14917] usbtmc 4-1:16.0: probe with driver usbtmc failed with error -90
[  567.758260][T16692] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  567.777815][T14917] usb 4-1: USB disconnect, device number 33
[  568.016472][T14593] ocfs2: Unmounting device (7,4) on (node local)
[  568.126462][ T5622] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  569.317236][T16702] loop8: detected capacity change from 0 to 32768
[  569.456781][T16702] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  570.205359][T14321] ocfs2: Unmounting device (7,8) on (node local)
[  570.737802][T16757] loop4: detected capacity change from 0 to 2048
[  570.778105][T16757] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  571.303295][T16767] loop8: detected capacity change from 0 to 4096
[  571.337185][T16767] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512).
[  571.949381][T16789] netlink: 'syz.8.4181': attribute type 4 has an invalid length.
[  571.979126][T16789] __nla_validate_parse: 7 callbacks suppressed
[  571.979154][T16789] netlink: 20 bytes leftover after parsing attributes in process `syz.8.4181'.
[  572.700234][ T1137] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  572.872374][ T1137] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  572.924156][ T1137] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  572.970301][ T1137] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  573.024172][ T1137] usb 1-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  573.050551][ T1137] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.079661][ T1137] usb 1-1: config 0 descriptor??
[  573.547728][ T1137] steelseries 0003:1038:1410.003B: not enough fields in HID_OUTPUT_REPORT 0
[  573.628944][ T5834] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  573.635525][T16825] xt_CT: You must specify a L4 protocol and not use inversions on it
[  573.756716][ T1137] usb 1-1: USB disconnect, device number 33
[  573.812020][ T5834] usb 5-1: config 0 has no interfaces?
[  573.831666][ T5834] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  573.844564][ T5834] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  573.853090][ T5834] usb 5-1: Product: syz
[  573.857297][ T5834] usb 5-1: Manufacturer: syz
[  573.862372][ T5834] usb 5-1: SerialNumber: syz
[  573.874516][ T5834] usb 5-1: config 0 descriptor??
[  574.360405][ T5834] usb 5-1: USB disconnect, device number 26
[  574.469890][T16846] loop8: detected capacity change from 0 to 128
[  574.930004][T14917] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  575.112878][ T5779] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  575.132317][T14917] usb 1-1: Using ep0 maxpacket: 32
[  575.171034][T14917] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  575.199613][T14917] usb 1-1: config 0 has no interface number 0
[  575.249865][T14917] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  575.282827][T14917] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  575.297762][ T5779] usb 4-1: Using ep0 maxpacket: 16
[  575.317034][T14917] usb 1-1: Product: syz
[  575.344766][ T5779] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  575.366188][T14917] usb 1-1: Manufacturer: syz
[  575.376598][T14917] usb 1-1: SerialNumber: syz
[  575.396331][ T5779] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  575.401432][T14917] usb 1-1: config 0 descriptor??
[  575.440106][T14917] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  575.474707][ T5779] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  575.532697][ T5779] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  575.578183][ T5779] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  575.631562][ T5779] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  575.641621][T14917] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  575.675827][ T5779] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  575.705452][T14917] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  575.728118][ T5779] usb 4-1: Manufacturer: syz
[  575.757142][ T5779] usb 4-1: config 0 descriptor??
[  576.067791][T16873] loop7: detected capacity change from 0 to 4096
[  576.077829][    C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  576.079552][   T24] usb 1-1: USB disconnect, device number 34
[  576.215721][   T24] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  576.299766][   T24] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  576.387707][   T24] quatech2 1-1:0.51: device disconnected
[  576.469676][T16875] loop8: detected capacity change from 0 to 32768
[  576.482764][T16873] ntfs3(loop7): Different NTFS sector size (4096) and media sector size (512).
[  576.497838][T16879] Invalid logical block size (257)
[  576.526976][T16875] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  576.535555][T16875] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  576.588503][T16875] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 1ms
[  576.608554][ T1137] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  576.621865][ T1137] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  576.693126][T16873] ntfs3(loop7): ino=1a, mi_enum_attr
[  576.732348][T16873] ntfs3(loop7): Mark volume as dirty due to NTFS errors
[  576.770564][T16873] ntfs3(loop7): ino=1a, mi_enum_attr
[  576.794466][T16873] ntfs3(loop7): Failed to initialize $Extend/$Reparse.
[  576.881343][ T5779] rc_core: IR keymap rc-hauppauge not found
[  576.885042][ T1137] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 263ms
[  576.914757][ T5779] Registered IR keymap rc-empty
[  576.919365][ T1137] gfs2: fsid=syz:syz.0: jid=0: Done
[  576.936704][T16873] ntfs3(loop7): ino=5, "/" ntfs_readdir
[  576.944055][ T5779] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  576.947962][T16875] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  577.035999][ T5779] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  577.132779][ T5779] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  577.341873][ T5779] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input39
[  577.434183][ T5779] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  577.493995][ T5779] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  577.561167][ T5779] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  577.600268][ T5779] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  577.629420][ T5779] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  577.660606][ T5779] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  577.699107][ T5779] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  577.743474][ T5779] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  577.754978][ T4957] block nbd1: Possible stuck request ffff888028310000: control (read@0,1024B). Runtime 30 seconds
[  577.776249][ T4957] block nbd1: Possible stuck request ffff8880283101c0: control (read@1024,1024B). Runtime 30 seconds
[  577.787369][ T4957] block nbd1: Possible stuck request ffff888028310380: control (read@2048,1024B). Runtime 30 seconds
[  577.798744][ T4957] block nbd1: Possible stuck request ffff888028310540: control (read@3072,1024B). Runtime 30 seconds
[  577.819262][ T5779] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  577.901855][ T5779] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  577.959243][ T5779] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  578.021448][ T5779] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[  578.070280][ T5779] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  578.157298][ T5779] usb 4-1: USB disconnect, device number 34
[  579.133775][T16898] loop0: detected capacity change from 0 to 40427
[  579.146613][T16898] F2FS-fs (loop0): invalid crc value
[  579.423739][T16898] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  579.558531][T16898] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  579.923552][T16939] loop3: detected capacity change from 0 to 64
[  580.117047][ T5622] syz-executor: attempt to access beyond end of device
[  580.117047][ T5622] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  580.172731][ T5622] CPU: 1 UID: 0 PID: 5622 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  580.172796][ T5622] Tainted: [L]=SOFTLOCKUP
[  580.172810][ T5622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  580.172833][ T5622] Call Trace:
[  580.172846][ T5622]  <TASK>
[  580.172860][ T5622]  dump_stack_lvl+0x100/0x190
[  580.172908][ T5622]  f2fs_stop_checkpoint+0x600/0x9b0
[  580.172969][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.173015][ T5622]  ? errseq_set+0xe3/0x150
[  580.173080][ T5622]  ? errseq_set+0xe3/0x150
[  580.173144][ T5622]  f2fs_write_end_io+0xf59/0x1340
[  580.173212][ T5622]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  580.173283][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.173339][ T5622]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  580.173403][ T5622]  bio_endio+0x78f/0x8f0
[  580.173460][ T5622]  submit_bio_noacct+0x64c/0x2000
[  580.173512][ T5622]  f2fs_submit_write_bio+0x135/0x340
[  580.173574][ T5622]  __submit_merged_bio+0x331/0x780
[  580.173619][ T5622]  __submit_merged_write_cond+0x3fe/0x510
[  580.173668][ T5622]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  580.173718][ T5622]  ? __pfx___might_resched+0x10/0x10
[  580.173777][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.173833][ T5622]  f2fs_write_cache_pages+0x20e9/0x2630
[  580.173900][ T5622]  ? __bfs+0x150/0x2a0
[  580.173935][ T5622]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  580.173999][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.174045][ T5622]  ? __kasan_check_byte+0x13/0x50
[  580.174102][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.174150][ T5622]  ? unwind_next_frame+0x3be/0x2090
[  580.174203][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.174249][ T5622]  ? rcu_is_watching+0x12/0xc0
[  580.174303][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.174365][ T5622]  ? bpf_ksym_find+0x124/0x1c0
[  580.174478][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.174527][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.174572][ T5622]  ? add_lock_to_list+0x99/0x110
[  580.174608][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.174653][ T5622]  ? rcu_is_watching+0x12/0xc0
[  580.174714][ T5622]  f2fs_write_data_pages+0x799/0x16d0
[  580.174779][ T5622]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  580.174824][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.174881][ T5622]  ? do_writepages+0x4b5/0x600
[  580.174940][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.174991][ T5622]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  580.175040][ T5622]  do_writepages+0x278/0x600
[  580.175106][ T5622]  ? __pfx_do_writepages+0x10/0x10
[  580.175165][ T5622]  ? do_raw_spin_unlock+0x145/0x1e0
[  580.175220][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.175265][ T5622]  ? _raw_spin_unlock+0x28/0x50
[  580.175316][ T5622]  filemap_writeback+0x22d/0x2e0
[  580.175382][ T5622]  ? __pfx_filemap_writeback+0x10/0x10
[  580.175442][ T5622]  ? check_noncircular+0x97/0x160
[  580.175535][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.175581][ T5622]  ? find_held_lock+0x2b/0x80
[  580.175639][ T5622]  ? f2fs_sync_dirty_inodes+0x3a6/0x990
[  580.175686][ T5622]  ? f2fs_sync_dirty_inodes+0x3a6/0x990
[  580.175732][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.175796][ T5622]  f2fs_sync_dirty_inodes+0x469/0x990
[  580.175864][ T5622]  block_operations+0x2a6/0xfc0
[  580.175909][ T5622]  ? __bfs+0x150/0x2a0
[  580.175953][ T5622]  ? __pfx_block_operations+0x10/0x10
[  580.176002][ T5622]  ? check_noncircular+0x97/0x160
[  580.176094][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.176145][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.176190][ T5622]  ? rcu_is_watching+0x12/0xc0
[  580.176244][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.176297][ T5622]  f2fs_write_checkpoint+0x582/0x5550
[  580.176353][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.176398][ T5622]  ? _raw_spin_unlock_irq+0x2e/0x50
[  580.176442][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.176487][ T5622]  ? __wait_for_common+0x1f3/0x4c0
[  580.176536][ T5622]  ? __pfx_schedule_timeout+0x10/0x10
[  580.176584][ T5622]  ? __pfx___wait_for_common+0x10/0x10
[  580.176635][ T5622]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  580.176694][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.176739][ T5622]  ? rcu_is_watching+0x12/0xc0
[  580.176796][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.176841][ T5622]  ? kthread_stop+0x280/0x640
[  580.176887][ T5622]  kill_f2fs_super+0x3f1/0x4a0
[  580.176935][ T5622]  ? __pfx_kill_f2fs_super+0x10/0x10
[  580.177003][ T5622]  ? lockdep_hardirqs_on+0x78/0x100
[  580.177053][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.177101][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.177164][ T5622]  deactivate_locked_super+0xc1/0x1b0
[  580.177223][ T5622]  deactivate_super+0xe7/0x110
[  580.177280][ T5622]  cleanup_mnt+0x21f/0x450
[  580.177345][ T5622]  task_work_run+0x150/0x240
[  580.177395][ T5622]  ? __pfx_task_work_run+0x10/0x10
[  580.177445][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.177491][ T5622]  ? rcu_is_watching+0x12/0xc0
[  580.177552][ T5622]  exit_to_user_mode_loop+0x100/0x4a0
[  580.177599][ T5622]  ? srso_alias_return_thunk+0x5/0xfbef5
[  580.177650][ T5622]  do_syscall_64+0x706/0xf80
[  580.177715][ T5622]  ? irqentry_exit+0x117/0x790
[  580.177774][ T5622]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.177813][ T5622] RIP: 0033:0x7f96cc59e017
[  580.177843][ T5622] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  580.177881][ T5622] RSP: 002b:00007ffde6ec9298 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  580.177916][ T5622] RAX: 0000000000000000 RBX: 00007f96cc632120 RCX: 00007f96cc59e017
[  580.177942][ T5622] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde6ec9350
[  580.177966][ T5622] RBP: 00007ffde6ec9350 R08: 00007ffde6eca350 R09: 00000000ffffffff
[  580.177991][ T5622] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffde6eca3e0
[  580.178014][ T5622] R13: 00007f96cc632120 R14: 000000000008db32 R15: 00007ffde6eca420
[  580.178066][ T5622]  </TASK>
[  580.763693][ T5622] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  580.906359][T16945] loop4: detected capacity change from 0 to 4096
[  580.996828][T16945] ntfs3(loop4): Different NTFS sector size (2048) and media sector size (512).
[  581.819121][   T24] usb 9-1: new full-speed USB device number 5 using dummy_hcd
[  581.985685][   T24] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  582.012365][   T24] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  582.035227][   T24] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  582.076865][   T24] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  582.103831][   T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  582.120147][   T24] usb 9-1: Product: syz
[  582.129918][   T24] usb 9-1: Manufacturer: syz
[  582.147865][   T24] usb 9-1: SerialNumber: syz
[  582.396577][T16990] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4265'.
[  582.423111][T16968] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  582.451584][T16968] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  583.157602][   T24] cdc_ncm 9-1:1.0: SET_CRC_MODE failed
[  583.213501][   T24] cdc_ncm 9-1:1.0: bind() failure
[  583.251707][T16993] loop0: detected capacity change from 0 to 65536
[  583.259705][T16993] xfs: Deprecated parameter 'ikeep'
[  583.264937][T16993] XFS: ikeep mount option is deprecated.
[  583.293866][   T24] cdc_ncm 9-1:1.1: CDC Union missing and no IAD found
[  583.310300][T16993] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  583.346350][   T24] cdc_ncm 9-1:1.1: bind() failure
[  583.352190][T16993] XFS (loop0): Ending clean mount
[  583.382257][   T24] usb 9-1: USB disconnect, device number 5
[  583.388050][T16993] XFS (loop0): Metadata CRC error detected at xfs_allocbt_read_verify+0x26/0xe0, xfs_cntbt block 0x6 
[  583.399450][T16993] XFS (loop0): Unmount and run xfs_repair
[  583.406138][T16993] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  583.413626][T16993] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff  AB3C............
[  583.422835][T16993] 00000010: 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 10  ................
[  583.431786][T16993] 00000020: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  583.440791][T16993] 00000030: 00 00 00 00 b2 4a d0 a1 00 00 00 0d 00 00 00 03  .....J..........
[  583.449765][T16993] 00000040: 00 00 00 39 00 00 3f c7 00 00 00 00 00 00 00 00  ...9..?.........
[  583.458650][T16993] 00000050: 00 00 00 00 00 00 00 00 00 00 00 3f 00 00 00 00  ...........?....
[  583.467595][T16993] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  583.476719][T16993] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  583.485847][T16993] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x24e/0x520" at daddr 0x6 len 2 error 74
[  583.510666][T16993] XFS (loop0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x3fc/0x990 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  583.525734][T16993] XFS (loop0): Please unmount the filesystem and rectify the problem(s)
[  583.726299][ T5622] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  584.628517][T16995] loop7: detected capacity change from 0 to 32768
[  584.708939][T16995] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.4266 (16995)
[  584.799182][T16995] BTRFS info (device loop7): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  584.829302][T16995] BTRFS info (device loop7): using blake2b checksum algorithm
[  584.885458][T17034] loop3: detected capacity change from 0 to 512
[  584.983889][T17034] Quota error (device loop3): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  585.009505][T17034] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  585.079525][T16995] BTRFS info (device loop7): enabling ssd optimizations
[  585.118957][T17034] EXT4-fs error (device loop3): ext4_acquire_dquot:7032: comm syz.3.4281: Failed to acquire dquot type 1
[  585.123735][T16995] BTRFS info (device loop7): turning on async discard
[  585.157588][T17034] loop3: lost filesystem error report for type 5 error -117
[  585.158336][T17034] Quota error (device loop3): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  585.165806][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  585.165845][    C1] EXT4-fs (loop3): last error at time 1777724075: ext4_acquire_dquot:7032
[  585.226435][T16995] BTRFS info (device loop7): enabling free space tree
[  585.227620][T17034] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  585.249052][T16995] BTRFS info (device loop7): use zstd compression, level 3
[  585.293672][T17034] EXT4-fs error (device loop3): ext4_acquire_dquot:7032: comm syz.3.4281: Failed to acquire dquot type 1
[  585.374308][T17034] loop3: lost filesystem error report for type 5 error -117
[  585.404526][T17034] EXT4-fs error (device loop3): ext4_validate_block_bitmap:440: comm syz.3.4281: bg 0: block 248: padding at end of block bitmap is not set
[  585.508373][T17034] loop3: lost filesystem error report for type 5 error -117
[  585.509322][T17034] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6679: Corrupt filesystem
[  585.601158][T17034] loop3: lost filesystem error report for type 5 error -117
[  585.626534][T17034] Quota error (device loop3): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  585.660379][T17017] loop0: detected capacity change from 0 to 32768
[  585.753083][T17017] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  585.766156][T17034] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  585.824581][T17034] EXT4-fs error (device loop3): ext4_acquire_dquot:7032: comm syz.3.4281: Failed to acquire dquot type 1
[  585.913879][T17034] loop3: lost filesystem error report for type 5 error -117
[  585.921903][T17034] EXT4-fs (loop3): 1 orphan inode deleted
[  585.968643][T17065] netlink: 92 bytes leftover after parsing attributes in process `syz.2.4286'.
[  585.975118][T17034] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  586.045730][T17034] ext4 filesystem being mounted at /757/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  586.144990][T14621] BTRFS info (device loop7): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  586.400400][ T5622] ocfs2: Unmounting device (7,0) on (node local)
[  586.442718][T17069] Invalid ELF header len 4
[  586.505719][ T5625] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  586.987480][T17057] loop8: detected capacity change from 0 to 32768
[  587.054414][T17085] netlink: 276 bytes leftover after parsing attributes in process `syz.0.4295'.
[  587.136603][T17086] netlink: 276 bytes leftover after parsing attributes in process `syz.0.4295'.
[  587.412514][T17057] read_mapping_page failed!
[  587.433600][T17057] ERROR: (device loop8): txAbort: 
[  587.433600][T17057] 
[  587.491858][T17090] syzkaller0: tun_chr_ioctl cmd 1074025675
[  587.526433][T17090] syzkaller0: persist disabled
[  587.602381][T17093] team0: Device ipvlan1 failed to register rx_handler
[  588.953454][T17122] loop4: detected capacity change from 0 to 512
[  589.008803][T17122] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  589.039131][T17122] ext4 filesystem being mounted at /137/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  589.095152][T17127] netlink: 65039 bytes leftover after parsing attributes in process `syz.7.4311'.
[  589.165437][T17132] EXT4-fs error (device loop4): ext4_validate_block_bitmap:423: comm syz.4.4309: bg 0: bad block bitmap checksum
[  589.196547][T17131] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4313'.
[  589.561022][T14593] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  590.049124][ T5644] Bluetooth: hci4: command tx timeout
[  592.007387][T17190] loop0: detected capacity change from 0 to 32768
[  592.033998][T17190] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  592.042294][T17190] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  592.100223][T17190] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 1ms
[  592.110699][ T1137] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  592.165936][ T1137] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  592.367898][ T5834] kernel read not supported for file /1828/net/pfkey (pid: 5834 comm: kworker/0:6)
[  592.663717][ T1137] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 497ms
[  592.697176][T17174] loop3: detected capacity change from 0 to 32768
[  592.712864][ T1137] gfs2: fsid=syz:syz.0: jid=0: Done
[  592.736952][T17190] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  593.028477][T17174] JBD2: Ignoring recovery information on journal
[  593.357235][T17174] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  593.973158][ T5625] ocfs2: Unmounting device (7,3) on (node local)
[  594.449290][T17244] loop8: detected capacity change from 0 to 512
[  594.480387][T17244] EXT4-fs: Ignoring removed nobh option
[  594.494959][T17244] EXT4-fs: Ignoring removed mblk_io_submit option
[  594.523028][T17244] EXT4-fs (loop8): orphan cleanup on readonly fs
[  594.529539][ T5644] Bluetooth: hci3: command 0x0406 tx timeout
[  594.550775][ T5834] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  594.555623][T17244] EXT4-fs (loop8): Cannot turn on journaled quota: type 0: error -13
[  594.593502][T17244] EXT4-fs error (device loop8): ext4_clear_blocks:874: inode #13: comm syz.8.4353: attempt to clear invalid blocks 2 len 1
[  594.608381][T17244] loop8: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117
[  594.611341][    C0] EXT4-fs (loop8): error count since last fsck: 1
[  594.626976][    C0] EXT4-fs (loop8): initial error at time 1777724084: ext4_clear_blocks:874: inode 13
[  594.636550][    C0] EXT4-fs (loop8): last error at time 1777724084: ext4_clear_blocks:874: inode 13
[  594.646699][T17244] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1314: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  594.667827][T17244] EXT4-fs error (device loop8): ext4_free_branches:1020: inode #13: comm syz.8.4353: invalid indirect mapped block 1819239214 (level 0)
[  594.682712][T17244] loop8: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117
[  594.683437][T17244] EXT4-fs error (device loop8): ext4_free_branches:1020: inode #13: comm syz.8.4353: invalid indirect mapped block 1819239214 (level 1)
[  594.758985][ T5834] usb 3-1: Using ep0 maxpacket: 16
[  594.780625][T17244] loop8: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117
[  594.801724][ T5834] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  594.847897][T17244] EXT4-fs (loop8): 1 truncate cleaned up
[  594.898693][ T5834] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  594.901756][T17244] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  594.954203][ T5834] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  595.011835][ T5834] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  595.037274][ T5834] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  595.068613][ T5834] usb 3-1: config 0 descriptor??
[  595.340438][T14321] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  595.505039][T17259] loop4: detected capacity change from 0 to 32768
[  595.576676][T17259] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  595.585645][T17259] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  595.679491][T17259] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 1ms
[  595.691458][ T1137] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  595.698361][ T1137] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  595.962269][ T5834] microsoft 0003:045E:07DA.003C: ignoring exceeding usage max
[  595.996484][ T1137] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 298ms
[  596.012275][ T5834] microsoft 0003:045E:07DA.003C: unsupported Resolution Multiplier 0
[  596.034271][ T1137] gfs2: fsid=syz:syz.0: jid=0: Done
[  596.054489][T17259] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  596.096066][ T5834] microsoft 0003:045E:07DA.003C: implement() called with n (152) > 32! (kworker/0:6)
[  596.152069][ T5834] microsoft 0003:045E:07DA.003C: unsupported Resolution Multiplier 0
[  596.191482][T17280] loop9: detected capacity change from 0 to 524287999
[  596.210658][ T5834] microsoft 0003:045E:07DA.003C: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  596.237423][ T5834] microsoft 0003:045E:07DA.003C: no inputs found
[  596.276638][ T5834] microsoft 0003:045E:07DA.003C: could not initialize ff, continuing anyway
[  596.379359][ T5834] usb 3-1: USB disconnect, device number 36
[  596.737506][T17285] fido_id[17285]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  596.836175][T17291] loop0: detected capacity change from 0 to 164
[  596.923736][T17291] rock: directory entry would overflow storage
[  596.953958][T17291] rock: sig=0x4d4e, size=5, remaining=4
[  596.995321][T17291] isofs: isofs_export_get_parent(): child directory not normalized!
[  597.861143][T17273] loop8: detected capacity change from 0 to 32768
[  597.927287][T17273] XFS (loop8): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  598.041445][T17273] XFS (loop8): Ending clean mount
[  598.176047][   T30] audit: type=1800 audit(1777724088.421:135): pid=17273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.4361" name="file1" dev="loop8" ino=5766 res=0 errno=0
[  598.284694][   T30] audit: type=1800 audit(1777724088.431:136): pid=17273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.4361" name="file1" dev="loop8" ino=5766 res=0 errno=0
[  598.436995][T14321] XFS (loop8): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  599.335458][T17337] loop4: detected capacity change from 0 to 32768
[  599.348308][T17337] (syz.4.4389,17337,1):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  599.366663][T17337] (syz.4.4389,17337,1):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  599.489551][T17337] JBD2: Ignoring recovery information on journal
[  599.562664][T17337] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  599.667462][ T5634] Bluetooth: hci2: command 0x0406 tx timeout
[  600.167614][T14593] ocfs2: Unmounting device (7,4) on (node local)
[  601.219773][T14917] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  601.335766][T17381] netlink: 'syz.8.4407': attribute type 14 has an invalid length.
[  601.392585][T14917] usb 1-1: Using ep0 maxpacket: 16
[  601.417731][T14917] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  601.450112][T14917] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  601.472216][T14917] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  601.492478][T14917] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  601.515598][T14917] usb 1-1: Product: syz
[  601.524070][T14917] usb 1-1: Manufacturer: syz
[  601.534011][T14917] usb 1-1: SerialNumber: syz
[  601.568612][T14917] usb 1-1: 0:2 : does not exist
[  601.828043][T17371] loop4: detected capacity change from 0 to 32768
[  601.869041][T17371] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4402 (17371)
[  601.955574][T17371] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  601.973769][T17371] BTRFS info (device loop4): using blake2b checksum algorithm
[  602.104695][ T5779] usb 1-1: USB disconnect, device number 35
[  602.323247][T17371] BTRFS info (device loop4): enabling ssd optimizations
[  602.373177][T17371] BTRFS info (device loop4): turning on async discard
[  602.402235][T17371] BTRFS info (device loop4): enabling free space tree
[  602.434556][T17371] BTRFS info (device loop4): use zstd compression, level 3
[  602.512766][T17417] loop7: detected capacity change from 0 to 128
[  602.611430][T17417] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  602.673128][T17417] ext4 filesystem being mounted at /138/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  602.840133][T17426] Set syz1 is full, maxelem 14 reached
[  602.868708][T14621] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  603.326207][T14593] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  604.295861][T17459] loop3: detected capacity change from 0 to 1024
[  605.174281][T17477] loop0: detected capacity change from 0 to 512
[  605.197429][T17471] 
[  605.199800][T17471] ======================================================
[  605.206826][T17471] WARNING: possible circular locking dependency detected
[  605.213854][T17471] syzkaller #0 Tainted: G             L     
[  605.219836][T17471] ------------------------------------------------------
[  605.226851][T17471] syz.8.4436/17471 is trying to acquire lock:
[  605.232919][T17471] ffff88802824aac8 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x1bc/0x530
[  605.242401][T17471] 
[  605.242401][T17471] but task is already holding lock:
[  605.249768][T17471] ffff88802824a5a0 (&q->q_usage_counter(io)#52){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  605.261082][T17471] 
[  605.261082][T17471] which lock already depends on the new lock.
[  605.261082][T17471] 
[  605.271496][T17471] 
[  605.271496][T17471] the existing dependency chain (in reverse order) is:
[  605.280515][T17471] 
[  605.280515][T17471] -> #6 (&q->q_usage_counter(io)#52){++++}-{0:0}:
[  605.289180][T17471]        blk_alloc_queue+0x610/0x790
[  605.294490][T17471]        blk_mq_alloc_queue+0x174/0x290
[  605.300074][T17471]        __blk_mq_alloc_disk+0x29/0x120
[  605.305649][T17471]        nbd_dev_add+0x492/0xb10
[  605.310632][T17471]        nbd_init+0x291/0x2b0
[  605.315334][T17471]        do_one_initcall+0x121/0x750
[  605.320654][T17471]        kernel_init_freeable+0x6ea/0x7b0
[  605.326404][T17471]        kernel_init+0x1f/0x1e0
[  605.331271][T17471]        ret_from_fork+0x72b/0xd50
[  605.336408][T17471]        ret_from_fork_asm+0x1a/0x30
[  605.341730][T17471] 
[  605.341730][T17471] -> #5 (fs_reclaim){+.+.}-{0:0}:
[  605.348980][T17471]        fs_reclaim_acquire+0xc4/0x100
[  605.354486][T17471]        kmem_cache_alloc_node_noprof+0x53/0x6f0
[  605.360843][T17471]        __alloc_skb+0x140/0x710
[  605.365791][T17471]        tcp_stream_alloc_skb+0x34/0x660
[  605.371449][T17471]        tcp_sendmsg_locked+0x13cd/0x4500
[  605.377196][T17471]        tcp_sendmsg+0x2e/0x50
[  605.381980][T17471]        inet_sendmsg+0xb9/0x140
[  605.386938][T17471]        sock_write_iter+0x4ea/0x5a0
[  605.392238][T17471]        vfs_write+0x6ac/0x1070
[  605.397106][T17471]        ksys_write+0x1f8/0x250
[  605.401977][T17471]        do_syscall_64+0x10b/0xf80
[  605.407108][T17471]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  605.413529][T17471] 
[  605.413529][T17471] -> #4 (sk_lock-AF_INET){+.+.}-{0:0}:
[  605.421197][T17471]        lock_sock_nested+0x41/0xf0
[  605.426412][T17471]        inet_shutdown+0x67/0x410
[  605.431450][T17471]        nbd_mark_nsock_dead+0xae/0x5c0
[  605.437022][T17471]        sock_shutdown+0x16b/0x200
[  605.442133][T17471]        nbd_ioctl+0x25e/0xd30
[  605.446902][T17471]        blkdev_ioctl+0x5ad/0x6f0
[  605.451933][T17471]        __x64_sys_ioctl+0x18e/0x210
[  605.457237][T17471]        do_syscall_64+0x10b/0xf80
[  605.462363][T17471]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  605.468785][T17471] 
[  605.468785][T17471] -> #3 (&nsock->tx_lock){+.+.}-{4:4}:
[  605.476455][T17471]        __mutex_lock+0x1a4/0x1b10
[  605.481590][T17471]        nbd_queue_rq+0x428/0x1080
[  605.486711][T17471]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  605.492793][T17471]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  605.499650][T17471]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  605.506161][T17471]        blk_mq_run_hw_queue+0x23c/0x670
[  605.511999][T17471]        blk_mq_dispatch_list+0x51d/0x1360
[  605.517820][T17471]        blk_mq_flush_plug_list+0x130/0x600
[  605.523723][T17471]        __blk_flush_plug+0x2c4/0x4b0
[  605.529101][T17471]        __submit_bio+0x584/0x6c0
[  605.534128][T17471]        submit_bio_noacct_nocheck+0x543/0xbf0
[  605.540284][T17471]        submit_bio_noacct+0xd18/0x2000
[  605.545834][T17471]        submit_bh_wbc+0x681/0x890
[  605.550962][T17471]        block_read_full_folio+0x264/0x8e0
[  605.556790][T17471]        filemap_read_folio+0xfc/0x3b0
[  605.562259][T17471]        do_read_cache_folio+0x2d7/0x6b0
[  605.567905][T17471]        read_part_sector+0xd1/0x370
[  605.573214][T17471]        adfspart_check_ICS+0x91/0x7d0
[  605.578670][T17471]        bdev_disk_changed+0x7a3/0x1250
[  605.584240][T17471]        blkdev_get_whole+0x187/0x290
[  605.589634][T17471]        bdev_open+0x2c7/0xe40
[  605.594397][T17471]        blkdev_open+0x34e/0x4f0
[  605.599338][T17471]        do_dentry_open+0x6d8/0x1660
[  605.604646][T17471]        vfs_open+0x82/0x3f0
[  605.609239][T17471]        path_openat+0x208c/0x31a0
[  605.614351][T17471]        do_file_open+0x20e/0x430
[  605.619375][T17471]        do_sys_openat2+0x10d/0x1e0
[  605.624582][T17471]        __x64_sys_openat+0x12d/0x210
[  605.629961][T17471]        do_syscall_64+0x10b/0xf80
[  605.635088][T17471]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  605.641509][T17471] 
[  605.641509][T17471] -> #2 (&cmd->lock){+.+.}-{4:4}:
[  605.648749][T17471]        __mutex_lock+0x1a4/0x1b10
[  605.653883][T17471]        nbd_queue_rq+0xba/0x1080
[  605.658916][T17471]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  605.664992][T17471]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  605.671845][T17471]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  605.678348][T17471]        blk_mq_run_hw_queue+0x23c/0x670
[  605.684007][T17471]        blk_mq_dispatch_list+0x51d/0x1360
[  605.689820][T17471]        blk_mq_flush_plug_list+0x130/0x600
[  605.695719][T17471]        __blk_flush_plug+0x2c4/0x4b0
[  605.701099][T17471]        __submit_bio+0x584/0x6c0
[  605.706387][T17471]        submit_bio_noacct_nocheck+0x543/0xbf0
[  605.712541][T17471]        submit_bio_noacct+0xd18/0x2000
[  605.718090][T17471]        submit_bh_wbc+0x681/0x890
[  605.723213][T17471]        block_read_full_folio+0x264/0x8e0
[  605.729043][T17471]        filemap_read_folio+0xfc/0x3b0
[  605.734511][T17471]        do_read_cache_folio+0x2d7/0x6b0
[  605.740155][T17471]        read_part_sector+0xd1/0x370
[  605.745466][T17471]        adfspart_check_ICS+0x91/0x7d0
[  605.750924][T17471]        bdev_disk_changed+0x7a3/0x1250
[  605.756496][T17471]        blkdev_get_whole+0x187/0x290
[  605.761890][T17471]        bdev_open+0x2c7/0xe40
[  605.766652][T17471]        blkdev_open+0x34e/0x4f0
[  605.771592][T17471]        do_dentry_open+0x6d8/0x1660
[  605.776898][T17471]        vfs_open+0x82/0x3f0
[  605.781490][T17471]        path_openat+0x208c/0x31a0
[  605.786604][T17471]        do_file_open+0x20e/0x430
[  605.791627][T17471]        do_sys_openat2+0x10d/0x1e0
[  605.796831][T17471]        __x64_sys_openat+0x12d/0x210
[  605.802211][T17471]        do_syscall_64+0x10b/0xf80
[  605.807338][T17471]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  605.813763][T17471] 
[  605.813763][T17471] -> #1 (set->srcu){.+.+}-{0:0}:
[  605.820909][T17471]        __synchronize_srcu+0xa2/0x300
[  605.826380][T17471]        blk_mq_quiesce_queue+0x149/0x1c0
[  605.832124][T17471]        elevator_switch+0x17b/0x7e0
[  605.837429][T17471]        elevator_change+0x352/0x530
[  605.842735][T17471]        elevator_set_default+0x29e/0x360
[  605.848486][T17471]        blk_register_queue+0x48e/0x630
[  605.854054][T17471]        __add_disk+0x73f/0xe40
[  605.858930][T17471]        add_disk_fwnode+0x118/0x5c0
[  605.864233][T17471]        nbd_dev_add+0x77a/0xb10
[  605.869177][T17471]        nbd_init+0x291/0x2b0
[  605.873865][T17471]        do_one_initcall+0x121/0x750
[  605.879163][T17471]        kernel_init_freeable+0x6ea/0x7b0
[  605.884895][T17471]        kernel_init+0x1f/0x1e0
[  605.889746][T17471]        ret_from_fork+0x72b/0xd50
[  605.894872][T17471]        ret_from_fork_asm+0x1a/0x30
[  605.900174][T17471] 
[  605.900174][T17471] -> #0 (&q->elevator_lock){+.+.}-{4:4}:
[  605.908027][T17471]        __lock_acquire+0x14b8/0x2630
[  605.913413][T17471]        lock_acquire+0x1b1/0x370
[  605.918450][T17471]        __mutex_lock+0x1a4/0x1b10
[  605.923580][T17471]        elevator_change+0x1bc/0x530
[  605.928889][T17471]        elevator_set_none+0x92/0xf0
[  605.934199][T17471]        blk_mq_update_nr_hw_queues+0x4c1/0x15f0
[  605.940540][T17471]        nbd_start_device+0x1a6/0xbd0
[  605.945921][T17471]        nbd_genl_connect+0xff2/0x1a40
[  605.951386][T17471]        genl_family_rcv_msg_doit+0x214/0x300
[  605.957476][T17471]        genl_rcv_msg+0x560/0x800
[  605.962518][T17471]        netlink_rcv_skb+0x159/0x420
[  605.967819][T17471]        genl_rcv+0x28/0x40
[  605.972338][T17471]        netlink_unicast+0x585/0x850
[  605.977639][T17471]        netlink_sendmsg+0x8b0/0xda0
[  605.982950][T17471]        ____sys_sendmsg+0x9e1/0xb70
[  605.988249][T17471]        ___sys_sendmsg+0x190/0x1e0
[  605.993459][T17471]        __sys_sendmsg+0x170/0x220
[  605.998573][T17471]        do_syscall_64+0x10b/0xf80
[  606.003700][T17471]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.010124][T17471] 
[  606.010124][T17471] other info that might help us debug this:
[  606.010124][T17471] 
[  606.020341][T17471] Chain exists of:
[  606.020341][T17471]   &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#52
[  606.020341][T17471] 
[  606.034114][T17471]  Possible unsafe locking scenario:
[  606.034114][T17471] 
[  606.041553][T17471]        CPU0                    CPU1
[  606.046910][T17471]        ----                    ----
[  606.052265][T17471]   lock(&q->q_usage_counter(io)#52);
[  606.057655][T17471]                                lock(fs_reclaim);
[  606.064173][T17471]                                lock(&q->q_usage_counter(io)#52);
[  606.072083][T17471]   lock(&q->elevator_lock);
[  606.076676][T17471] 
[  606.076676][T17471]  *** DEADLOCK ***
[  606.076676][T17471] 
[  606.084807][T17471] 6 locks held by syz.8.4436/17471:
[  606.089999][T17471]  #0: ffffffff906bc9c8 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  606.098242][T17471]  #1: ffffffff906bca80 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x57b/0x800
[  606.107264][T17471]  #2: ffff8880282ca9c0 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x9d/0x15f0
[  606.118714][T17471]  #3: ffff8880282ca8d0 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0xb0/0x15f0
[  606.129736][T17471]  #4: ffff88802824a5a0 (&q->q_usage_counter(io)#52){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  606.141457][T17471]  #5: ffff88802824a5d8 (&q->q_usage_counter(queue)#36){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  606.153434][T17471] 
[  606.153434][T17471] stack backtrace:
[  606.159326][T17471] CPU: 1 UID: 0 PID: 17471 Comm: syz.8.4436 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  606.159375][T17471] Tainted: [L]=SOFTLOCKUP
[  606.159388][T17471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  606.159409][T17471] Call Trace:
[  606.159420][T17471]  <TASK>
[  606.159433][T17471]  dump_stack_lvl+0x100/0x190
[  606.159471][T17471]  print_circular_bug.cold+0x178/0x1c7
[  606.159528][T17471]  check_noncircular+0x146/0x160
[  606.159572][T17471]  __lock_acquire+0x14b8/0x2630
[  606.159616][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.159661][T17471]  lock_acquire+0x1b1/0x370
[  606.159699][T17471]  ? elevator_change+0x1bc/0x530
[  606.159754][T17471]  ? __pfx___might_resched+0x10/0x10
[  606.159804][T17471]  ? __pfx___flush_work+0x10/0x10
[  606.159852][T17471]  __mutex_lock+0x1a4/0x1b10
[  606.159899][T17471]  ? elevator_change+0x1bc/0x530
[  606.159950][T17471]  ? elevator_change+0x1bc/0x530
[  606.160001][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.160043][T17471]  ? enable_work+0x295/0x320
[  606.160086][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.160126][T17471]  ? lockdep_hardirqs_on+0x78/0x100
[  606.160171][T17471]  ? __pfx___mutex_lock+0x10/0x10
[  606.160220][T17471]  ? __pfx_enable_work+0x10/0x10
[  606.160265][T17471]  ? __pfx___might_resched+0x10/0x10
[  606.160312][T17471]  ? blk_mq_cancel_work_sync+0x101/0x3c0
[  606.160359][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.160400][T17471]  ? cancel_delayed_work_sync+0x96/0xf0
[  606.160451][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.160492][T17471]  ? blk_mq_cancel_work_sync+0x36c/0x3c0
[  606.160538][T17471]  ? elevator_change+0x1bc/0x530
[  606.160589][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.160629][T17471]  elevator_change+0x1bc/0x530
[  606.160680][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.160725][T17471]  elevator_set_none+0x92/0xf0
[  606.160781][T17471]  ? __pfx_elevator_set_none+0x10/0x10
[  606.160835][T17471]  ? blk_mq_unregister_hctx.part.0+0x1ba/0x230
[  606.160895][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.160940][T17471]  blk_mq_update_nr_hw_queues+0x4c1/0x15f0
[  606.160983][T17471]  ? nbd_start_device+0x147/0xbd0
[  606.161026][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.161067][T17471]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  606.161115][T17471]  ? __pfx_blk_mq_update_nr_hw_queues+0x10/0x10
[  606.161166][T17471]  ? __pfx_sysfs_create_file_ns+0x10/0x10
[  606.161224][T17471]  nbd_start_device+0x1a6/0xbd0
[  606.161268][T17471]  nbd_genl_connect+0xff2/0x1a40
[  606.161311][T17471]  ? __pfx_nbd_genl_connect+0x10/0x10
[  606.161350][T17471]  ? __nla_parse+0x40/0x60
[  606.161398][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.161438][T17471]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0
[  606.161500][T17471]  genl_family_rcv_msg_doit+0x214/0x300
[  606.161556][T17471]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  606.161608][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.161649][T17471]  ? genl_get_cmd+0x3e7/0x760
[  606.161704][T17471]  ? __alloc_skb+0x185/0x710
[  606.161733][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.161778][T17471]  ? __radix_tree_lookup+0x217/0x2b0
[  606.161820][T17471]  genl_rcv_msg+0x560/0x800
[  606.161875][T17471]  ? __pfx_genl_rcv_msg+0x10/0x10
[  606.161926][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.161968][T17471]  ? __pfx_nbd_genl_connect+0x10/0x10
[  606.162010][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.162051][T17471]  ? __lock_acquire+0x4a5/0x2630
[  606.162093][T17471]  netlink_rcv_skb+0x159/0x420
[  606.162140][T17471]  ? __pfx_genl_rcv_msg+0x10/0x10
[  606.162193][T17471]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  606.162248][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.162289][T17471]  ? netlink_deliver_tap+0x1ae/0xcc0
[  606.162335][T17471]  genl_rcv+0x28/0x40
[  606.162382][T17471]  netlink_unicast+0x585/0x850
[  606.162431][T17471]  ? __pfx_netlink_unicast+0x10/0x10
[  606.162484][T17471]  netlink_sendmsg+0x8b0/0xda0
[  606.162534][T17471]  ? __pfx_netlink_sendmsg+0x10/0x10
[  606.162579][T17471]  ? __might_fault+0x70/0x140
[  606.162621][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.162661][T17471]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  606.162715][T17471]  ____sys_sendmsg+0x9e1/0xb70
[  606.162762][T17471]  ? __pfx_netlink_sendmsg+0x10/0x10
[  606.162810][T17471]  ? __pfx_____sys_sendmsg+0x10/0x10
[  606.162860][T17471]  ? __pfx_futex_wake_mark+0x10/0x10
[  606.162919][T17471]  ___sys_sendmsg+0x190/0x1e0
[  606.162966][T17471]  ? __pfx____sys_sendmsg+0x10/0x10
[  606.163013][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.163065][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.163122][T17471]  __sys_sendmsg+0x170/0x220
[  606.163157][T17471]  ? __pfx___sys_sendmsg+0x10/0x10
[  606.163190][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.163231][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.163281][T17471]  ? srso_alias_return_thunk+0x5/0xfbef5
[  606.163323][T17471]  ? rcu_is_watching+0x12/0xc0
[  606.163375][T17471]  do_syscall_64+0x10b/0xf80
[  606.163418][T17471]  ? irqentry_exit+0x117/0x790
[  606.163465][T17471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.163500][T17471] RIP: 0033:0x7fbd75f9cdd9
[  606.163525][T17471] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  606.163559][T17471] RSP: 002b:00007fbd741f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  606.163591][T17471] RAX: ffffffffffffffda RBX: 00007fbd76215fa0 RCX: 00007fbd75f9cdd9
[  606.163614][T17471] RDX: 0000000000000004 RSI: 0000200000001ac0 RDI: 0000000000000006
[  606.163635][T17471] RBP: 00007fbd76032d69 R08: 0000000000000000 R09: 0000000000000000
[  606.163657][T17471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  606.163678][T17471] R13: 00007fbd76216038 R14: 00007fbd76215fa0 R15: 00007fffab722fc8
[  606.163713][T17471]  </TASK>
[  606.191468][T17477] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz.0.4439: inode has both inline data and extents flags
[  606.750456][T17477] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  606.751301][T17477] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz.0.4439: couldn't read orphan inode 15 (err -117)
[  606.760487][    C0] EXT4-fs (loop0): error count since last fsck: 1
[  606.760519][    C0] EXT4-fs (loop0): initial error at time 1777724097: ext4_orphan_get:1397: inode 15
[  606.760570][    C0] EXT4-fs (loop0): last error at time 1777724097: ext4_orphan_get:1397: inode 15
[  606.797732][T17477] loop0: lost filesystem error report for type 5 error -117
[  606.799197][T17477] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  606.882156][ T5622] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  607.811165][ T4957] block nbd1: Possible stuck request ffff888028310000: control (read@0,1024B). Runtime 60 seconds
[  607.821865][ T4957] block nbd1: Possible stuck request ffff8880283101c0: control (read@1024,1024B). Runtime 60 seconds
[  607.833110][ T4957] block nbd1: Possible stuck request ffff888028310380: control (read@2048,1024B). Runtime 60 seconds
[  607.844075][ T4957] block nbd1: Possible stuck request ffff888028310540: control (read@3072,1024B). Runtime 60 seconds
[  610.008698][ T4988] udevd[4988]: worker [6073] /devices/virtual/block/nbd1 is taking a long time