last executing test programs:

1m22.559492687s ago: executing program 3 (id=18):
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000340)=0x63ba, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000380)=0xa0, 0x4)
sendmmsg(r0, &(0x7f0000001b00)=[{{&(0x7f00000000c0)=@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x80, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="700000000000000017010000080000000de6d828cef3e15d12490678608c32c1c3c8a94d58f21705c497c5b64db97d1129ca9e525f08ce3a41ae0ad896e11660315cb1ce997e24f72ad0c40cdda2ce1263775eea7c051d0cbda7a9888544ae20572f52bc4c771c440f00000000000000a8000000000000001801000006000000b4dbceb304cc776ebf6cf3a124a0e00ad516c159779c04c013fcefb3a62b2c485d41897aef7d02b1e52d1c0d7874a871957ade1e4f115a9b4182458773ba77cbdc55547cb6d6a02cc60fd469f4bf61cdf3a7886ba9b99d5d6674c91359c91d9a3ab31ea885b896702192d77de0d262775c99cc69eb23e0f83f625b597b9456f6312068c79b1d9fd082838735c140dde16c39862c7b3f0000000100000000000094000000010000001195e21dbd99191d1deb6ce8af75450e29665e4f63939056ae7ed32cf15b20449df95c3ecaf986e26d14c0f5b62e3976134e52019d37817cc6d5e580de768405825872163ed3adf84e8e38df4e8197ee53a4eec8a01221e3e16eb9e4e9806f2c80ad62a33a1511b11ca2a5b1ce1a605c04da977530107188058a45c50efa1ab569b6091f176b2bcfe7245b6dba2fe65a199f77f04bfffab5a99528962507dd7b985714b06e3615f3b3d93ece7f1561196c670be95a601cbb0b06ad438d7c02bbb9847d24bf5e048842fa270705f5302fee715ce5e6d01fb0e989e315bcd78b717b7a24f345274e071230bf6ed6000000f00000000000000008"], 0x308}}], 0x1, 0x44)
recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f80)=""/130, 0x82}, 0x4db30}], 0x1, 0x40002042, 0x0)

1m22.412404702s ago: executing program 3 (id=19):
r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x82)
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7})
fchdir(r1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchown(r2, 0x0, 0xee01)

1m22.263254568s ago: executing program 3 (id=22):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_GUEST_MEMFD(r3, 0xc040aed4, &(0x7f00000001c0)={0x1000200001ee0000, 0x3})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000008, 0x28011, r4, 0x1000)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, 0x0)

1m22.136419159s ago: executing program 3 (id=23):
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000640), 0x1, 0x5b9, &(0x7f0000000680)="$eJzs3W2IHHcdB/Df7N6mebiaNLZqa2xOQ20gdPdyuYREfGGJD7UmtaL4IhTCkdvuhezdnrkN9LaCLb4pCiL4RgShYl9YEQ3kTaXU9kWLbxSU+kClxoAKIhStFERQV2YfrmszaYr3MHjz+cDc/ec/c/v/7y3fndmd/8wEUFgT6Y8kYjwiLkXEzv7sf68w0f/VOXRxLp2S6HY//Zekt97soYtzw1WHf7cj/TEWsTUidh9PYl/l6naXljvnZprN+vnBfK09v1hbWu7cdXZ+plFv1BcOH50+NnVk+uj02j3XyZ9uv+WPd9x35Ynn//7Pb/76yPfT/o4Plo0+j7UyEROD/0klbhqpH0si7l3rxnJS7r/UccdIXTKWY4d4y7rd3d9LX7+3R8S+Xv53Rjn6L95LTz/wt53xy3vy7iOwfrpD2Ytf7QKbVqm3D5yUqhHRL5dK1Wp/H/7m2F5qtpbaBx5sXViY7e8r74pK6cGzzfrk4LPCrqgk6fzBXvn1+ak3zB+K6O0DP1be1puvnmk1Zzf6zQ7oGY+4fOlzZ7bseEP+/1Tu5x/YvNL8/+KFp55Ny6+V8+4NsJHS/H/3tflPhPxD4cg/FJf8Q3HJPxSX/ENxyT8Ul/xDcck/FJf8Q3HJPxTXMP/3nzwZ95882e0Mzn9faDXOnptbPDY1WZ2/cKZ6pnV+sdpotRq9M3bmr/+4zVZr8eBUXHio1q4vtWtLy53T860LC+3TvfP6T9czLgUA5ODUla333rT3uZeSiHjkA9t6U2rLYLmswubW7SaR9znIQD589Ificqk2KC6f8YHkOsu3XmtBc+37AmyMUt4dAHJz562O/0FR+f4fisv3/1Bc9vEB3/9D8fj+H4pr/Br3/7px5N5dkxHxtoj4Sblyw/BeX8D/r/GIy5e//dnayn24FRQUFFYKeb9DAevt9dDn3RMgL7OHLs4Np41q85nGRrUEZHnl7v4goDT3ncHUXzK2cmygsk7jhF5+LGIifvjbx/fPldMpBu9D69AUkOGRRyPiXVnb/6R3bGDXYL3d/dXi5oi4JSLeERHvXGXbX/9Umv8X6qN18g8b563m/9aIuD0ibouId0fEnoh4zyrb/vmlNP+/2jZaJ/9QDJ9/Pu8eAHn5+FN59wDIyyljDKCwvvNw3j0A8vL0D/LuAZCXr7yYdw+g2J67OyIms47/lXrH+4cqg+sC3jC4FsC2iNgeETsG5xDeODhHcOfIMcPrOf3JiIm4/UejdY7/wcYZjv/rXDX+r7Qy/q8cEXtX0cYzHxz/clb9zJ40/088PBz/l05p+8OxgMD6euXRiNsy85+sjPlNIs1pxHv/xzYmvnDlyaz6F+9LH7fyM/mHfHS/FfH+yM7/UFqqtecXa0vLnbt69/Fu1BcOH50+NnVk+uh0rXeJkNrwQiEZTvz11QNZ9S9Ppfn/xmH5h3yk2//t18j/6P7/+1bRxvGvfelUVv3479P873n2zfNf+vOW5DO9+eF9CR6aabfPH4zYkpy4un5qFR2FTW6YkWGG0vzv35f9+X/34G/S7f/xiPhwur8QEf+KiH9HxEci4qMR8bGIuOdN2vzqnY0rWfW/ezLN/+PnbP8hH2n+Z6+z/U9//2MVbRzY/+MvZtV/aG+a/+pv/nDigbF0kn8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAtbe03Dk302zWz69jIe/nCAAAAAAAAEXxnwAAAP//xOQ08g==")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000001, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x8004587d, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x8000200000000000, 0x0, 0x85c, 0x5})
chdir(&(0x7f0000000000)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)

1m21.439138166s ago: executing program 3 (id=29):
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x2042, 0x19d)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="38010000fe0000", @ANYBLOB="49661a99"], 0x138)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

1m20.88267707s ago: executing program 3 (id=35):
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x10000})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x1ff)
syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000d0c10000000000000000000", 0x58}], 0x1)

1m20.748016112s ago: executing program 32 (id=35):
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x10000})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x1ff)
syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000d0c10000000000000000000", 0x58}], 0x1)

19.224034056s ago: executing program 5 (id=443):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000085c0)=@newtfilter={0x70, 0x2c, 0xd27, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x0, 0xe}, {}, {0x8, 0xc}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x7, 0x3, 0x67e4}, {0x9, 0x3, 0x5, 0x9}}}, @TCF_EM_NBYTE={0x10, 0x2, 0x0, 0x0, {{0x24}, {0x7d, 0x300, 0x2}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}]}]}}]}, 0x70}}, 0x0)

18.940994733s ago: executing program 5 (id=446):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080066110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498949714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf64351668a3f76d5afa958aff76249e0ffdf8e45155536a1a44bfcbfbfd232af000052f9002a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB="05"], 0x10)
close(r1)
close_range(r0, 0xffffffffffffffff, 0x0)

18.809865715s ago: executing program 5 (id=448):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0x7)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x400000001c1581, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000080)={0x1, 0xfffffffe, 0x0, 0x8, 0x8000, 0x0, 0x1, 0x0, 0x0, 0x1, 0xfffffffa, 0x1})
ioctl$SNDCTL_DSP_GETOSPACE(r1, 0x8010500c, &(0x7f0000000180))

18.439855207s ago: executing program 5 (id=454):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x2148c5, &(0x7f0000000380)={[{@utf8no}, {@uni_xlate}, {@shortname_mixed}, {@utf8}, {@uni_xlateno}, {@fat=@umask={'umask', 0x3d, 0x5}}, {@shortname_mixed}, {@uni_xlate}, {@shortname_mixed}, {@shortname_winnt}, {@numtail}, {@numtail}, {@shortname_win95}, {@numtail}]}, 0x0, 0x301, &(0x7f0000000880)="$eJzs3b9rE2EYwPGn+dU0pU2GIiiIL7rocrRxcgzSghhQ2kasg3C1Fw05k5KLkYjYbq7+Bf4B1W5OCtZdiuDmLi5dBJcOaiT3w/zoaZPG9mr7/UC5J+/d03tz96Y8dzTvbd18dr+Yt7S8XpVQXElIZFW2RVLNyDXkLkN2HJN2q3Jh9Nun03MLt65mstnpWaVmMvMX00qp8TNvHz5+efZddfTGq/E3w7LZTE9/3jyxeXLr57z328siulosl6v6ommopYJV1JS6bhq6ZahCyTIqVdW2Pm+Wl5frSi8tjSWWK4ZlKb1UV0WjrqplVa3UlX5XL5SUpmlqLNHd/SMv3HdG7kdMJOPE8dCumw/vpVc4QCN+jZVKRg/7rsytHUSnAADA4XKA9X/q9tbX3/X/vYKlCpYqlTvq+531f0j6qP9F/Op//FFubXZWzwTdC+yvZv2fcD+/naj/AQAAAAAAAAAAAAAAAAAAAAD4H2yLJBuNRnK70bCX3s+wiMRFxHsddD+xP7zzzvk/nuYWhsT94l5cxHxay9VyztJZn8lLQUwxZDIq8t0eDy4nnrmSnZ5UtpRsmBERaeav1HJhe7oIO9+T8s+fcvKVbDTz7P2vrEhUEu37T0tSJvzz0z75tVxMzp9reDNWGKJJUj7ekbKYsmSP61b+kymlLl/LduWP2NsBAAAAAHAUaPaVc8R91X7968wmqWnKmzYk1Xl97DS27g9IsnV/YNrv/kDX9XVETkWCec8AAAAAABw3Vv1RUTdNo7JbEG+1vO896y+B97SKXrPCA+/Ue/5B/11ta1n/8OJSM/D+I2awgzBIEN91m6jYQURE3JbXwXR1b0FogMMb7j7LodZB6N44unM8x0Sko2Xin4z5voL15318PHsLvjzofdAG8dcIAAAAwH7yiv5j85BMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOoV4nD/O238vcY3aiM/leOLh3CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATvVwAAAP//mpkCng==")
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005c48, 0x0)
read$FUSE(r0, &(0x7f0000004c40)={0x2020}, 0x2020)

18.286556873s ago: executing program 5 (id=456):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x22}}, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c)
r1 = fcntl$dupfd(r0, 0x0, r0)
sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x800)
sendmmsg$inet6(r1, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="cd", 0x1}], 0x1}}], 0x4000000000000ec, 0x8001)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000540)=""/165, 0xee, 0x1, 0x0}, &(0x7f0000000180)=0x40)

17.700020981s ago: executing program 5 (id=460):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
r1 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r1, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
pread64(r2, &(0x7f0000000480)=""/154, 0x9a, 0xe4)

17.618761625s ago: executing program 33 (id=460):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
r1 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r1, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
pread64(r2, &(0x7f0000000480)=""/154, 0x9a, 0xe4)

16.127996516s ago: executing program 4 (id=476):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000100)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000002140)={0x50, 0x0, r2, {0x7, 0x27, 0x0, 0x14a4014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}}, 0x50)
read$FUSE(r0, &(0x7f000000b040)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10)
open_by_handle_at(r1, &(0x7f00000021c0)=ANY=[@ANYBLOB="1c000000810000000000000001"], 0xfeffffff)

16.008909826s ago: executing program 4 (id=478):
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x1000)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_udp_int(r0, 0x11, 0xb, &(0x7f0000000200)=0x6, 0x4)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269bb, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000180)=0x3, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000300)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x68, 0x0, 0x0, 0x88, 0x0, @remote, @local}, {0xfffe, 0x4e24, 0x4d, 0x0, @wg=@initiation={0x1, 0x4, "497a1d08fd3d0ee007022798bb6374ed840b4f36f41fc4d035e9ebe414aa958d", "4bbef5e4007898221aa606d083cd59745493938f1e2de8fdadd3823fedd2c01b2aff03050a4ca5d10fd1b6b06f47ea42", "ef7c9d6a98e3943f6892078bb952854743fe4dddd2e7c0ce70a4ac7d", {"a851525b16af17fe87acbae2ab0b233d", "01422d01cd53c3abe94331d0b7918724"}}}}}}}, 0x0)

15.879885848s ago: executing program 4 (id=479):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r0, {0x2, 0x4e22, @broadcast}, 0x2, 0x9800}}, 0x2e)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000240)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x0, 0x2, 0x0, {0xa, 0x0, 0x0, @private0}}}, 0x3a)

15.849914583s ago: executing program 4 (id=480):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000680)='./file0\x00', 0x2148c5, &(0x7f00000002c0)={[{@utf8no}, {@shortname_winnt}, {@shortname_mixed}, {@utf8}, {@uni_xlateno}, {@fat=@nfs_nostale_ro}, {@fat=@quiet}, {@uni_xlate}, {@shortname_mixed}, {@fat=@nfs_stale_rw}, {@fat=@showexec}, {@numtail}, {@shortname_win95}, {@shortname_lower}]}, 0x0, 0x2c4, &(0x7f0000000a40)="$eJzs3UFr02AYwPFn7dZ2HVt7GIKC+KAXvYStfoIiG4gFZVvFeRAyl2ppbEZTKxVxu3n1E/gBht48Kah32cWbd/Gyi+BlB7WyNLFdF7FVttTt/4ORd++bp3nT9015Etpk+8bTe5WSa5TMusRSKjGRDdkRye6WfCP+MuaVE9JtQy5MfP14enH55pV8oTC3oDqfX7qYU9WpM28ePHp+9l194vrLqddJ2cre2v6S+7R1Yuvk9o+l4NUdEVNXHKdurtiWrpbdiqF6zbZM19Jy1bVqde1qL9nO2lpTzerqZHqtZrmumtWmVqym1h2t15pq3jHLVTUMQyfTvd0/8uIDRxS/J0TyB9IZRGE8rLJWy5vx0Mbi5mF0CgAADJeo8v+7ZVfLrladPfn9/vw/JgPk/yJh+T9+q7i5sGCS/x9xu/l/2j9+9yL/BwAAAAAAAAAAAAAAAAAAAADgf7Ajkmm1WpmdVstbBn9JEUmJSPB/1P3EwQjGnfE/nhaXR8T/4V5KxH7SKDaK7WW7PV+SsthiycyYyDdvPvja5fnLhbkZ9WTlrb3ux683inFJBvGBbHj8bDteu+PXZUzS3dvPSUamw+NzIfGNYkLOn2sl/S1bYkhGPtwWR2xZ9eZ1J/7xrOqlq4We+HFvPQAAAAAAjgJDf9l3/u61GxrcNqSnvV3ZuT4gmc71gbmw6wM959ejcmo0uv0GAAAAAOA4cZsPK6ZtW7U/FVKdmvf9Rw1VIXj+wcDh8ZCm4Bsx0e1Oqt+VR0XEr3k1LGPRTyH2D29vfIBRHts/nxMisqdm+vDn/ItnAxye/RU+3+9/0kb1iQQAAADgoARJ/7F5SCYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEOo35uHBev/zb3HujYXj2YvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOHwMwAA//8VhA3+")
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005c48, 0x0)
read$FUSE(r0, &(0x7f0000004c40)={0x2020}, 0x2020)

15.638761859s ago: executing program 4 (id=481):
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000180)=0x5)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$dsp(r1, &(0x7f0000000280)='\x00', 0x1)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000000)={0x1, 0x1fffffe, 0x800007, 0x100080000000006, 0x346a, 0x100000001, 0xfffdfffffffffffe, 0x4, 0x4, 0x2, 0xfffffffd, 0x1})
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r2, 0xc0984124, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38dc90bf80a897c4})

13.842072981s ago: executing program 4 (id=495):
syz_mount_image$udf(&(0x7f0000000080), &(0x7f00000000c0)='./file1\x00', 0x18410, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRES64=0x0], 0xfe, 0x4b1, &(0x7f0000000600)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==")
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./bus\x00', 0x101c552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x122e, &(0x7f00000024c0)="$eJzs3E2LW1UYB/BnxnmJqfOi1moL4kE3ugmdWbjRzSBTkAYqbUdoBeHWuWPDXJNhbhiIiG1Xbv0cIojgThBxo5vZ+A0Ed7Nx2YV4JYmZjiXFDthJKb/fJg85559zbnITuOGce/D2l59sb5WNrawb01NTMb0Tke6mSDEdI7fjjbd+/uXlK9euX1xrNtcvp3Rh7erKmymlxVd++OCzr1/9sXvq/e8Wv5+P/eUPD/5Y/X3/zP7Zg7+u3myVqVWmdqebsnSj0+lmN4o8bbbK7UZK7xV5Vuap1S7z3W7K5gYj9du3is7OTi9l7c2F+s5uXpYpa/fSdt5L3U7q7vZS9nHWaqdGo5EW6sHxzRxWG1/draoqoqpmYy6qqqqejnqcimdiIRZjKZbj2Xguno/Td16IM/FivBTf/vZNr58AAAAAAAAAAAAAAAAAAAAA/j8Puf8/Rvv/zw56TXrWAAAAAAAAAAAAAAAAAAAA8GS5cu36xbVmc/1ySrWI4ou9jb2N4eOwfW0rWlFEHudjKf6Mwe7/oWF94d3m+vla6luOO8Wtf/K3fpq/L78yuJ3A2PxKGjqa39uYj/rR/Gosxenx+dWx+Vq8/tqRfCOW4tePohNFbEY/ey//+UpK71xq3pc/N+gHAAAAT4JGOrT87+vfp4btjQe1D/MP9f/AmOvzfvbcTH2ix05E2ft0OyuKfPfEitmIOF5q9oRn+LgWcyc/aO3wmZszo1NmbOdL9cm/P4+gqI2KB39T5o+cz1MRt481xFRETOgAp/+jz2R/lzgZ9z70Sc8EAAAAAAAAAACA43hUCwxHr29lGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7MDBwIAAAAAgvytN5igAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATgEAAP///kzCmA==")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r1 = open(&(0x7f00000001c0)='./file2\x00', 0x86442, 0x0)
dup3(r1, r0, 0x0)
io_setup(0x2, &(0x7f0000000400)=<r2=>0x0)
io_submit(r2, 0x3f0a, &(0x7f0000000540)=[&(0x7f00000000c0)={0xf04aef, 0x3d8, 0x4, 0x0, 0x0, r0, &(0x7f0000000000), 0x2400}])

13.598384742s ago: executing program 34 (id=495):
syz_mount_image$udf(&(0x7f0000000080), &(0x7f00000000c0)='./file1\x00', 0x18410, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRES64=0x0], 0xfe, 0x4b1, &(0x7f0000000600)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==")
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./bus\x00', 0x101c552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x122e, &(0x7f00000024c0)="$eJzs3E2LW1UYB/BnxnmJqfOi1moL4kE3ugmdWbjRzSBTkAYqbUdoBeHWuWPDXJNhbhiIiG1Xbv0cIojgThBxo5vZ+A0Ed7Nx2YV4JYmZjiXFDthJKb/fJg85559zbnITuOGce/D2l59sb5WNrawb01NTMb0Tke6mSDEdI7fjjbd+/uXlK9euX1xrNtcvp3Rh7erKmymlxVd++OCzr1/9sXvq/e8Wv5+P/eUPD/5Y/X3/zP7Zg7+u3myVqVWmdqebsnSj0+lmN4o8bbbK7UZK7xV5Vuap1S7z3W7K5gYj9du3is7OTi9l7c2F+s5uXpYpa/fSdt5L3U7q7vZS9nHWaqdGo5EW6sHxzRxWG1/draoqoqpmYy6qqqqejnqcimdiIRZjKZbj2Xguno/Td16IM/FivBTf/vZNr58AAAAAAAAAAAAAAAAAAAAA/j8Puf8/Rvv/zw56TXrWAAAAAAAAAAAAAAAAAAAA8GS5cu36xbVmc/1ySrWI4ou9jb2N4eOwfW0rWlFEHudjKf6Mwe7/oWF94d3m+vla6luOO8Wtf/K3fpq/L78yuJ3A2PxKGjqa39uYj/rR/Gosxenx+dWx+Vq8/tqRfCOW4tePohNFbEY/ey//+UpK71xq3pc/N+gHAAAAT4JGOrT87+vfp4btjQe1D/MP9f/AmOvzfvbcTH2ix05E2ft0OyuKfPfEitmIOF5q9oRn+LgWcyc/aO3wmZszo1NmbOdL9cm/P4+gqI2KB39T5o+cz1MRt481xFRETOgAp/+jz2R/lzgZ9z70Sc8EAAAAAAAAAACA43hUCwxHr29lGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7MDBwIAAAAAgvytN5igAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATgEAAP///kzCmA==")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r1 = open(&(0x7f00000001c0)='./file2\x00', 0x86442, 0x0)
dup3(r1, r0, 0x0)
io_setup(0x2, &(0x7f0000000400)=<r2=>0x0)
io_submit(r2, 0x3f0a, &(0x7f0000000540)=[&(0x7f00000000c0)={0xf04aef, 0x3d8, 0x4, 0x0, 0x0, r0, &(0x7f0000000000), 0x2400}])

10.609743365s ago: executing program 2 (id=508):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000005c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1c, r1, 0x1, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4)

9.754509749s ago: executing program 2 (id=510):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x40}}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB="b0"], 0xb0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x22)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@posixacl}]}})

9.531159276s ago: executing program 2 (id=512):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000040)='./file1\x00', 0x800810, &(0x7f0000000140)={[{@nossd_spread}, {@nodatasum}, {@compress_force}, {@compress_algo={'compress', 0x3d, 'lzo'}}, {@flushoncommit}, {@autodefrag}, {@max_inline={'max_inline', 0x3d, [0x30, 0x37, 0x65]}}, {@nodiscard}]}, 0xfb, 0x510a, &(0x7f000000d000)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h795j5Lrqw4Gf2dd4H97dBH4i5IfAQB3jgtdrOzzUpmKdpioKpaxLSlQhio29Dos32NhOwREgxwalKIKmJRL80SiOEKrzR1KLBAWaRHEjYRQ1D5SqEUmUiLROEFFoGkChEIlUs/ee2Tvn7jw23nW84fORvHNmvud55+E59945FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfjcc/9Jn/rZV/N7fXvToE5dOfPLQ5kuf/fxFZz8YwuTs45UsXBm4+vqJn9984S2H7th4w20nL357X14uj4fB2p+u/M4XY60nV4ZweyWEnjSwbigL9Ob3h2J9bxgK4awwF6iXmBrISqQNh+/3h3AkzAXqVX2vP4ShQuCSh+65+yu1xHX9IawOIVTTNh6vZm30p4Hz+rLAQBrY3ZMFfvVSph74blcWgFMW3wz1F/2xycYMo/OXa/L66120jr2y0uF1x8Ro83w/27zEnSroSx+YPKWnrVQdS6L09jju3bYM3m2l7Xytp634RSr/hvLSXKgaunZM7dx2xcz++EhXGBvrblbTEj3Pjzz/ue0LSS+b12HswOiivA6/+sDqm7vXfuD+29atfvroOw4/c6rd/FFhkxbTS60a8tfcsnkeowmfJ8vg7Vf6lrTKl64Qws5P/N4HW8VL8//R1vP/+HKOt10NuWOtLw5nc/P4yFBMPDeczc1b6VnoGAEAAGDxdRVSZ/5e091jd72nUHykmtRXmv+v6uz4f9wK+WQ+G+3xECZmE4dHQjhn9vEscFNs7uMjIbx5NjXZGNicBI6H8PrZxNp6VUmJFbHEqiTwk+E8MJEETsTAZBL4VgxcmwS+GAPHksD2GDieBC6MgTDdOI7fH87H0XGgPwa2ZhvxWDwL4RfDsbVkWz1WrwoAAGCR5LPD3sa7hXMdTjVDnF4e62+XIZ6B3TRDNakhncHWp1VNa+hpV0NXuxrq4z7Yevilmivtai6dhlFpzHD9L//mQ6GF0vx/vPX8vzpPRyql4/8hbJn9G3N35ZGZenzrZEMGAAAA4BQM/u+T32wVL83/Jzo7/z/uE+kuZA73xd0Qu0ZCGG8MZNX+YTmQHfUezAMAAACwHNSPx9ePhU/nt9kp2ul8upx/coH544H/iXnz9x2/c2ur/pbm/5Odnf8/0HibdeJE7MXXRkJYUQj8IPayFpi1KgZ+/N7GQD7+E3EDXBOryk9MqFd1TSyxNQbGk8CRZiV+WC9xTmMgf7LqjR+uj2M6L1EIAAAAwGkXdwfE4/Lx/P+3/GbjZ1qVK83/ty7s/P/ZeXDp9P6ZwRDW94TQnf4w4L6BbGHAGBiq5Im7BrK6utOqrhoI4YLawNKqnszX/+9J1xh8qD+rKgbOecvR58+rJb7ZH8L6YuDhj9z4zlpifxKoN/6X/SG8qTbatPHvrMga700b//qKEN5YCNSr+viKEGqN9aVV3VPNr2OQVvXP1RBeUwjUq3pXNYQDAYBlKv5XuqP44L4DV+7aNjMztXcJE3Effn/YOT0zNbZ998yOapM+7Uj63LCM0VXlMXV65ZvH8iWKPnzrlqFO0vXfCY4X28r345dOHMzvx+9CvbPj3NjbcHdTOuS3vbXcRGhY72n+IXct8ZAHipXMPYml+mP+vjAYVlyxb2rv2Ge37d+/d0P2t9PsG7O/8TBTtq02pNtqYL6+dfDyaLpaVuLlbqs1xUrW7798z/p9B65cN335tsumLpv61IZ3bRw/f3zT+LvPX18b1Xj2t81Q18xXdTLUl27scFyLONRzi8tkn45PDQkJieWW2D24puX/yaX5/57W8//4qRM/+fP1GZod/x+Nh/mzx+cO82+NgSOdHv8fbXY0v35iwKokcDAGDjrMDwAAwKtDnOTHvZlxr/RP137n6VblSvP/g539/n+R1v+vL11/cbNl/tfGEuPN1v9Pl/mvr/9/sNn6/+ky//X1/4+8Auv/X1EPJJvkF9b/BwAAXg1O3/r/bZf3Ty8QUMrQdnn/9AIBpQxtl/Hv9AIBC17///H//Kv/Di2U5v/Xdjb/t3A/AAAAnDm+8Gef+X+t4qX5/5HO5v+nf/2/0Oz8/1XNApPNFga0/h8AAADLVLP1/0avHvhYq3Kl+f+xzub/8bSLrobcsdYXh7M17UK6pt1zw/WfDAAAAMDy0BXGxno7zNuwMurml9/mI/lSoK3SRU/+ycmFnf9/vLP5f8PvMr76wOqbu9d+4P4Xb1u3+umj7zj8zNzxfwAAAGDpdLpfAgAAAAAAAAAAAAAAeOU9+R+HNrWKl37/H7bMPt7s9//xun/x9wWvbcgda22//l9+/5L333JgdsnC+4ZDeGsxsOvQrrNCfm3+NcXA3R9d+7pa4lBa4s4nLnyqlvhYGnjfurNfqCUuSAJb4yKJr08D8aqKL6xMAnF5xX9PA3F7HEsDfXngyyuzcVTSbfXToWxbVdJt9ehQCCOFQH1b3T6UtVFJB3hdEqgP8NNpIA7wz/NAV9qrWwazXsXAUCx6w2DWKwAAzljxW2Bv2Dk9MzUev8LH23N7Gm+jhiXLripXW+mw+cfypck+fOuWoU7S3el30blrjfeGam0IG0pfV4tZKrOjXJxa2my61zYZcrvV3rqalEstdNP1NR9Rfzaise27Z3b0th34pvZZNva0zbKhNNkpZuma3aQd1NJBXzoYUYfbpoMux/tdYWysO8n1BzE4Ghq0e0V0+nv94jp/zV4FxTyfOnn4V63qK83/Rzub/1eL43ohvxjAwXhlvb8bscw/AAAALK0vb/71N+K/D11978Ot8pbm/6s6m//HPVj5oeBsb8fxeP3/wyMhzF5afzQL3BSb+/hICG+eTU3GEtkF9S+OJcazwE1xh8naWGLrZGNVK2LgWBL4yXAeOJ4ETsRAvpfiaMh35fz9cAjvnE1taSyxJ5YYTQIfjIFVSWAsBsaTwMoYmEgCz67MA5NJ4N9iIEw3bqtbV+bbCgAAYCHyeVZv492QzvOO9bTLUGmXYaBdhq52GartMjQbRbz/7ZihNzl5pVLI1JvW2p/UUsoQL4a/4H6VMoQfNuZMC5aajucf1M83qDRmuOM9PdXQQmn+P97Z/H+g8TZr/USc/89d/y8L/CB272vx1PFVMfDj9zYG8h0DJ+Jk95p6VZN5iXzSfk0sMREDq5LAnhiYSAJbt+SBI69rDOQz7Xrjh+uNT+clCgEAAAA47eIOgribJs7/b9j3pcFW5Urz/4nO5v+xvcFiY1+MtZ5cGcLtlbne1APrhrJA3I8xFH8e/4ahEM4q7OCol5gayEr0JQ2H7/dnv1DvS6v6Xn/244N4/5KH7rn7K7XEdf0hrC7sfam38Xg1a6M/DZzXlwUG0sDuniwQ9/zUA9/tygJwyup7BeMLKj/VpW50/nJNXn+vlmuCpsMr7QOdJ998v7laKqUdrvk+1bqFPW0t99+yaEpvj+Pebcvx3Tbq3Vb8IpV/Q3lpLlQNXTumdm67YmZ/fKT4S9aSJXqei79S7SS9CK/Dgy+/t+1V0w6MJx8f4/OXm/91WInVffWB1Td3r/3A/betW/300XccfqbjbjQRfyh8z+f/dehHhc271Kohf80tu8+TSZ8ny+K/gYOFTs2dmV33u/m0bXn269e0ipfm/5Odzf97kttZv44bc99ICG8rbNz74ub/45Hsc7AQyD4lX1MOZIfc/2u46ScnAAAALLb6noX6/oLp/DY7ITydJ5fzTy4wf9xfMTFv/k77PfDXH13dKl6a/29tPf9fkXTT8X/H/1kijv/P60zfFb0ifeDgKe2KLlXHknD8f15n+rvN8f95Of7v+P98HP9vw/H/eZ3pT1vpW9IeX7pCCE//0V2PtoqX5v97Opv/W/9v/kX76uv/bW22/t+eZuv/HbT+HwAAsKSaLDSXzvNKq/eVMqSr95UytF0gsO0Sg9b/W/D6f0+d+/hvQgul+f/Bzub/8eUwWGx9uaz/t2pLk6qujYE9FgYEAADgTNRsBwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvrDv+4X92tIrf+9uLHn3i0olPHtp86bOfv+jsB0OYnn28koUrA1dfP/Hzmy+85dAdG2+47eTFb6/m5Xrz2//fkDvW+uJwCEcKjwzFxHPDtTtzgUvef8uBnlrivuEQ3loM7Dq066xa4lvDIawpBu7+6NrX1RKH0hJ3PnHhU7XEx9LA+9ad/UItcUEeqKTd/ceVWXcraXe/sjKEkUKg3t1Prmysqt7Gn+aBrrSNfxrK2oiBoVj0G0NZGzEwE0tMrwhhfU8I3WlV91azqrrTqv6lmlXVnVb1hWoIF4QQetKqnujLqupJR/5gX1ZVDJzzlqPPn1dLHOkLYX0x8PBHbnxnLfHpJFBv/C/6QnhT7SWTNv7t3qzx3rTx63pDeGMIoS8t8cuerERfWuLJnhBeUwjUG/9ETwgHAq8K8cOn4RNt34Erd22bmZnau4SJvryt/rBzemZqbPvumR3VpE/NVArpl656+WN/7PnPba/dfvjWLUOdpHvycr2zXd7Y23B305ne+9ivgWIlc89Hqf6Yvy8MhhVX7JvaO/bZbfv3792Q/e00+8bsb3cezbbVhuWyrdYUK1m///I96/cduHLd9OXbLpu6bOpTG961cfz88U3j7z5/fW1U49nfxRjqjad/qOf2FCo5HR8AEhISyy3R1fDpNn6mf5CXvujPdbQ3VGc/oAvTir5SlsrsKBdj0JtP36BLU5LCiPoa+zbvdqlkX2/KWa5qzLKpNJmYq6U/yzL7va40OSw21jW7SeP9rjA21t1sO4w23i1u3p+dwuZ9JN90naYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6PHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhB44FAAAAAIT5W4fRswEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXAoAAP//PTUiXg==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
truncate(&(0x7f0000000000)='./file1\x00', 0x8000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x8541, 0x0)
openat$cachefiles(0xffffffffffffff9c, &(0x7f00000016c0), 0x101040, 0x0)
ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f00000007c0)=ANY=[@ANYBLOB="0300000000000000fef7"])

7.260054269s ago: executing program 2 (id=520):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000680)='./file2\x00', 0x800000, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f757365725f78617474722c666c7573685f6d657267652c6673796e635f6d6f64653d706f7369782c64697361626c655f6578745f6964656e746966792c6261636b67726f756e645f67633d73796e632c6673796e635f6d6f64653d7374726963742c6e6f626172726965722c6e6f696e6c696e655f646174612c6e6f626172726965722c71756f74612c6261636b67726f756e645f67633d6f66662c6e6f61636c2c6e6f657874656e745f63616368652c6e6f646973636172642c6163746976655f6c6f67733d342c00e62bc03000c35169ed09803fa1bee488c680f339e530b5e8ad120a2b4f078093a8e0ba2b3d1b5fe99356b80a454c1ec2f8e12392bbffe9fae2fa05e18a6b61f5eded2e484f574d2757a5fe762c770477aa3460313ee54451c6a6159eca600d6c85a8c09cef9996dc851a5f5edf1a4a22576c6dfe6b9e8dade2d3a8e6a8c7710733c1f69aabd8880291"], 0x1, 0x5504, &(0x7f000000c0c0)="$eJzs3M1rI2UYAPB32u1+uxbx4G0HFqGFTWj6seit6i5+YJey6sGTpsk0ZDfJlCZNa08ePIoH/xNR8OTRv8GDZ2/iQfEmKJl3qls/QGma2O3vB5Nn5p03zzxvKIVnJiQA59Z8+vOPSbgRroQQZkMI10Mo9pNyK6zH8Fx5buaxLSnHfx+4GEK4GkK4MUoecyblqU9vD2+t/fDGT199c+nCtc++/HZ6qwam7fkQQncn7u93Y8xbMT4sx+vDdhG7q8MyxhPdR+VxHuN+tlVk2K8fzasXcaUV5+c7e/1R3O7UG6PYam8X4zu9eMH+sHWUp3jDw/pucdzMtorY7udFbB3Gug4O4/+2w/4g5mmW+T4o0ofB4CjG8ewgi+vZeVTERm9Qjse8eTM7GMVhGcvLhUbeaRZ1bJ3kk/5/e7Pd2ztIh9luv5330rVq7YVq7U6ltps3s0G2Wql3m3dW04VWZzStMsjq3fVWnrc6WbWRdxfThVajUanV0oW72Va73ktrtepKdamytlju3U5fvf9O2mmmC6P4cru3N2h3+ul2vpvGdyymy9WVFxfTW7X0rY3NdPPBvXsbm2+/d/fd+y9tvP5KOekvZaULy0vLy5XaUmW5tniO1v9RWfQY1w8nkky7AICz57/2/zf1/8AYnF7/v/sghNPv/4P+fyzOVP973vv/U1g/nIj+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg3Ppu7vPXip35eHytHH+qHHqmPE5CCDMhhF//xmy4eCznbJln7h/mz/2phq+TUGQYXeNSuV0NIayX2y9Pn/anAAAAAE+uLz68+Uns1uPL/LQLYpLiTZuZ6++PKV8SQpib/35M2WZGL8+OKVnx930hHIwpW3ED6/KYksVbbhfGle1fmT0WLj8WkhhmJloOAAAwEcc7gcl2IQAAAEzSx9MugOlIwtGjzKNnwcU37/94IHjl2BEAAABwBiXTLgAAAAA4dUX/7/f/AAAA4MkWf/8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5j535yUgfiOID/WuiD9y+PvLj3Ku7gGB7BpUvDAbwER8AreAHPgDuPYMDQqUQU3XRKI/l8kjJMQ77MELqY3yQDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTpsVrO7m7Ob9vmrDft5JkNAAAAcMiqWs7qN5PU/93c/9vc+t/0i4goI+LQ2n0QP/YyB01O9cnnq3djuI+oE7bfMWquXxFx0VzP/7r+FQAAAOB0PcwX07RaTy+TvgfEMaWiTfnnMlNeERHV5ClTWrnNO8sUVv+/h3GdKa0uYI0zhaWS2zBX2kcHouvHfVe1G79pitSUX0dmmzsAAHBEg72mw1UIAAAAPbvqewD0o4jXrczdVuAoNc323s+9HgAAAPANFX0PAAAAAOhcvf53/h8AAACctnT+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF1aVctZNV9M2+asN+3kmQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALywP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/uzs7WVsUYJYeIKHjQi023tbU38aAED/4JQki3NXbrjzYHW4qQizfJuRfRo4igxFv/h55b6KXeesihghcvlTc/kmkMuFo7s20+H3jzvjsZ3vu+GQj5zkwWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNr2u7txljZzZdyv9t28d3U19bf29Mn1zduLqaW412bSj4eXmx96C90lAgAAwMGR1fV9RNzJt5ZT358r6v+8PibV/N89W8Z1Pb+37q/7uvZP7ddf7r64M9FcOU8a9OzaZHzs76kMHt0qZ9tz/3jEoDjzxb2XrLgg/Q82XtjOi/PZ++bGjfeGRXiojWwBgP/iaN1XQf33UOpHXSYGwIExaBTedf2fzXWbEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAbtjfi6TruRcTiYDdObt27urpff33z9mLdTl27ttkcMw2RR8TZtcn4WItrmXWXLl85vzKZjC+2H7wSEV3N/k61/PMfTXFwRCfnR/A/Bf3qYs9KPg8T5NVaHv1cHf1CAgDgiZVXLdX1d/Kt5bSvNx9x//sH6//XG3FMWf/f/fjUzeZczfp/1NoKZ9/S+oXPly5dvvLm2oWVc+Nz40/fOj56e3Ti9MmTp5eKeyVL7pgAAADwcIZVa9b/wz3HpJ8dacQxZf3/xbejr5rjZOr/fe0+9Os6EwAAgIPt+Vf/+L23z/7ecBhfrqyvXxyV253Px8ttB6n+a4eq1qz/s/muswIAAADasL3Re+D9/zONOKZ8/v/MDy/91Bwzi4jD1fP/o6ufTc60t5yZ1sa/Lne9RgAAALp1uGrN5//5fKr/+zuvPPQj4o3Xyrj6GsCp6v/s/a9/bM7VfP//RHtLnEn9hfJ8FP1CxGCh64wAAAB4Uv15P+KpKFsq9n/Lt5Y/+fnIh0Pv/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC07a8AAAD//3npOno=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000005, 0x11, r0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x8)
fallocate(r1, 0x0, 0xeffb, 0xe396)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x40441, 0x106)
fallocate(r2, 0x8, 0x4000, 0x10000)

5.53063223s ago: executing program 6 (id=528):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300)
setsockopt$inet_int(r0, 0x0, 0x12, &(0x7f0000000280)=0x40, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

4.290926038s ago: executing program 1 (id=532):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x84}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa7f10723c5e5444d}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r3, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x3e, &(0x7f0000000100)=ANY=[], 0x0)

4.287799288s ago: executing program 6 (id=533):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x1, r0})
syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000080)=ANY=[@ANYBLOB='utf8,gid=', @ANYRESHEX=0x0, @ANYBLOB=',iocharset=maccyrillic,discard,discard,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c696f636861727365743d63703836302c6e616d65636173653d312c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c6572726f72733d636f6e74696e75652c008f72aecb16cb95b70a6e568f4af03008049c39d07a613328e97a005306090d42e6bcdaf470e7f967bb5ef6846fca24923c6e8d15296c38afb75801ea36bce3ae444b5466d951d8eae22d4684836c4038f32312650d43711e7c0f7120d22c135d4470b55b377b37f7d754bce9bfb3890a55e148a39d285c897aab28145a2a26bf14b23a3b35c68bbb2247de2a4194873911df44899bb63c"], 0x1, 0x153f, &(0x7f0000006200)="$eJzs3AucTtX6OPDnWWvtMSTeJrkMa61n8yaXZZIklyS5JEmSJLklJE1yJCExhCQNSUguQxJDSC4Tk8b9fr8kJEmTJCG5Jev/meSjTp3/uXVyfmee7+ezP7Oed+9n7bXf592z195z+brr0FpNaldvRETwb8ELX5IAIBYABgJAXgAIAKB8XPm4rPU5JSb9ezthf6z7Uy/3CNjlxPXP3rj+2RvXP3vj+mdvXP/sjeufvXH9szeuP2PZ2aZpha7iJfsu/Pw/O+Pr//+QzDJjP19T5ppuADH/aArXP3vj+v/PCv6Rjbj+2RvXP7uKvdwDYP8F+PzPDnL8zTVc/+yN689Ydna5nz9f7gUi/2XvwZGcFwrzZx0/Y4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDH2JzjtL1EAcLF9ucfFGGOMMcYYY4yxP47PcblHwBhjjDHGGGOMsf88BAESFAQQAzkgFnJCLhAAcCXkgbwQgasgDq6GfHAN5IcCUBAKQTwUhiKgwYAFghCKQjGIwrVQHK6DElASSkFpcFAGEuB6KAs3QDm4EcrDTVABboaKUAkqQxW4BarCrVANboPqcDvUgJpQC2rDHVAH7oS6cBfUg7uhPtwDDeBeaAj3QSO4HxrDA9AEHoSm8BA0g+bQAlpCq38p/1noCc9BL+gNSdAH+sLz0A/6wwB4AQbCizAIXoLB8DIkwxAYCq/AMHgVhsNrMAJGwih4HUbDGzAGxsI4GA8pMAEmwpswCd6CyfA2TIGpkArTYDq8AzNgJsyCd2E2vAdzYC7Mg/mQBu/DAlgI6fABLIIPIQMWwxJYCstgOayAlbAKVsMaWAvrYD1sgI2wCTbDFtgK22A77ICPYCd8DLtgN+yBT2AvfPpP5p/6q/xuCAgoUKBChTEYg7EYi7kwF+bG3JgH82AEIxiHcZgP82F+zI8FsSDGYzwWwSJo0CAhYVEsilGMYnEsjiWwBJbCUujQYQImYFm8ActhOSyP5bECVsCKWAkrYRWsglWxKlbDalgdq2MNrIG1sBbegXdgn4tPpLA+1r/4eAobYSNsjI2xCTbBptgUm2EzbIEtsBW2wtbYGttgG2yH7bA9tscO2AETMRE7YkfshJ2wM3bGLtgFu2JX7IbdsXvmszkAn8PnsDfWEH2wL/bFfpicYwC+gC/gizgIX8KX8GVMxiE4FF/BV/BVHI4ncQSOxFE4CquKN3AMjkUS4zEFU3AiTsRJOAmzBvo2TsVUnIbTcTrOwJk4E9/F2fgevodzcS7OxzRMwwW4ENMxHRfhKczAxbgEl+IyXI7LcCWuwpW4BtfiGlyP63EjbsTNuBm34lbcjtvxI1QA+DHuxt2YjHtxL+7Dfbgf9+MBPICZmIkH8SAewkN4GA/jETyCR/EYHsdjeAJP4Ek8hafxNJ7Fs3gOn47/svFHJVcng8iihBIxIkbEiliRS+QSuUVukUfkEREREXEiTuQT+UR+kV8UFAVFvIgXRUQRYYQRJMIYABBRERXFRXFRQpQQpUQp4YQTCSJBlBVlRTlRTpQXN4kK4mZRUVQSbV0VUUVUFe1cNXGbqC6qixqipqglaovaoo6oI+qKuqKeqCfqi/qigbhXNBR9cADeL7Iq00QMwaZiKDYTzYX8+YPSWgzHNqKtaCceFSNxBHYQrV2ieEJ0FGOwk/iLGItPiS5iPHYVz4huorvoIZ4VPUUb10v0FpOxj+grpmI/0V8MEC+IGVhTvIuzc9YSL4tkMUQMFa+I+fiqGC5eEyPESDFKvC5GizfEGDFWjBPjRYqYICaKN8Uk8ZaYLN4WU8RUkSqmieniHTFDzBSzxLtitnhPzBFzxTwxX6SJ98UCsVCkiw/EIvGhyBCLxRKxVCwTy8UKsVKsEqvFGrFWrBPrxQaxUWwSm8UWsVVsE9vFDvGR2Ck+FrvEbrFHfCL2ik/FPvGZ2C8+FwfEFyJTfCkOiq/EIfG1OCy+EUfEt+KoOCaOi+/ECfG9OClOidPijDgrfhDnxI/ivPACJEohpVQykDEyh4yVOWUueYXMLYOf392rZJy8WuaT18j8soAsKAvJeFlYFpFaGmklyVAWlcVkVF4ri8vrZAlZUpaSpaWTZWSCvF6WlTfIcvJGWV7eJCvIm2VFWUlWllXkLbKqvFVC5MI+asiaspasLe+QSXCnrJt10su7ZX15j2wg75UN5X2ykbxfNpYPyCbyQdlUPiSbyeayhWwpW8mHZWv5iGwj28p28lHZXj4mO8jHZaJ8QnaU/uePyFOyi3xadpXPyG6yu+whf5TnpZe9ZG8JfUD2lc/LfrK/HBCbtd8X5SD5khwsX5bJcogcKl+Rw+Srcrh8TY6QI+Uo+bocLd+QY+RYOU6Olylygpwo35ST5FtysnxbTpFTZaqcJgfIgT/1NEvKv5v/5u/kD/5p7xvlJrlZbpFb5Ta5Xe6QH8mdcqfcJXfJPXKP3Cv3yn1yn9wv98sD8oDMlJnyoDwoD8lD8rA8LI/II/KoPCbPyO/kCfm9PClPyVPyjDwrz8pzP78HoFAJJZVSgYpROVSsyqlyqStUbnWlyqPyqoi6SsWpq1U+dY3KrwqogqqQileFVRGllVFWkQpVUVVMRdW1+PMHRpVSpZVTZVSCuv6fyVfF1XWqhCr5q/yL40v6G+NrpVqp1qq1aqPaqHaqnWqv2qsOqoNKVImqo+qoOqlOqrPqrLqoLqqr6qq6qW6qh+qheqqeqpfqpZJUkuqrnlf9VH81QL2gBqoX1SA1SA1Wg1WySlZD1VA1TA1Tw9VwNUKNUKPUKDVajVZj1Bg1To1TKSpFTVQT1SQ1SU1Wk9UUNUWlqlQ1XU1XM9QMNUvNUrPVbDVHzVHz1DyVptLUArVApat0tUgtUhlqsVqslqqlarlarlaqlWq1Wq3WqrVqvVqvMtQmtUltUVvUNrVN7VA71E61U+1Su9QetUftVXvVPrVP7Vf71QF1QGWqTHVQHVSH1CF1WB1WR9QRdVQdVcfVcXVCnVAn1Ul1Wp1WZ9VZdU6dU+fV+axpXyACEahABTFBTBAbxAa5glxB7iB3kCfIE0SCSBAXxAX5gmuC/EGBoGBQKIgPCgdFAh2YwAbi56JHg2uD4sF1QYmgZFAqKB24oEyQEFwflA1uCMoFNwblg5uCCsHNQcWgUlA5qBLcElQNbg2qBbcF1YPbgxpBzaBWUDu4I6gT3BnUDe4K6gV3B/WDe4IGwb1Bw+C+oFFwf9A4eCBoEjwYNA0eCpoFzYMWQcug1R/av/cnCzzieuneOkn30X3187qf7q8H6Bf0QP2iHqRf0oP1yzpZD9FD9St6mH5VD9ev6RF6pB6lX9ej9Rt6jB6rx+nxOkVP0BP1m3qSfktP1m/rKXqqTtXT9HT9jp6hZ+pZ+l09W7+n5+i5ep6er9P0+3qBXqjT9Qd6kf5QZ+jFeoleqpfp5XqFXqlX6dV6jV6r1+n1eoPeqDfpzXqL3qq36e16h/5I79Qf6116t96jP9F79ad6n/5M79ef6wP6C52pv9QH9Vf6kP5aH9bf6CP6W31UH9PH9Xf6hP5en9Sn9Gl9Rp/VP+hz+kd9XvusyX3W5d0oo0yMiTGxJtbkMrlMbpPb5DF5TMRETJyJM/lMPpPf5DcFTUETb+JNEVPEZCFDpqgpaqImaoqb4qaEKWFKmVLGGWcSTIIpa8qacqacKW/KmwqmgqloKprKprK5xdxibjW3mtvMbeZ2c7upaWqa2qa2qWPqmLqmrqln6pn6pr5pYBqYhqahaWQamcamsWlimpimpqlpZpqZFqaFaWVamdamtWlj2ph2pp1pb9qbDqaDSTSJpqPpaDqZTqaz6Wy6mC6mq+lquplupofpYXqanqaX6WWSTJLpa/qafqafGWAGmIFmoBlkBpnBZrBJNslmqBlqhplhZrgZbkaYkWZU1jXLvGHGmLFmnBlvUkyKmWgmmklmkplsJpspZopJNalmupluZpgZZpaZZWab2WaOmWPmmXkmzaSZBWaBSTfpZpFZZDJMhllilphlZplZYVaYVWaVWWPWmHWwzmwwG8wms8lsMVvMNrPN7DA7zE6z0+wyu8wes8fsNXvNPrPP7Df7zQFzwGSaTHPQHDSHzCFz2Bw2R8wRc9QcNcfNcXPCnDAnzUlz2pw2Z02Bn6+X3sTanDaXvcLmtlfaPDav/eu4oC1k421hW8Rqm98W+FVsrLUlbElbypa2zpaxCfb638QVbSVb2Vaxt9iq9lZb7TdxHXunrWvvsvXs3ba2veNCnDX7tXfb+vYe28A+aBsiAtjmtrFtaZvYB21T+5BtZpvbFralbW8fsx3s4zbRPmE72id/Ey+wC+0qu9qusWvtLrvbnrZn7CH7tT1rf7C9bG870L5oB9mX7GD7sk22Q34Tj7Kv29H2DTvGjrXj7PjfxFPsVJtqp9np9h07w878TZxm37ezbbqdY+faeXb+T3HWmNLtB3aR/dBm2ACW2KV2mV1uV9iVF8fq89r1doPdaHfaj+0Wu9Vus9vtjosTYbvb7rGf2L32U3vQfmX328/tAXvYZtovf4qzju+w/cYesd/ao/aYPW6/syfs9+pidtaxf2d/tOett0BIQJIUBRRDOSiWclIuuoJy05WUh/JShK6iOLqa8tE1lJ8KUEEqRPFUmIqQJkOWiEIqSsUoStfSxeGVotLkqAwl0PVUlm6gcnQjlaebqALdTBWpElWmKnQLVaVbqRrdRtXpdqpBNakW1aY7qA7dSXXpLqpHd1N9uoca0L3UkO6jRnQ/NaYHqAk9SE3pIWpGzakFtaRW9DC1pkeoDbWldvQotafHqAM9Ton0BHWkJ6kT/YU601PUhZ6mrvQMdaPu1IOepZ70HPWi3pREfagvPU/9qD8NoBdoIL1Ig+glGkwvUzINoaH0Cg2jV2k4vUYjaCSNotdpNL1BY2gsjaPxlEITaCK9SZPoLZpMb9MUmkqpNI2m0zs0g2bSLHqXZtN7NIfm0jyaT2n0Pi2ghZROH9Ai+pAyaDEtoaW0jJbTClpJq2g1raG1tI7W0wbaSJtoM22hrbSNttMO+oh20se0i3bTHvqE9tKntI8+o/30OR2gLyiTvqSD9BUdoq/pMH3je9O3dJSO0XH6jk7Q93SSTtFpOkNn6Qc6Rz/SefIEIYYilKEKgzAmzBHGhjnDXOEVYe7wyjBPmDeMhFeFceHVYb7wmjB/WCAsGBYK48PCYZFQhya0IYVhWDQsFkbDa8Pi4XVhibBkWCosHbqwTJgQXh+WDW8Iy4U3huXDm8IK4c1hxbBS+ODdVcJbwqrhrWG18Lawenh7WCOsGdYKa4d3hHXCO8O64V1hvfDusFx4T9ggvDdsGN4XNgrvDxuHD4RNwgfDpuFDYbOwedgibBm2Ch8OW4ePhG3CtmG78NGwffhY2CF8PEwMnwg7hk/+tP6ehX97fVLYJ+wbPh8+H3p/l5wXnR9Ni74fXRBdGE2PfhBdFP0wmhFdHF0SXRpdFl0eXRFdGV0VXR1dE10bXRddH90Q3Rj1vnYOcOiEk065wMW4HC7W5XS53BUut7vS5XF5XcRd5eLc1S6fu8bldwVcQVfIxbvCrojTzjjryIWuqCvmou5aV9xd50q4kq6UK+2cK+MSXEvXyrVyrd0jro1r69q5R92j7jH3mHvcPe6ecB3dk66T+4vr7J5yXdzT7mn3jOvmurse7lnX003Ic+GcTHJ9XV/Xz/VzA9wAN9ANdIPcIDfYDXbJLtkNdUPdMDfMDXfD3Qg3wo1yo9xoN9qNcWPcODfOpbgUN9FNdJPcJDfZTXZT3BSX6lLddDfdzXAzXNWZF/Yyx81x89w8l+bS3AKXNWdMd4vcIpfhMtwSt8Qtc8vcCrfCrXKr3Bq3xq1z69wGt8FtcpvcFrfFbXPb3A63w+10O90un/dCp26v2+f2uf1uvzvgvnCZ7kt30H3lDrmv3WH3jTvivnVH3TF33H3nTrjv3Ul3yp12Z9xZ94M753505513KZEJkYmRNyOTIm9FJkfejkyJTI2kRqZFpkfeicyIzIzMirwbmR15LzInMjcyLzI/khZ5P7IgsjCSHvkgsijyYSQjsjiyJLI0siyyPOJ94S2hL+qL+ai/1hf31/kSvqQv5Ut758v4BH+9L+tv8OX8jb68v8lX8Df7ir6Sr+wf8s18c9/Ct/St/MO+tX/Et/FtfTv/qG/vH/Md/OM+0T/hO/onfSf/F9/ZP+W7+Kd9V/+M7+a7+x7+Wd/TP+d7+d4+yffxff3zvp/v7wf4F/xA/6If5F/yg/3LPtkP8UP9K36Yf9UP96/5EX6kHxXzuh998RYZxvsUP8FP9G/6Sf4tP9m/7af4qT7VT/PT/Tt+hp/pZ/l3/Wz/np/j5/p5fr5P8+/7BX6hT/cf+EX+Q5/hF198qOxX+JV+lV/t1/i1fp1f7zf4jX6T3+y3+K1+m9/ud/iP/E7/sd/ld/s9/hO/13/q9/nP/H7/uT/gv/CZ/kt/0H/lD/mv/WH/jT/iv/VH/TF/3H/nT/jv/Ul/yp/2Z/xZ/4M/53/05/+Jv1nDf3RDxhhjjLH/QRMuNcWv11yYJfX5nRzxi437AsCVWwtl/nJ91oxyXf4L7f4ivn0EAJ7o3fX+i0uNGklJSQD+p0mb90GxuQAXfxKUJQYuxYuhHTwGidAWyv7u+PuL7mfp9/v/SYaEIHoTQK5f5MTCpfhS/58BYNLv9P/wo6MWVAhPx/1/+p8LUKLYpZyccCleDO1+er7SFsr9jfEXaP13xp/z8xSANr/IyQ2X4kvjT4BH4ElI/NWWjDHGGGOMMcbYBf1F5c4X7z8v/sbnX9/fZt2fx6tLOTngUvz37s9/ncUYY4wxxhhjjLHL4anuPR5/ODGxbed/vlHtX8r6hxtN4T/V8y8bC8/8x3fxf6XhPcDFVxQA/JsdAmQ15J95FJv/lH0l/3zq/PWqZWd8AP8dpfwjGpf5GxNjjDHGGGPsD3dp0v/r19XlGhBjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZYN/Rn/TuxyHyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2uf2/AAAA///3YARK")
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x7, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x5, 0x7, 0x5, 0x6, 0x0, 0x7, 0x3c5b, 0x1, 0x20, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x6, 0x7, 0x5, 0x8, 0x4c74, 0x10000, 0x7, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0xffffffff, 0x7, 0x5, 0x3e, 0x18e, 0x6, 0x6, 0x0, 0x8, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432f6, 0xc8, 0xf1, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x1007, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x7, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x381, 0x4, 0xb, 0x4, 0x9, 0x8, 0x40, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x200009, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x3ff, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x200, 0x1fd, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x120000, 0x7ff, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce4, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xfffc, 0xa620, 0x1, 0x5, 0x801, 0x2000002, 0x150, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x9, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x7, 0x4, 0x5, 0x7ff, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c)
close(0xffffffffffffffff)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

4.285045859s ago: executing program 2 (id=534):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000180)='tasks\x00', 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
pread64(r2, &(0x7f0000001840)=""/4096, 0x1000, 0x1)
readv(r1, &(0x7f0000001800)=[{&(0x7f0000000680)=""/42, 0x2a}], 0x1)

4.020448904s ago: executing program 1 (id=535):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
gettid()
timer_create(0x3, 0x0, &(0x7f0000044000))
timer_settime(0x0, 0x1, &(0x7f0000000300)={{}, {0x0, 0xe4c}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3.814693358s ago: executing program 1 (id=536):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @loopback, 0x4e1f, 0x3, 'lblc\x00', 0x11, 0x10000004, 0x8}, 0x2c)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x14, 0x0, 0xfff3)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000080)={{0x84, @private=0xa010101, 0x4e24, 0x3, 'wrr\x00', 0x23, 0x85, 0x15}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x7}}, 0x44)
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

3.699992838s ago: executing program 6 (id=537):
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="666c7573682c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6d697865642c756e695f786c6174653d302c6e6f6e756d7461696c3d302c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e6e742c00a56dc300a96c9b20f3fabdcb10cad696323259cc0500e5f91620d7b9dc000000000057c51b98cfb3b59f8db941abb77112000000b8ff"], 0x8, 0x250, &(0x7f0000000b80)="$eJzs2k9rHHUYB/BnYqUxJd2I/2hB+kMP6mVocvIgkiAtiAFFG6EK0qmZ6JJxN2SWwIrYeNGLB1+CZ/HoTZCKFy+5+Ao8eMslxx7EkXbTNhtWyKJxS/P5XPZhn/0uz/AMw+8wu69888n6Wp2vFb2YyrKYWoztuJXFXEzFXdvx0gtXf332navvvbG0vHzp7ZQuL12ZX0gpnb3w0/ufff/czd6Zd384++Pp2Jn7YHfviz92nt45t/vXlY/bdWrXqdPtpSJd73Z7xfWqTKvtej1P6a2qLOoytTt1uTnUX6u6Gxv9VHRWZ2c2Nsu6TkWnn9bLfup1U2+zn4qPinYn5XmeZmeCf2Plu1tNE3vNo9ciu/vd7O/RiuzxlD2xmD11LXtmOzu31zStyQ7KMbm3/6ZpHvs2zty0/xPlwEN9OqL6amtla2XwOegvrUU7qijjYrTiz7h9m+wb1JdfX750Md0xF19WN/bzN7ZWHhnOz0cr5kbn5wf5NJw/HTMH8wvRiidH5xdG5qfjxecP5PNoxW8fRjeqWI3b2fv5z+dTeu3N5UP583d+BwDwsMnTPSPPb3n+T/1Bfozz4aHz1ak4f2qy105E3f90vaiqclMxTnFh3NT05GeeeHH8N1uTRTwIV3qk4pefX335ARhjv1g8vJ1JP5n4P9xf+lET08c7EAAAAAAAAAAAAEfy371F+PX+Pw61snHeLAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6mvwMAAP//cOvMBw==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000180)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

3.640316408s ago: executing program 1 (id=538):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000003c0)='./file0\x00', 0x80078b, &(0x7f0000000200)={[{@usrjquota}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@noload}, {@errors_remount}, {@min_batch_time={'min_batch_time', 0x3d, 0xb656}}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x46f, &(0x7f0000000bc0)="$eJzs281rHGUYAPBnJh9t7UdirR+tVaNFCIpJk1btwYui4KGioId6jMm2hG4baaLYUmwqUi+CFPQsHgX/Am8iiHoSvOrFkxSK9tLqKTKzM+1mm02N2WRi9veDzb7vzrs7z5P5eud9dwPoWkPZnyRiR0T8EhEDjeriBkONpxvXzk/+de38ZBILC6//keTtrl87P1k2Ld+3vagMpxHph0mxksVmz547OVGv184U9dG5U2+Pzp4999S7pyZO1E7UTo8fOXL40Nizz4w/3ZE8s7yu73t/Zv/el9+8/Mrksctv/fBVFu+OYnlzHp0ylCX+50KuddnjnV5ZxXY2lZPeCgNhRXoiIttcffnxPxA9cWvjDcRLH1QaHLCmsmvTlvaL5xeATSyJqiMAqlFe6LP73/KxTl2PDeHq840boCzvG8WjsaQ30qJNX8v9bScNRcSx+b8/zx6xRuMQAADNPp787Gg54ru4/5fGffnzb/nfXcUcymBE3B0RuyPinojYExH3RuRt74+IB1YZz+39n/TKKj9yWVn/77libmtx/6/s/cVgT1HbmefflxyfrtcOFv+T4ejbktXHllnHNy/+/Em7Zc39v+yRrb/sCxZxXOltGaCbmpibyDulHXD1YsS+3qXyT27OBCQRsTci9q3so3eVheknvtzfrtGd819GB+aZFr7I0pvP8p+PlvxLSfP85PRt85OjW6NeOzha7hW3+/GnS6+1W/+q8u+Aq7XGc9P2b20ymDTP186ufB2Xfv2o7T3Nf9z/0/7kjXyeub947b2JubkzYxH9ydG8vuj18VvvLetl+2z/Hz6w9PG/u3hPlv+DEZHtxA9FxMMR8UgR+6MR8VhEHFgm/+9faL+szD/Sirb/xYipJc9/N/f/lu2/8kLPye++brf+f7f9D+el4eKV/Px3B0uFk50uWgNczf8OAAAA/i/S/DvwSTpys5ymIyON7/DvibvS+szs3JPHZ945PdX4rvxg9KXlSNdAMR5an67XxpL54hMb46PjxVhxOV56qBg3/rRnW14fmZypT1WcO3S77W2O/8zvPVVHB6yxbUu+Ot6/7oEAFWidR08XVy+8Gk4GsFn5vTZ0rzsc/+l6xQGsP9d/6F5LHf8XWurmAmBzcv2H7uX4hy6Vflt1BECFXP+hK63md/1rWNi6McKoprBRN0peiCgL6YaIR2GNClWfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrjnwAAAP//fhbpGw==")
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x11480, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r0, &(0x7f0000002c00)={0x2020}, 0x2020)

3.197286412s ago: executing program 6 (id=539):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x20004, <r3=>r1, 0x2})
r4 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r3})
close_range(r0, 0xffffffffffffffff, 0x0)

3.139771292s ago: executing program 2 (id=540):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r1, 0x5b02, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="42d40d", 0x3}], 0x1)
syz_usb_disconnect(r0)

2.468343405s ago: executing program 1 (id=542):
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x8080, &(0x7f0000000b80)=ANY=[@ANYBLOB="636865636b3d7374726963742c757466383d312c757466383d302c757466383d312c6e66732c6572726f72733d72656d6f756e742d726f2c73686f72746e616d653d77696e6e742c00043518f9aad8a4f2c1cdb3e993cf0444d9d2d40bb509d4da042c2c85e3650de97db42c38cafa7a9d7503c3c985486cf7fc80515e9bef7e9e56fb346de370b3eb3ecbc59d343c36bf04efc3d68033308b0014b0c677ae5ef2932cc05f566112668fa4f6844dcf823618a2993da771384e8fc12467a56b33e3b00030dbfd82ea2f8ddbeb1d04bac86815ebe0b9d084d60edf56b15e74589892dce86962f611a4313120b738dddfd38d20b443570197dc795020ecf541601ef9a5618869febf769dd50261849a47e170ba166b97e76a0261d0dc1fb3e2646595f1c8b49057d94f10f7b5e35ead0a38", @ANYRES8=0x0], 0x3, 0x232, &(0x7f0000000640)="$eJzs2r+LHGUYB/BnzsSLFy574i8SEF+0UJshd7VFDklAXFA0K0RBMvFmddlx99hZDlbEbKWtf4K1WNoJktLmGv8CC7trrkwhjmz21GzYFEHNJfHzaeaBd77M+zLvvDzFHLz29af9bp13i3GsZFmsXIhp3MxiI1biT9N49eUrPz3/7pX339xuty++k9Kl7cubWymlMy/8+MHn3714Y3z6ve/P/LAa+xsfHhxu/br/7P7Zg98vf9KrU69Og+E4FenacDgurlVl2unV/Tylt6uyqMvUG9TlaGG8Ww13dyepGOysr+2OyrpOxWCS+uUkjYdpPJqk4uOiN0h5nqf1teCf6Hx7s2nisDl5NZqmeeKbOH0j1n+JVmRPpuypC9kzV7PnptnZw6ZpHfdU+U94//9vtx3qpyKqr/Y6e535dT6+3Y1eVFHG+WjFbzHbJkfm9aU32hfPp1s24svq+lH++l7nscX8ZrRiY3l+c55Pi/nVWIs4GXGU34pWPL08v7U0fypeeem25+fRip8/imFUsROz7N/5LzZTev2t9h35c7fuAwB41OTpL0v7tzy/2/g8fw/94R391Yk4d+J4105EPfmsX1RVOXpki9kqH4BpKP7NYjXuKZVFTGf74IGY/OMPx6d3rMcS98niOQkAAAAAAAAAAMDD4n79gQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHA3fwQAAP//rHDMJg==")
chdir(&(0x7f0000000140)='./file0\x00')
quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

1.660061871s ago: executing program 1 (id=543):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300)
setsockopt$inet_int(r0, 0x0, 0x12, &(0x7f0000000280)=0x40, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

1.659915061s ago: executing program 6 (id=544):
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setreuid(0x0, 0xee00)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000200)={0x2020}, 0x2020)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f00000000c0)='tmpfs\x00', 0xa145cf, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00')
read$FUSE(r1, &(0x7f00000024c0)={0x2020}, 0x2020)

1.659797341s ago: executing program 7 (id=496):
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter6\x00')
r1 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108)
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000580)=""/118, 0x76}, {&(0x7f0000000d00)=""/93, 0x5d}], 0x2, 0x9, 0x100)

1.42783588s ago: executing program 35 (id=543):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300)
setsockopt$inet_int(r0, 0x0, 0x12, &(0x7f0000000280)=0x40, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

1.405494504s ago: executing program 6 (id=548):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010d804dd0000000000000109022400018000000009040000010300000009210500000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x2, "d2b03a4e"}]}}, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000980)={0x1, 0xef, 0x4, &(0x7f0000000040)={0x19, "78b8142115db2c05f171f5306c7efb569a761ca9f5de0b77a007aae98e00"}})

1.404724744s ago: executing program 7 (id=549):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000100), 0x4, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0xc040)
syz_usb_connect(0x3, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x35, 0x91, 0xa, 0x40, 0x17cc, 0x1940, 0x1e7a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0xec, 0x58, 0x3, "", [{{0x9, 0x4, 0xd, 0x6, 0x0, 0xa2, 0x8e, 0x39, 0x6}}]}}]}}, 0x0)
ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000040)=""/185)

1.058340662s ago: executing program 0 (id=551):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x894a, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000200000000000000000000000850000004100000095000000000000004be98911ed5a3cf4451d51e400827eef4df9eb3fd52b8f0a456c3a6cfd127868ad3fe3f9a9b946c97f9fc091e4c3f4b0a0d7ed298717a480c48868562f04005972b6a5265519fee4cb1b8b93f0b164770fd40c7a8060ce72beff7cda177e28a1a97b2c8c56a3f15b2f7a9b7ae2cf52d08555d3c3315e95095217bff8c9441a45fd00000000000000979ed4e35d21d13d428af521c553b9420385390207dc1634aee0244045e5c380e6090329d37b29a56c16d5c7bee160b91246bd2c205047bd92581165c774b1fd46072c161f1d33e6d5c1a5db7a714e3ed5468408f279bd9f98ec3c5ffd79cd37810f03000000b65d147fa05253a600adfb03775847b220369339529d434f3190c81c3dd501a780cfaaaa916c8a33ee4b52d18e160428893f33d206d3a7195e7f69c831099bdc940000aa2c2e61509bf6c58b100000000000000000000000005e3210346531c1eb14fbec6eb35d6f3e3853512c6bf186bd8b75d17aeeaa07"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x70)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r3, r2, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x61, &(0x7f00000004c0)={@empty, @local, @void, {@ipv4={0x800, @tipc={{0xe, 0x4, 0x2, 0x6, 0x53, 0x68, 0x0, 0x8, 0x6, 0x0, @broadcast, @local, {[@timestamp={0x44, 0x10, 0xef, 0x0, 0x2, [0x2, 0x6, 0x108]}, @ssrr={0x89, 0xb, 0x93, [@remote, @rand_addr=0x64010100]}, @timestamp={0x44, 0x8, 0x36, 0x0, 0xd, [0x7ff]}]}}, @payload_conn={{{0x1b, 0x0, 0x0, 0x1, 0x1, 0x6, 0x1, 0x2, 0x8001, 0x0, 0x3, 0xf, 0x1, 0x0, 0x1, 0x24f5, 0x1, 0x4e21, 0x4e22}}, [0x0, 0x0, 0x0]}}}}}, 0x0)

801.000846ms ago: executing program 0 (id=552):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000702000/0x18000)=nil, &(0x7f0000000c80)=[@text64={0x40, 0x0}], 0x1, 0x6c, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x4b564d02, 0xec000000, 0x9}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

424.117409ms ago: executing program 0 (id=553):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0xd000, 0x4, 0xe, 0xf1, 0x5, 0xfd, 0xd4, 0xd4, 0x0, 0xd7, 0x7, 0x4f}, {0x0, 0x2, 0xd, 0x9, 0x8, 0x3, 0x6, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0x8080000, 0xdddd1000, 0xb, 0x2, 0x2, 0x0, 0x24, 0x1, 0xe4, 0x0, 0xc4, 0x5}, {0xd000, 0x2000, 0x4, 0xf8, 0x3, 0x68, 0x2, 0xd, 0x6, 0x3, 0x8, 0x1}, {0x100000, 0xa000, 0x9, 0x1, 0x8, 0x9, 0x76, 0x6, 0x5, 0x4, 0x2e, 0x4b}, {0x6000, 0x8000000, 0xb, 0x0, 0x3, 0x1, 0x1, 0xc3, 0x4, 0x90, 0x1, 0xfc}, {0x26000, 0x4000, 0xf, 0xff, 0x3, 0xfb, 0x0, 0xb, 0x5, 0x7, 0x80, 0xf8}, {0xf7f63004, 0x1, 0xf, 0x5, 0xfc, 0x3, 0xa, 0x1, 0x54, 0x1, 0xff, 0x5}, {0xeeef0000, 0x5}, {0x80a0000, 0xa}, 0x4001000e, 0x0, 0x5000, 0x300, 0x5, 0x2100, 0xe6e70c00, [0x3, 0x20000401, 0x7, 0xc5]})
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000dc0)={"a98943027b7877a82a95053b7bf1285c7c7c8794c31f6c3c2dafb0073468cbebd8ba9672227f1af767deeff4daa62baa8be3df6c13750af3a58cd0339b9d1e4cf41d0702e2e531e88ae6cac270f3ff0553ffd78cd14cf1c29830b18d83f6a4c5e19da8293aa0648e6dabe030cc07ace78e1c6061b1552cdf438a1fa3e45258f7ca10ea5721aeb3101b38409c9fd938f8485e59b586281c9aeea23df946bf383c2cd8a8bcad563bbff4610e3879846d09ff6f33f59796bb54d42f9f699ee602b8c8f9b09d807083acaa003a6e3fd6037d55edd8d939cac4618f9f2ff0210f7e6e86d215eb39ad672e1aedd21405ae3f27a1e647b7c58758302cae3d54304280c60d229a07f14923b6fb39f92bcaedd8fe75c2615a13aa1a46db7d96747719b20279a50da58d140a23d2cdd8797eedfeb568d962bf9946d3a241b2c266968c102260e7ac25f9230604a9293521bd3dc9ace18b9df9d0192b5a55b3864e013d43361429f1166341b39d82f25667490dad0384ac20ae4871bb8f2ad7052582d0f34aa583827207a07abc789e4595df28114a284cc46afda37092738e35b6d335d822fa9b5b4656be155ce446551ddc1c716e47c5c517a14c85c0f40bc9891b67c9def98a9c2e90937ee96055264a82b37141002be6b7b3d735f5d32f97eface5f30e7da35b05ec54dc7c005e45cd016ca0cecabbf2c3ab89572b9b923c89dab38937f6241e4b4aac1cd3fd0097e579cdba017849d2250a6e8ac7c0de3e1706097af397fa65d5727b15d74b733cfa05147ec778fd89587fb37a8c899cee62d3682422e7fddbf9b8538342ffdc5ac253b74057ac8b1bf3c0d600ff3939cf855abe327235258e187148c256f05bee013f299ac0b39cbeb535d07ee14c33fa8acf14f986be1a1e432e6369236d1accfbcbad7a7e2e84ef96e81194204948d2e033fe790300004ea7502f8cfb793d50a6a9d33a2b19d1272d934881ad8c96d4d91480e2530bf0ef00b805daf26bd53c9591c74e57fa5aeb4d84bd72c17380f90a9cdbaa3c52eb83076567e8512e13cb37c8e5de3b6cd759e22e09eeca1f3d588c8c39a9cda77278a019e6494c8caacbb60d47bc88a72a19b6e10600f1039d6935cc7b8583fa28e753958e1b35c7fa4d7dee0a86cfe16fd49f9f36dca5777a645d0a848304998ee9c206e6e194795bb0f310138fc6092fb4a0801183b0f13d318a05d47e4e7a47920d3ce48cfb393365997233bca735977fa1c28c8e9dd387cf661bf12c1365c0424bc940f450ae25ac7878cec9616021dab8890205abd530806288dcd0db66daaae9b9ef163d497f6a901efcaa5791042a1fc17b8ae1ae008c52e3ed094f550ae78b6e46e504a0e3fd1de7c28466ff2c9f3872739505ca71fabf658412f4db7dccf3eeff79ea60b816d933ad25d388175681abd6fa5bdf64ca9f6ca1ffd8"})

261.072036ms ago: executing program 0 (id=554):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700"], 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, '\x00', r1, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r3, r1, 0x25, 0x0, @val=@netkit={@void, @value=r2}}, 0x1c)
syz_emit_ethernet(0x66, &(0x7f00000058c0)={@link_local, @local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @empty}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11}}}}}}, 0x0)

141.335256ms ago: executing program 0 (id=555):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00'], 0x20}, 0x1, 0x0, 0x0, 0x4000010}, 0x40000)
sendmmsg$inet6(r0, &(0x7f0000000280)=[{{&(0x7f00000003c0)={0xa, 0x4e21, 0x3, @remote, 0x1}, 0x1c, &(0x7f0000000300)=[{&(0x7f00000017c0)="92ac", 0x2}], 0x1}}], 0x1, 0x4004081)
shutdown(r0, 0x1)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000080)=@assoc_value={r2, 0x6}, 0x8)

0s ago: executing program 0 (id=556):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e13d6a206419010015d4010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000280)={0x0, 0x10, 0x6, &(0x7f0000000240)={0x13, "c2ba2cdddf96c2d905bd4296ce341591ddc08dbe750690648bd79a7fbf3d4cefc6"}})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={0x40, 0x17, 0x6, @random}, 0x0, 0x0, 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

on: batadv_slave_0
[   64.009428][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.019792][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.030805][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.040968][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.051912][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.062509][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.073280][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.085439][ T4191] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.101702][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.121484][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.135172][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   64.145266][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   64.154326][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   64.176123][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.185081][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.193865][ T4242] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.206066][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.216918][ T4242] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.225674][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.236774][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.247799][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.258812][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.269894][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.281098][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.292072][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.304058][ T4191] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.322175][ T4191] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.331518][ T4191] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.341456][ T4191] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.350303][ T4191] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.362841][ T4242] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   64.371667][ T4242] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   64.385207][ T4242] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   64.394776][ T4242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   64.541369][ T3065] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.562897][ T4242] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.571716][ T4242] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.585595][ T3065] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.620466][ T4242] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   64.648359][ T4242] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   64.685077][ T3065] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.708447][ T4242] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.716306][ T4242] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.730687][ T3065] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.789507][ T4265] loop1: detected capacity change from 0 to 2048
[   64.804879][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   64.805484][ T4242] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.824972][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   64.830707][ T4242] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.847264][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   64.877896][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.890536][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.903507][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   64.968593][ T4265] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   64.987574][ T4265] ext4 filesystem being mounted at /2/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   65.054220][ T4277] loop2: detected capacity change from 0 to 256
[   65.125928][ T4277] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   65.142441][ T4277] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[   65.186639][ T4277] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5bf, utbl_chksum : 0xe619d30d)
[   65.385217][ T4285] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.438396][ T4285] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.519293][ T4297] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   65.603277][ T4290] netlink: 'syz.0.10': attribute type 16 has an invalid length.
[   65.644357][ T4290] netlink: 'syz.0.10': attribute type 17 has an invalid length.
[   65.697490][ T4229] Bluetooth: hci0: command 0x0419 tx timeout
[   65.777432][ T4229] Bluetooth: hci1: command 0x0419 tx timeout
[   65.857616][ T4229] Bluetooth: hci2: command 0x0419 tx timeout
[   65.864027][ T4229] Bluetooth: hci4: command 0x0419 tx timeout
[   65.888219][ T4290] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   65.906224][ T4229] Bluetooth: hci3: command 0x0419 tx timeout
[   65.945946][ T4290] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   66.003578][ T4290] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   66.272658][ T4292] loop1: detected capacity change from 0 to 32768
[   66.489953][ T4292] XFS (loop1): Mounting V5 Filesystem
[   66.508582][ T1107] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   66.540100][ T4293] loop4: detected capacity change from 0 to 32768
[   66.590196][ T4337] loop3: detected capacity change from 0 to 512
[   66.598538][ T4293] gfs2: Unknown parameter '00000000000000000000003'
[   66.695866][ T4292] XFS (loop1): Ending clean mount
[   66.756615][ T4337] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   66.926919][ T1107] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   66.951261][ T1107] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   66.968706][ T1107] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[   66.987043][ T1107] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.034807][ T1107] usb 3-1: config 0 descriptor??
[   67.081564][ T4337] EXT4-fs (loop3): shut down requested (0)
[   67.097030][ T4342] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[   67.119945][ T4342] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[   67.136997][ T4352] device syzkaller1 entered promiscuous mode
[   67.145958][ T4184] XFS (loop1): Unmounting Filesystem
[   67.561853][ T1107] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0
[   67.590927][ T1107] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0
[   67.614707][ T1107] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0
[   67.642033][ T1107] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0
[   67.650884][ T1107] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0
[   67.694133][ T4364] netlink: 8 bytes leftover after parsing attributes in process `syz.1.28'.
[   67.749991][ T1107] playstation 0003:054C:0DF2.0001: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.2-1/input0
[   67.825239][ T4266] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.929539][ T4366] Zero length message leads to an empty skb
[   68.006914][ T4266] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.123784][ T4266] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.156699][ T1107] playstation 0003:054C:0DF2.0001: Failed to retrieve feature with reportID 32: -71
[   68.181699][ T4361] loop4: detected capacity change from 0 to 32768
[   68.187603][ T1107] playstation 0003:054C:0DF2.0001: Failed to retrieve DualSense firmware info: -71
[   68.212975][ T1107] playstation 0003:054C:0DF2.0001: Failed to get firmware info from DualSense
[   68.228789][ T1107] playstation 0003:054C:0DF2.0001: Failed to create dualsense.
[   68.288445][ T4361] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz.4.32 (4361)
[   68.307430][ T1107] playstation: probe of 0003:054C:0DF2.0001 failed with error -71
[   68.346219][ T4266] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.367543][ T1107] usb 3-1: USB disconnect, device number 2
[   68.474737][ T4361] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm
[   68.495809][ T4361] BTRFS info (device loop4): force zlib compression, level 3
[   68.543404][ T4361] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8)
[   68.560414][ T4361] BTRFS info (device loop4): use lzo compression, level 0
[   68.570492][ T4361] BTRFS info (device loop4): max_inline at 4096
[   68.585189][ T4381] fido_id[4381]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[   68.594092][ T4361] BTRFS info (device loop4): using free space tree
[   68.619089][ T4361] BTRFS info (device loop4): has skinny extents
[   68.798927][ T4377] loop0: detected capacity change from 0 to 40427
[   68.932488][ T4404] 9pnet: p9_errstr2errno: server reported unknown error 00000000000000000000006��
[   68.963980][ T4377] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   69.009170][ T4377] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   69.040272][ T4361] BTRFS info (device loop4): enabling ssd optimizations
[   69.157408][ T4377] F2FS-fs (loop0): invalid crc value
[   69.158377][ T4374] chnl_net:caif_netlink_parms(): no params data found
[   69.217858][ T4377] F2FS-fs (loop0): Found nat_bits in checkpoint
[   69.603598][ T4377] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   69.642325][ T4377] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   69.920955][ T4377] attempt to access beyond end of device
[   69.920955][ T4377] loop0: rw=10241, want=45104, limit=40427
[   70.182265][ T4374] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.186925][ T4229] Bluetooth: hci1: command 0x0409 tx timeout
[   70.205363][ T4374] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.232473][ T3065] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   70.249549][ T4374] device bridge_slave_0 entered promiscuous mode
[   70.268616][ T3065] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   70.294832][ T4374] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.348606][ T4374] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.367390][ T4374] device bridge_slave_1 entered promiscuous mode
[   70.383740][ T4469] loop1: detected capacity change from 0 to 4096
[   70.493180][ T4479] loop4: detected capacity change from 0 to 256
[   70.533069][ T4374] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.539507][ T4479] =======================================================
[   70.539507][ T4479] WARNING: The mand mount option has been deprecated and
[   70.539507][ T4479]          and is ignored by this kernel. Remove the mand
[   70.539507][ T4479]          option from the mount to silence this warning.
[   70.539507][ T4479] =======================================================
[   70.620283][ T4374] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.758475][ T4479] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[   70.788093][ T4374] team0: Port device team_slave_0 added
[   70.829129][ T4374] team0: Port device team_slave_1 added
[   70.920753][ T4374] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.946285][ T4374] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.060168][ T4374] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.143043][ T4374] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.193812][ T4374] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.340042][ T4374] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.379433][ T4184] ntfs3: loop1: ntfs_evict_inode r=5 failed, -22.
[   71.403284][ T4184] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[   71.621264][ T4374] device hsr_slave_0 entered promiscuous mode
[   71.658586][ T4374] device hsr_slave_1 entered promiscuous mode
[   71.680622][ T4374] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   71.693292][ T4374] Cannot create hsr debugfs directory
[   71.736931][ T4226] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   71.861371][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[   71.868647][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[   72.018290][ T4226] usb 5-1: Using ep0 maxpacket: 16
[   72.065989][ T4266] device hsr_slave_0 left promiscuous mode
[   72.086279][ T4266] device hsr_slave_1 left promiscuous mode
[   72.115127][ T4266] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   72.132204][ T4266] batman_adv: batadv0: Removing interface: batadv_slave_0
[   72.152404][ T4266] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   72.169097][ T4226] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   72.180844][ T4266] batman_adv: batadv0: Removing interface: batadv_slave_1
[   72.200501][ T4226] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[   72.248494][ T4266] device bridge_slave_1 left promiscuous mode
[   72.257675][ T4266] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.268362][ T4461] Bluetooth: hci1: command 0x041b tx timeout
[   72.320039][ T4266] device bridge_slave_0 left promiscuous mode
[   72.326377][ T4266] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.364414][ T4525] loop2: detected capacity change from 0 to 7
[   72.404432][ T4302]  loop2:
[   72.408051][ T4302] loop2: partition table partially beyond EOD, truncated
[   72.418120][ T4226] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   72.430737][ T4226] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   72.455295][ T4266] device veth1_macvtap left promiscuous mode
[   72.456959][ T4226] usb 5-1: Product: syz
[   72.487713][ T4226] usb 5-1: Manufacturer: syz
[   72.493727][ T4266] device veth0_macvtap left promiscuous mode
[   72.499036][ T4523] loop1: detected capacity change from 0 to 8192
[   72.506270][ T4226] usb 5-1: SerialNumber: syz
[   72.528658][ T4525]  loop2:
[   72.531820][ T4525] loop2: partition table partially beyond EOD, truncated
[   72.557376][ T4523] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[   72.586627][ T4266] device veth1_vlan left promiscuous mode
[   72.593633][ T4266] device veth0_vlan left promiscuous mode
[   72.613218][ T4523] REISERFS (device loop1): using ordered data mode
[   72.639296][ T4523] reiserfs: using flush barriers
[   72.678165][ T4523] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   72.759881][ T4523] REISERFS (device loop1): checking transaction log (loop1)
[   72.876871][ T4226] usb 5-1: 0:2 : does not exist
[   73.002089][ T4226] usb 5-1: USB disconnect, device number 2
[   73.061087][ T4523] REISERFS (device loop1): Using tea hash to sort names
[   73.091675][ T4302] udevd[4302]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   73.108688][ T4523] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[   73.409529][ T4544] syz.2.67 sent an empty control message without MSG_MORE.
[   73.637584][ T4266] team0 (unregistering): Port device team_slave_1 removed
[   73.707591][ T4266] team0 (unregistering): Port device team_slave_0 removed
[   73.755346][ T4266] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   73.884584][ T4266] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   74.093928][ T4564] overlayfs: failed to decode file handle (len=5, type=248, flags=0, err=-22)
[   74.119697][ T4266] bond0 (unregistering): Released all slaves
[   74.231073][ T4561] netlink: 'syz.4.73': attribute type 10 has an invalid length.
[   74.269096][ T4561] 8021q: adding VLAN 0 to HW filter on device team0
[   74.280904][ T4561] bond0: (slave team0): Enslaving as an active interface with an up link
[   74.294186][ T4565] netlink: 12 bytes leftover after parsing attributes in process `syz.1.75'.
[   74.305488][ T4556] loop0: detected capacity change from 0 to 32768
[   74.336669][ T4259] Bluetooth: hci1: command 0x040f tx timeout
[   74.463034][ T4556] XFS (loop0): Mounting V5 Filesystem
[   74.625320][ T4556] XFS (loop0): Ending clean mount
[   74.702041][ T4556] XFS (loop0): Quotacheck needed: Please wait.
[   74.789862][ T4374] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   74.858302][ T4374] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   74.871737][ T4556] XFS (loop0): Quotacheck: Done.
[   74.958342][ T4374] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   74.993261][ T4374] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   75.300162][ T4606] loop2: detected capacity change from 0 to 4096
[   75.488501][ T4374] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.607025][ T4374] 8021q: adding VLAN 0 to HW filter on device team0
[   75.634975][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   75.688385][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   75.737381][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   75.790416][ T4606] EXT4-fs (loop2): Test dummy encryption mode enabled
[   75.797567][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   75.816507][ T4606] EXT4-fs (loop2): Ignoring removed orlov option
[   75.829278][ T4511] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.837148][ T4511] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.850987][ T4191] XFS (loop0): Unmounting Filesystem
[   75.892557][ T4606] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,debug_want_extra_isize=0x0000000000000010,nodioread_nolock,test_dummy_encryption,lazytime,nodelalloc,minixdf,orlov,,errors=continue. Quota mode: writeback.
[   75.923866][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   75.942459][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   75.952666][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   75.962287][ T4511] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.969536][ T4511] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.980889][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   75.991615][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   76.032704][   T26] audit: type=1800 audit(1776098577.179:2): pid=4606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.84" name="file1" dev="loop2" ino=15 res=0 errno=0
[   76.059359][ T4606] fs-verity: sha256 using implementation "sha256-avx2"
[   76.071530][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   76.109439][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   76.157872][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   76.170834][   T26] audit: type=1800 audit(1776098577.319:3): pid=4628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.84" name="file1" dev="loop2" ino=15 res=0 errno=0
[   76.209338][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   76.231366][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   76.257348][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   76.276890][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   76.315034][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   76.338508][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   76.364641][ T4374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   76.440229][ T4461] Bluetooth: hci1: command 0x0419 tx timeout
[   76.498081][ T4611] loop4: detected capacity change from 0 to 32768
[   76.590881][ T4632] netlink: 28 bytes leftover after parsing attributes in process `syz.2.90'.
[   76.667208][ T4611] JBD2: Ignoring recovery information on journal
[   76.722882][ T4621] loop1: detected capacity change from 0 to 32768
[   76.829878][ T4621] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.88 (4621)
[   76.917091][ T4621] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[   76.954034][ T4611] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[   76.963196][ T4621] BTRFS info (device loop1): setting nodatasum
[   76.999339][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   77.016857][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   77.026826][ T4621] BTRFS info (device loop1): force zlib compression, level 3
[   77.065302][ T4621] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_LZO (0x8)
[   77.101846][ T4374] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.112312][ T4621] BTRFS info (device loop1): use lzo compression, level 0
[   77.136700][ T4621] BTRFS info (device loop1): turning on flush-on-commit
[   77.190141][ T4621] BTRFS info (device loop1): enabling auto defrag
[   77.244017][ T4621] BTRFS info (device loop1): max_inline at 4096
[   77.284535][ T4621] BTRFS info (device loop1): using free space tree
[   77.322863][ T4621] BTRFS info (device loop1): has skinny extents
[   77.662507][ T4621] BTRFS info (device loop1): enabling ssd optimizations
[   77.772094][ T4194] ocfs2: Unmounting device (7,4) on (node local)
[   77.914510][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   77.935372][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   78.040808][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   78.107005][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   78.115492][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   78.211518][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   78.242799][ T4374] device veth0_vlan entered promiscuous mode
[   78.273245][ T4639] loop0: detected capacity change from 0 to 32768
[   78.320450][ T4374] device veth1_vlan entered promiscuous mode
[   78.410626][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   78.447747][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   78.479852][ T4639] XFS (loop0): Mounting V5 Filesystem
[   78.499295][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   78.512333][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   78.523220][ T4374] device veth0_macvtap entered promiscuous mode
[   78.571964][ T4242] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   78.594915][ T4374] device veth1_macvtap entered promiscuous mode
[   78.627391][ T4463] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   78.635044][ T4639] XFS (loop0): Ending clean mount
[   78.656259][ T4639] XFS (loop0): Quotacheck needed: Please wait.
[   78.760914][ T4374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   78.822640][ T4374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.832026][ T4639] XFS (loop0): Quotacheck: Done.
[   78.866594][ T4463] usb 5-1: Using ep0 maxpacket: 32
[   78.871440][ T4374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   78.913983][ T4707] capability: warning: `syz.2.97' uses deprecated v2 capabilities in a way that may be insecure
[   78.920695][ T4374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.962650][   T26] audit: type=1804 audit(1776098580.109:4): pid=4639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.89" name="/newroot/17/file1/bus" dev="loop0" ino=6154 res=1 errno=0
[   78.986967][ T4463] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[   79.003908][ T4463] usb 5-1: config 0 has no interface number 0
[   79.016679][ T4374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   79.033409][ T4463] usb 5-1: config 0 interface 12 has no altsetting 0
[   79.044944][ T4374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.063860][   T26] audit: type=1804 audit(1776098580.209:5): pid=4639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.89" name="/newroot/17/file1/bus" dev="loop0" ino=6154 res=1 errno=0
[   79.106478][ T4374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   79.140640][ T4374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.185255][ T4191] XFS (loop0): Unmounting Filesystem
[   79.192912][ T4374] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.216732][ T4463] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[   79.229383][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   79.250548][ T4463] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.276759][ T4463] usb 5-1: Product: syz
[   79.277506][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   79.296972][ T4463] usb 5-1: Manufacturer: syz
[   79.312030][ T4463] usb 5-1: SerialNumber: syz
[   79.334022][ T4463] usb 5-1: config 0 descriptor??
[   79.334307][ T4374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   79.352928][ T4374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.413331][ T4374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   79.462487][ T4374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.476221][ T4374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   79.498565][ T4374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.521313][ T4374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   79.544437][ T4374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.588199][ T4374] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.614406][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   79.667750][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   79.752853][ T4374] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.762567][ T4374] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.772411][ T4374] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.781316][ T4374] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.014971][ T4735] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3062664160 (49002626560 ns) > initial count (27763811216 ns). Using initial count to start timer.
[   80.078085][ T4511] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.086827][ T4740] input: syz0 as /devices/virtual/input/input5
[   80.143811][ T4511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.183162][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   80.232199][ T4305] udevd[4305]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[   80.268107][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.337107][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.354213][ T4242] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   80.446238][ T4749] loop2: detected capacity change from 0 to 128
[   80.542682][ T4756] loop5: detected capacity change from 0 to 64
[   80.549706][ T4749] FAT-fs (loop2): Unrecognized mount option "syzkaller1" or missing value
[   81.156603][ T4463] f81534 5-1:0.12: f81534_set_register: reg: 1002 data: 2f failed: -71
[   81.196086][ T4463] f81534 5-1:0.12: f81534_find_config_idx: read failed: -71
[   81.232536][ T4463] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -71
[   81.263068][ T4463] f81534: probe of 5-1:0.12 failed with error -71
[   81.351483][ T4463] usb 5-1: USB disconnect, device number 3
[   81.556129][ T4752] loop1: detected capacity change from 0 to 40427
[   81.571002][ T4792] device syz_tun entered promiscuous mode
[   81.604186][ T4792] device syz_tun left promiscuous mode
[   81.651270][ T4797] loop4: detected capacity change from 0 to 128
[   81.719483][ T4752] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x1ffff
[   81.748591][ T4797] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   81.768587][ T4752] F2FS-fs (loop1): invalid crc value
[   81.797691][ T4752] F2FS-fs (loop1): Found nat_bits in checkpoint
[   81.996002][ T4752] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   82.112172][ T1109] cfg80211: failed to load regulatory.db
[   82.184022][ T4812] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   82.245879][ T4789] loop2: detected capacity change from 0 to 32768
[   82.413446][ T4789] (syz.2.111,4789,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   82.433854][ T4184] attempt to access beyond end of device
[   82.433854][ T4184] loop1: rw=2049, want=45112, limit=40427
[   82.472767][ T4789] (syz.2.111,4789,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   82.643553][ T4789] JBD2: Ignoring recovery information on journal
[   82.776938][ T4789] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[   83.352652][ T4192] ocfs2: Unmounting device (7,2) on (node local)
[   83.800854][ T4820] loop5: detected capacity change from 0 to 32768
[   83.879965][ T4854] loop4: detected capacity change from 0 to 128
[   83.915260][ T4839] loop1: detected capacity change from 0 to 32768
[   83.943953][ T4820] XFS (loop5): Mounting V5 Filesystem
[   83.950087][ T4854] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[   84.021830][ T4839] JBD2: Ignoring recovery information on journal
[   84.050826][ T4854] EXT4-fs (loop4): mounted filesystem without journal. Opts: minixdf,,errors=continue. Quota mode: none.
[   84.062619][ T4854] ext2 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   84.109631][ T4854] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.125: Invalid inode bitmap blk 924378591 in block_group 0
[   84.141612][ T4839] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[   84.182378][ T4820] XFS (loop5): Ending clean mount
[   84.211631][ T4820] XFS (loop5): Quotacheck needed: Please wait.
[   84.322078][ T4820] XFS (loop5): Quotacheck: Done.
[   84.427403][ T4839] loop_set_status: loop1 () has still dirty pages (nrpages=7)
[   84.474489][   T26] audit: type=1804 audit(1776098585.619:6): pid=4820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.118" name="/newroot/6/file1/bus" dev="loop5" ino=6154 res=1 errno=0
[   84.487959][ T4876] netlink: 12 bytes leftover after parsing attributes in process `syz.2.129'.
[   84.573714][   T26] audit: type=1804 audit(1776098585.689:7): pid=4820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.118" name="/newroot/6/file1/bus" dev="loop5" ino=6154 res=1 errno=0
[   84.627922][ T4876] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   84.637776][ T4876] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   84.647368][ T4876] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   84.656867][ T4876] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   84.708035][ T4374] XFS (loop5): Unmounting Filesystem
[   84.827314][ T4876] netlink: 12 bytes leftover after parsing attributes in process `syz.2.129'.
[   84.874568][ T4184] ocfs2: Unmounting device (7,1) on (node local)
[   85.254952][ T4893] netlink: 12 bytes leftover after parsing attributes in process `syz.1.132'.
[   85.293175][ T4893] netlink: 12 bytes leftover after parsing attributes in process `syz.1.132'.
[   85.713480][ T4910] netlink: 8 bytes leftover after parsing attributes in process `syz.4.139'.
[   85.850656][ T4916] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   85.860100][ T4916] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   85.869479][ T4916] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   85.878696][ T4916] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   86.007107][ T4916] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[   86.010883][ T4910] syz.4.139 (4910) used greatest stack depth: 20336 bytes left
[   86.016372][ T4916] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[   86.033498][ T4916] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[   86.042612][ T4916] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[   86.210336][ T4926] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   86.219355][ T4926] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   86.228475][ T4926] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   86.237516][ T4926] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   86.301050][ T4922] bond0: (slave bond_slave_0): Slave does not support ipsec offload
[   86.320842][ T4926] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[   86.330403][ T4926] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[   86.339613][ T4926] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[   86.348712][ T4926] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[   86.566586][ T1107] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   86.617625][ T4949] loop0: detected capacity change from 0 to 8192
[   86.664129][ T4949] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   86.681702][ T4949] REISERFS (device loop0): using ordered data mode
[   86.693644][ T4949] reiserfs: using flush barriers
[   86.717117][ T4949] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   86.721808][ T4954] loop5: detected capacity change from 0 to 1024
[   86.747493][ T4949] REISERFS (device loop0): checking transaction log (loop0)
[   86.846519][ T1107] usb 5-1: Using ep0 maxpacket: 8
[   86.877357][ T4954] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   86.996720][ T1107] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   87.006993][ T4949] REISERFS (device loop0): Using tea hash to sort names
[   87.010436][ T1107] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   87.042294][ T1107] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.048771][ T4949] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2)
[   87.078364][ T1107] usb 5-1: config 0 descriptor??
[   87.098986][ T4949] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[   87.108813][   T26] audit: type=1804 audit(1776098588.249:8): pid=4954 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.150" name="/newroot/11/file1/cgroup.controllers" dev="loop5" ino=18 res=1 errno=0
[   87.375884][ T1107] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[   87.516517][ T4461] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   87.775922][ T4969] loop2: detected capacity change from 0 to 8192
[   87.786644][ T4461] usb 2-1: Using ep0 maxpacket: 16
[   87.797451][ T4977] overlayfs: invalid origin (0000)
[   87.870753][ T4969] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[   87.916578][ T4461] usb 2-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   87.916738][ T4969] REISERFS (device loop2): using ordered data mode
[   87.940288][ T4461] usb 2-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 25
[   87.966754][ T4733] usb 5-1: USB disconnect, device number 4
[   87.976198][ T4969] reiserfs: using flush barriers
[   87.995596][ T4969] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   88.005700][ T4461] usb 2-1: config 0 interface 0 has no altsetting 0
[   88.018449][ T4969] REISERFS (device loop2): checking transaction log (loop2)
[   88.036645][ T4969] REISERFS (device loop2): Using r5 hash to sort names
[   88.043971][ T4969] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[   88.053574][ T4461] usb 2-1: New USB device found, idVendor=0f30, idProduct=0111, bcdDevice= 0.00
[   88.096589][ T4461] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.129115][ T4461] usb 2-1: config 0 descriptor??
[   88.614046][ T4461] pantherlord 0003:0F30:0111.0002: unknown main item tag 0x0
[   88.630736][ T4992] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   88.633056][ T4461] pantherlord 0003:0F30:0111.0002: unknown main item tag 0x0
[   88.695954][ T4461] pantherlord 0003:0F30:0111.0002: unknown main item tag 0x0
[   88.712657][ T4461] pantherlord 0003:0F30:0111.0002: unknown main item tag 0x0
[   88.721560][ T4461] pantherlord 0003:0F30:0111.0002: unknown main item tag 0x0
[   88.754179][ T4461] pantherlord 0003:0F30:0111.0002: unknown main item tag 0x0
[   88.781035][ T4461] pantherlord 0003:0F30:0111.0002: unknown main item tag 0x0
[   88.842905][ T4461] pantherlord 0003:0F30:0111.0002: unknown main item tag 0x0
[   88.910589][ T4461] pantherlord 0003:0F30:0111.0002: collection stack underflow
[   88.941635][ T4461] pantherlord 0003:0F30:0111.0002: item 0 2 0 12 parsing failed
[   88.970387][ T4461] pantherlord 0003:0F30:0111.0002: parse failed
[   88.989962][ T4461] pantherlord: probe of 0003:0F30:0111.0002 failed with error -22
[   89.008992][ T4461] usb 2-1: USB disconnect, device number 2
[   89.784140][ T5032] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   89.793047][ T5032] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   89.801882][ T5032] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   89.810674][ T5032] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   89.883140][ T5032] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[   89.892430][ T5032] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[   89.901800][ T5032] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[   89.911513][ T5032] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[   89.988630][ T5033] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   89.997576][ T5033] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   90.006570][ T5033] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   90.015548][ T5033] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   90.070823][ T5041] loop4: detected capacity change from 0 to 512
[   90.097279][ T5041] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   90.121766][ T5041] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   90.158237][ T5013] loop2: detected capacity change from 0 to 32768
[   90.168453][ T5041] EXT4-fs (loop4): 1 truncate cleaned up
[   90.174332][ T5041] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   90.236659][ T5033] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[   90.245879][ T5033] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[   90.255095][ T5033] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[   90.264229][ T5033] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[   90.544457][ T5013] XFS (loop2): Mounting V5 Filesystem
[   90.900043][ T5050] loop1: detected capacity change from 0 to 131072
[   90.982760][ T5013] XFS (loop2): Ending clean mount
[   91.077651][ T5013] XFS (loop2): Quotacheck needed: Please wait.
[   91.094500][ T5050] F2FS-fs (loop1): Found nat_bits in checkpoint
[   91.155753][ T5050] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   91.214231][ T5013] XFS (loop2): Quotacheck: Done.
[   91.612852][ T4192] XFS (loop2): Unmounting Filesystem
[   91.800693][ T5080] loop5: detected capacity change from 0 to 256
[   91.922788][ T5080] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d)
[   92.805455][ T5077] loop0: detected capacity change from 0 to 32768
[   92.925604][ T5077] JBD2: Ignoring recovery information on journal
[   93.114838][ T5077] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   93.206992][ T5091] loop5: detected capacity change from 0 to 131072
[   93.334344][ T5091] F2FS-fs (loop5): Found nat_bits in checkpoint
[   93.406101][ T5091] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[   93.424921][ T5091] F2FS-fs (loop5): inode (7) has corrupted xattr
[   93.434190][ T5091] F2FS-fs (loop5): inode (7) has corrupted xattr
[   93.442231][ T5091] F2FS-fs (loop5): inode (7) has corrupted xattr
[   93.466681][ T5077] loop_set_status: loop0 () has still dirty pages (nrpages=6)
[   93.640119][ T5110] (syz.0.182,5110,0):ocfs2_verify_group_and_input:420 ERROR: add a group which is in the current volume.
[   93.734268][ T5110] (syz.0.182,5110,0):ocfs2_group_add:503 ERROR: status = -22
[   93.906848][ T4191] ocfs2: Unmounting device (7,0) on (node local)
[   94.059585][ T5112] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.160319][ T5112] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.173930][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!!
[   94.299822][ T5113] netlink: 'syz.1.181': attribute type 16 has an invalid length.
[   94.338903][ T5113] netlink: 'syz.1.181': attribute type 17 has an invalid length.
[   94.343246][ T5118] loop4: detected capacity change from 0 to 256
[   94.519134][ T5113] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   94.533590][ T5118] FAT-fs (loop4): Directory bread(block 64) failed
[   94.540493][ T5113] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   94.551785][ T5118] FAT-fs (loop4): Directory bread(block 65) failed
[   94.571972][ T5118] FAT-fs (loop4): Directory bread(block 66) failed
[   94.589564][ T5118] FAT-fs (loop4): Directory bread(block 67) failed
[   94.622067][ T5118] FAT-fs (loop4): Directory bread(block 68) failed
[   94.652548][ T5113] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   94.677097][ T5118] FAT-fs (loop4): Directory bread(block 69) failed
[   94.684267][ T5118] FAT-fs (loop4): Directory bread(block 70) failed
[   94.699937][ T5118] FAT-fs (loop4): Directory bread(block 71) failed
[   94.744702][ T5118] FAT-fs (loop4): Directory bread(block 72) failed
[   94.764965][ T5118] FAT-fs (loop4): Directory bread(block 73) failed
[   94.826674][ T4463] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   95.017151][ T5118] attempt to access beyond end of device
[   95.017151][ T5118] loop4: rw=1, want=1320, limit=256
[   95.038812][ T5118] attempt to access beyond end of device
[   95.038812][ T5118] loop4: rw=1, want=1324, limit=256
[   95.050928][ T5118] Buffer I/O error on dev loop4, logical block 330, lost async page write
[   95.076628][ T4463] usb 1-1: Using ep0 maxpacket: 16
[   95.195417][ T5141] process 'syz.1.199' launched './file1' with NULL argv: empty string added
[   95.204935][ T4463] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7
[   95.216619][ T4463] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 95, changing to 7
[   95.386773][ T4463] usb 1-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40
[   95.399412][ T4463] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.439321][ T4463] usb 1-1: Product: syz
[   95.454063][ T4463] usb 1-1: Manufacturer: syz
[   95.479861][ T4463] usb 1-1: SerialNumber: syz
[   95.578462][ T5150] Illegal XDP return value 4294967274, expect packet loss!
[   95.607460][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!!
[   95.795845][ T5135] loop5: detected capacity change from 0 to 32768
[   95.846967][ T4463] usb 1-1: 1:1 : incorrect wMaxPacketSize for BADD profile
[   95.850465][ T5163] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.865692][ T5163] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.890110][ T4463] usb 1-1: incorrect wMaxPacketSize 0x3ff for BADD profile
[   95.930784][ T5135] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.197 (5135)
[   95.982202][ T4463] snd-usb-audio: probe of 1-1:1.0 failed with error -22
[   95.986607][ T1107] usb 5-1: new low-speed USB device number 5 using dummy_hcd
[   96.024717][ T5164] netlink: 'syz.2.205': attribute type 16 has an invalid length.
[   96.036834][ T5164] netlink: 'syz.2.205': attribute type 17 has an invalid length.
[   96.084291][ T4463] usb 1-1: USB disconnect, device number 2
[   96.137199][ T5135] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[   96.187378][ T5135] BTRFS info (device loop5): setting nodatasum
[   96.193607][ T5135] BTRFS info (device loop5): force zlib compression, level 3
[   96.209860][ T5135] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_LZO (0x8)
[   96.221857][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!!
[   96.246617][ T5135] BTRFS info (device loop5): use lzo compression, level 0
[   96.264430][ T5135] BTRFS info (device loop5): turning on flush-on-commit
[   96.293936][ T5135] BTRFS info (device loop5): enabling auto defrag
[   96.307425][ T5164] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   96.341524][ T5135] BTRFS info (device loop5): max_inline at 4096
[   96.357216][ T5164] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   96.367022][ T5135] BTRFS info (device loop5): using free space tree
[   96.382267][ T4302] udevd[4302]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   96.410160][ T5135] BTRFS info (device loop5): has skinny extents
[   96.427289][ T1107] usb 5-1: config index 0 descriptor too short (expected 6427, got 27)
[   96.448413][ T1107] usb 5-1: config 0 has an invalid interface number: 21 but max is 0
[   96.472579][ T1107] usb 5-1: config 0 has no interface number 0
[   96.501448][ T1107] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt
[   96.591867][ T1107] usb 5-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[   96.611323][ T5183] netlink: 16 bytes leftover after parsing attributes in process `syz.0.208'.
[   96.631940][ T1107] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.653731][ T5164] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   96.690972][ T1107] usb 5-1: config 0 descriptor??
[   96.746864][ T5160] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[   96.886278][ T5135] BTRFS info (device loop5): enabling ssd optimizations
[   97.211171][ T5207] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   97.393984][ T5210] bridge0: port 3(syz_tun) entered blocking state
[   97.428352][ T1107] input: USB Keyspan Remote 06cd:0202 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.21/input/input6
[   97.466210][ T5210] bridge0: port 3(syz_tun) entered disabled state
[   97.531150][ T5210] device syz_tun entered promiscuous mode
[   97.623841][ T5210] bridge0: port 3(syz_tun) entered blocking state
[   97.631352][ T5210] bridge0: port 3(syz_tun) entered forwarding state
[   97.710314][ T4463] usb 5-1: USB disconnect, device number 5
[   98.718723][ T5234] netlink: 'syz.2.217': attribute type 12 has an invalid length.
[   99.186619][ T4460] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   99.396643][ T4463] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   99.466671][ T4460] usb 1-1: Using ep0 maxpacket: 32
[   99.591564][ T5237] loop4: detected capacity change from 0 to 131072
[   99.607088][ T4460] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[   99.618553][ T4460] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.634095][ T5237] F2FS-fs (loop4): Test dummy encryption mode enabled
[   99.642415][ T5237] F2FS-fs (loop4): invalid crc value
[   99.700157][ T5237] F2FS-fs (loop4): Found nat_bits in checkpoint
[   99.710431][ T4460] usb 1-1: config 0 descriptor??
[   99.789656][ T5237] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   99.806882][ T4463] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   99.851807][ T4463] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   99.909206][ T4463] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[   99.956486][ T4463] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.006942][ T4460] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  100.019792][ T4463] usb 2-1: config 0 descriptor??
[  100.064047][ T4460] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  100.112293][ T5237] fscrypt (loop4, inode 10): Missing crypto API support for AES-256-CTS-CBC (API name: "cts(cbc(aes))")
[  100.114874][ T4460] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  100.209478][ T4460] usb 1-1: media controller created
[  100.264828][ T4460] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  100.520547][ T4463] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0
[  100.539547][ T4463] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0
[  100.570248][ T4463] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0
[  100.596490][ T4463] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0
[  100.636575][ T4463] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0
[  100.675963][ T4463] playstation 0003:054C:0DF2.0003: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.1-1/input0
[  101.031850][ T5250] loop1: detected capacity change from 0 to 1024
[  101.346654][ T4460] stb0899_attach: Driver disabled by Kconfig
[  101.361729][ T4460] az6027: no front-end attached
[  101.361729][ T4460] 
[  101.452785][ T4460] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  101.463649][ T4460] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input7
[  101.485015][ T4463] input: HID 054c:0df2 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:054C:0DF2.0003/input/input8
[  101.509770][ T4460] dvb-usb: schedule remote query interval to 400 msecs.
[  101.533404][ T4460] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  101.546494][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #c2!!!
[  101.565255][ T5310] syz.4.229 uses obsolete (PF_INET,SOCK_PACKET)
[  101.587372][ T4463] input: HID 054c:0df2 Motion Sensors as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:054C:0DF2.0003/input/input9
[  101.643713][ T4463] input: HID 054c:0df2 Touchpad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:054C:0DF2.0003/input/input10
[  101.682730][ T4723] usb 1-1: USB disconnect, device number 3
[  101.815700][ T4723] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  101.825782][ T4463] playstation 0003:054C:0DF2.0003: Registered DualSense controller hw_version=0xe8f2453f fw_version=0xa9ff1c9c
[  101.933617][ T4463] usb 2-1: USB disconnect, device number 3
[  102.114695][ T5318] fido_id[5318]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  102.375090][ T3065] hfsplus: b-tree write err: -5, ino 25
[  102.401428][ T3065] hfsplus: b-tree write err: -5, ino 4
[  102.418298][ T3065] hfsplus: b-tree write err: -5, ino 2
[  103.084032][ T5354] netlink: 'syz.2.241': attribute type 1 has an invalid length.
[  103.122621][ T5354] netlink: 'syz.2.241': attribute type 1 has an invalid length.
[  103.183952][ T5354] netlink: 'syz.2.241': attribute type 11 has an invalid length.
[  103.210085][ T5354] netlink: 198172 bytes leftover after parsing attributes in process `syz.2.241'.
[  103.233953][ T5364] af_packet: tpacket_rcv: packet too big, clamped from 4087 to 4294967272. macoff=96
[  103.646602][ T4730] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  103.896655][ T4730] usb 3-1: Using ep0 maxpacket: 16
[  104.016703][ T4730] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  104.049340][ T4730] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  104.116149][ T5369] loop0: detected capacity change from 0 to 131072
[  104.216993][ T5369] F2FS-fs (loop0): Invalid log sectorsize (67108873)
[  104.224111][ T5369] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  104.234743][ T5369] F2FS-fs (loop0): invalid crc value
[  104.236980][ T4730] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  104.291992][ T4730] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.315807][ T5369] F2FS-fs (loop0): Found nat_bits in checkpoint
[  104.353128][ T4730] usb 3-1: Product: syz
[  104.369866][ T5369] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  104.377669][ T5369] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  104.402552][ T4730] usb 3-1: Manufacturer: syz
[  104.449450][ T4730] usb 3-1: SerialNumber: syz
[  104.786991][ T4730] usb 3-1: 0:2 : does not exist
[  104.824307][ T4730] usb 3-1: USB disconnect, device number 3
[  105.059055][ T4302] udevd[4302]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  105.293865][ T5414] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  105.523752][ T5413] loop0: detected capacity change from 0 to 8192
[  105.626693][ T5431] [U] 
[  105.630742][ T5431] [U] 
[  105.633875][ T5431] [U] 
[  105.636779][ T5431] [U] 
[  105.651380][ T5413]  loop0: p1 p2 p3 p4
[  105.661792][ T5413] loop0: partition table partially beyond EOD, truncated
[  105.713633][ T5431] [U] 
[  105.716551][ T5431] [U] 
[  105.719471][ T5431] [U] 
[  105.722561][ T5431] [U] 
[  105.798835][ T5431] [U] 
[  105.801885][ T5431] [U] 
[  105.803503][ T5413] loop0: p1 start 16384 is beyond EOD, 
[  105.804611][ T5431] [U] 
[  105.851348][ T5413] truncated
[  105.858170][ T5424] [U] 
[  105.885596][ T5413] loop0: p2 size 150994944 extends beyond EOD, truncated
[  105.981786][ T5413] loop0: p3 start 67108864 is beyond EOD, truncated
[  106.025044][ T5436] loop5: detected capacity change from 0 to 128
[  106.033898][ T5413] loop0: p4 size 33555584 extends beyond EOD, truncated
[  106.105470][ T5436] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  106.206648][ T5436] hpfs: filesystem error: improperly stopped
[  106.213076][ T5436] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  106.271698][ T5436] hpfs: You really don't want any checks? You are crazy...
[  106.315900][ T5436] hpfs: Code page index out of array
[  106.332142][ T5436] hpfs: code page support is disabled
[  106.346585][ T5436] hpfs: hpfs_map_4sectors(): unaligned read
[  106.354020][ T5436] hpfs: hpfs_map_4sectors(): unaligned read
[  106.364535][ T5436] hpfs: filesystem error: unable to find root dir
[  106.734115][ T5444] fuse: root generation should be zero
[  106.954010][ T4302] udevd[4302]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory
[  106.959955][ T5322] udevd[5322]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[  106.977069][ T5451] device syzkaller1 entered promiscuous mode
[  106.982247][ T5453] loop4: detected capacity change from 0 to 1024
[  107.059059][ T5453] EXT4-fs (loop4): Ignoring removed bh option
[  107.145102][ T5453] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000010,bh,init_itable,. Quota mode: none.
[  107.243708][ T5459] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  107.464122][ T4194] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  108.289105][ T5464] loop5: detected capacity change from 0 to 32768
[  108.396375][ T5464] JBD2: Ignoring recovery information on journal
[  108.543314][ T5447] loop0: detected capacity change from 0 to 65536
[  108.607946][ T5464] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  108.697981][ T5447] XFS (loop0): Mounting V5 Filesystem
[  108.800555][ T1167] tipc: Subscription rejected, illegal request
[  108.888758][ T5489] loop1: detected capacity change from 0 to 32768
[  108.900255][ T5447] XFS (loop0): Ending clean mount
[  108.932065][ T5447] XFS (loop0): Quotacheck needed: Please wait.
[  109.001473][ T4374] ocfs2: Unmounting device (7,5) on (node local)
[  109.114360][ T5447] XFS (loop0): Quotacheck: Done.
[  109.144314][ T5489] XFS (loop1): Mounting V5 Filesystem
[  109.248599][ T5525] loop5: detected capacity change from 0 to 16
[  109.314518][ T5489] XFS (loop1): Ending clean mount
[  109.342891][ T5489] XFS (loop1): Quotacheck needed: Please wait.
[  109.414840][ T5525] erofs: (device loop5): mounted with root inode @ nid 36.
[  109.549101][   T26] audit: type=1800 audit(1776098610.699:9): pid=5525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.287" name="file1" dev="loop5" ino=86 res=0 errno=0
[  109.585429][ T5489] XFS (loop1): Quotacheck: Done.
[  109.737353][ T4723] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  109.798635][ T4191] XFS (loop0): Unmounting Filesystem
[  110.037460][ T4184] XFS (loop1): Unmounting Filesystem
[  110.111975][ T4723] usb 5-1: config 1 has an invalid interface number: 93 but max is 0
[  110.140249][ T4723] usb 5-1: config 1 has no interface number 0
[  110.159537][ T4723] usb 5-1: config 1 interface 93 has no altsetting 0
[  110.166300][ T4723] usb 5-1: New USB device found, idVendor=05e3, idProduct=0502, bcdDevice=6b.02
[  110.176783][ T4723] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.346599][ T4730] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  110.457056][ T4723] usb 5-1: string descriptor 0 read error: -71
[  110.479798][ T4723] gl620a: probe of 5-1:1.93 failed with error -22
[  110.539858][ T4723] usb 5-1: USB disconnect, device number 6
[  110.596589][ T4730] usb 6-1: Using ep0 maxpacket: 8
[  110.722137][ T4730] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  110.734195][ T4730] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  110.751445][ T4730] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  110.763027][ T4730] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  110.779813][ T4730] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  110.789716][ T4730] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.798070][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[  110.807037][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #208!!!
[  111.086725][ T4730] usb 6-1: GET_CAPABILITIES returned 0
[  111.092526][ T4730] usbtmc 6-1:16.0: can't read capabilities
[  111.188187][ T5555] loop4: detected capacity change from 0 to 4096
[  111.272126][ T5555] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512)
[  111.701729][ T5564] udc-core: couldn't find an available UDC or it's busy
[  111.742677][ T5564] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  111.826608][    C0] usbtmc 6-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  111.969958][ T5568] loop4: detected capacity change from 0 to 128
[  112.088250][   T26] audit: type=1800 audit(1776098613.239:10): pid=5568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.301" name="file2" dev="loop4" ino=1048600 res=0 errno=0
[  112.118150][ T5570] netlink: 68 bytes leftover after parsing attributes in process `syz.2.302'.
[  112.571332][   T26] audit: type=1326 audit(1776098613.719:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5590 comm="syz.2.312" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2bc7899819 code=0x0
[  112.705334][ T5582] loop4: detected capacity change from 0 to 32768
[  112.726305][ T5582] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.308 (5582)
[  112.744651][ T5582] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  112.759884][ T5582] BTRFS info (device loop4): max_inline at 9
[  112.768848][ T5582] BTRFS info (device loop4): enabling auto defrag
[  112.775820][ T5582] BTRFS warning (device loop4): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  112.789185][ T5582] BTRFS info (device loop4): trying to use backup root at mount time
[  112.797721][ T5582] BTRFS info (device loop4): using free space tree
[  112.804452][ T5582] BTRFS info (device loop4): has skinny extents
[  112.845192][ T5582] BTRFS info (device loop4): enabling ssd optimizations
[  112.987474][ T4723] usb 6-1: USB disconnect, device number 2
[  113.796775][ T4463] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  114.056677][ T4463] usb 3-1: Using ep0 maxpacket: 8
[  114.372676][ T4463] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  114.406553][ T4460] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  114.414226][ T4463] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.434513][ T4463] usb 3-1: Product: syz
[  114.444692][ T4463] usb 3-1: Manufacturer: syz
[  114.454886][ T4463] usb 3-1: SerialNumber: syz
[  114.482252][ T4463] usb 3-1: config 0 descriptor??
[  114.549256][ T4463] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  114.579005][ T5652] loop0: detected capacity change from 0 to 40427
[  114.592512][ T5660] loop4: detected capacity change from 0 to 4096
[  114.605835][ T5652] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  114.607043][ T5650] loop1: detected capacity change from 0 to 32768
[  114.617019][ T5652] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  114.670194][ T5652] F2FS-fs (loop0): invalid crc_offset: 33558524
[  114.677555][ T4460] usb 6-1: Using ep0 maxpacket: 32
[  114.709955][ T5652] F2FS-fs (loop0): Found nat_bits in checkpoint
[  114.763543][ T5650] XFS (loop1): Mounting V5 Filesystem
[  114.806688][ T4460] usb 6-1: config 0 has no interfaces?
[  114.882531][ T5652] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  114.898668][ T5650] XFS (loop1): Ending clean mount
[  114.902824][ T5652] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  114.947154][ T5650] XFS (loop1): Quotacheck needed: Please wait.
[  114.961965][ T4194] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22.
[  114.984540][ T4194] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  114.996710][ T4460] usb 6-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  115.011460][ T4460] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.020494][ T4460] usb 6-1: Product: syz
[  115.024867][ T4460] usb 6-1: Manufacturer: syz
[  115.035817][ T4460] usb 6-1: SerialNumber: syz
[  115.077645][ T4460] usb 6-1: config 0 descriptor??
[  115.129989][ T5650] XFS (loop1): Quotacheck: Done.
[  115.220828][ T5675] netlink: 4 bytes leftover after parsing attributes in process `syz.4.334'.
[  115.322310][ T1109] usb 6-1: USB disconnect, device number 3
[  115.342439][ T4184] XFS (loop1): Unmounting Filesystem
[  115.666639][ T4463] gspca_sonixj: reg_w1 err -71
[  115.792889][ T4463] sonixj: probe of 3-1:0.0 failed with error -71
[  115.826575][ T4463] usb 3-1: USB disconnect, device number 4
[  116.111967][ T5681] loop4: detected capacity change from 0 to 40427
[  116.131628][ T5681] F2FS-fs (loop4): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  116.140351][ T5681] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  116.154653][ T5681] F2FS-fs (loop4): invalid crc value
[  116.206240][ T5681] F2FS-fs (loop4): Found nat_bits in checkpoint
[  116.274298][ T5695] loop2: detected capacity change from 0 to 16
[  116.309184][ T5695] erofs: (device loop2): mounted with root inode @ nid 36.
[  116.310443][ T5681] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  116.355765][   T26] audit: type=1800 audit(1776098617.499:12): pid=5695 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.339" name="file1" dev="loop2" ino=86 res=0 errno=0
[  116.384132][ T5681] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  116.644696][ T5708] xt_hashlimit: size too large, truncated to 1048576
[  117.363746][ T5725] netlink: 88 bytes leftover after parsing attributes in process `syz.5.351'.
[  117.900946][ T5719] loop0: detected capacity change from 0 to 32768
[  117.995270][ T5719] XFS (loop0): Mounting V5 Filesystem
[  118.100365][ T5719] XFS (loop0): Ending clean mount
[  118.198110][ T5719] XFS (loop0): Quotacheck needed: Please wait.
[  118.317650][ T5719] XFS (loop0): Quotacheck: Done.
[  118.485081][ T4191] XFS (loop0): Unmounting Filesystem
[  118.661916][ T4225] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  119.026711][ T4225] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  119.046491][ T4225] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  119.136725][ T4225] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  119.156495][ T4225] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  119.175380][ T4225] usb 3-1: SerialNumber: syz
[  119.222061][ T1109] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  119.263715][ T5754] loop4: detected capacity change from 0 to 32768
[  119.441176][ T5754] XFS: attr2 mount option is deprecated.
[  119.457863][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!!
[  119.472580][ T4225] usb 3-1: 0:2 : does not exist
[  119.527144][ T4225] usb 3-1: USB disconnect, device number 5
[  119.572479][ T5754] XFS (loop4): Mounting V5 Filesystem
[  119.646745][ T1109] usb 1-1: too many configurations: 9, using maximum allowed: 8
[  119.679365][ T5754] XFS (loop4): Ending clean mount
[  119.692978][ T5754] XFS (loop4): Quotacheck needed: Please wait.
[  119.764528][ T1109] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  119.773818][ T1109] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  119.785136][ T1109] usb 1-1: config 0 interface 0 has no altsetting 0
[  119.789037][ T5322] udevd[5322]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  119.808620][ T5754] XFS (loop4): Quotacheck: Done.
[  119.849589][ T4194] XFS (loop4): Unmounting Filesystem
[  119.894326][ T1109] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  119.923822][ T1109] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  119.953063][ T1109] usb 1-1: config 0 interface 0 has no altsetting 0
[  119.998870][ T5773] overlayfs: metacopy with no lower data found - abort lookup (/file2)
[  120.077861][ T1109] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  120.110564][ T1109] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  120.145918][ T1109] usb 1-1: config 0 interface 0 has no altsetting 0
[  120.166078][ T5777] loop2: detected capacity change from 0 to 1024
[  120.223994][ T5777] EXT4-fs (loop2): Ignoring removed bh option
[  120.252386][ T1109] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  120.271918][ T1109] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  120.294678][ T1109] usb 1-1: config 0 interface 0 has no altsetting 0
[  120.324999][ T5777] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000010,bh,init_itable,. Quota mode: none.
[  120.406650][ T1109] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  120.419253][ T1109] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  120.431060][ T1109] usb 1-1: config 0 interface 0 has no altsetting 0
[  120.546858][ T1109] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  120.575768][ T1109] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  120.634154][ T1109] usb 1-1: config 0 interface 0 has no altsetting 0
[  120.746685][ T1109] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  120.775540][ T1109] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  120.790705][ T1109] usb 1-1: config 0 interface 0 has no altsetting 0
[  120.886761][ T1109] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  120.896949][ T1109] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  120.909416][ T1109] usb 1-1: config 0 interface 0 has no altsetting 0
[  120.937487][ T5789] loop4: detected capacity change from 0 to 32768
[  120.966669][ T5789] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.368 (5789)
[  120.994867][ T5789] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  121.010754][ T5789] BTRFS info (device loop4): setting nodatasum
[  121.018645][ T5789] BTRFS info (device loop4): force zlib compression, level 3
[  121.026330][ T5789] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8)
[  121.043398][ T5789] BTRFS info (device loop4): use lzo compression, level 0
[  121.051105][ T5789] BTRFS info (device loop4): turning on flush-on-commit
[  121.063804][ T5789] BTRFS info (device loop4): enabling auto defrag
[  121.071949][ T5789] BTRFS info (device loop4): max_inline at 4096
[  121.085494][ T5789] BTRFS info (device loop4): using free space tree
[  121.092474][ T5789] BTRFS info (device loop4): has skinny extents
[  121.111337][ T1109] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  121.123521][ T1109] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  121.133328][ T1109] usb 1-1: Product: syz
[  121.139186][ T1109] usb 1-1: Manufacturer: syz
[  121.144383][ T1109] usb 1-1: SerialNumber: syz
[  121.151748][ T1109] usb 1-1: config 0 descriptor??
[  121.202175][ T1109] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0
[  121.307714][ T5789] BTRFS info (device loop4): enabling ssd optimizations
[  121.423328][ T1109] usb 1-1: USB disconnect, device number 4
[  121.449677][ T1109] yurex 1-1:0.0: USB YUREX #0 now disconnected
[  122.153686][ T5847] Bluetooth: hci0: invalid len left 7, exp >= 108
[  122.316544][ T1109] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  122.639662][ T5862] loop2: detected capacity change from 0 to 32768
[  122.739002][ T1109] usb 6-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  122.755588][ T5862] XFS (loop2): Mounting V5 Filesystem
[  122.801233][ T5862] XFS (loop2): Ending clean mount
[  122.818593][ T5862] XFS (loop2): Quotacheck needed: Please wait.
[  122.860410][ T5862] XFS (loop2): Quotacheck: Done.
[  122.879401][   T26] audit: type=1800 audit(1776098624.029:13): pid=5862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.389" name="file1" dev="loop2" ino=4422 res=0 errno=0
[  122.926614][ T1109] usb 6-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  122.942073][ T1109] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.943969][   T26] audit: type=1800 audit(1776098624.049:14): pid=5862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.389" name="file1" dev="loop2" ino=4422 res=0 errno=0
[  122.951706][ T1109] usb 6-1: Product: syz
[  122.975691][ T1109] usb 6-1: Manufacturer: syz
[  122.980453][ T1109] usb 6-1: SerialNumber: syz
[  123.021524][ T4192] XFS (loop2): Unmounting Filesystem
[  123.038603][ T1109] usb 6-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  123.287368][ T4722] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  123.335354][ T5878] loop1: detected capacity change from 0 to 40427
[  123.364305][ T5878] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  123.405403][ T5878] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  123.489926][ T1109] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  123.512006][ T5878] F2FS-fs (loop1): invalid crc_offset: 33558524
[  123.518971][ T1109] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  123.526733][ T4722] usb 1-1: Using ep0 maxpacket: 32
[  123.545798][ T1109] usb 6-1: media controller created
[  123.565060][ T5878] F2FS-fs (loop1): Found nat_bits in checkpoint
[  123.593148][ T1109] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  123.656851][ T4722] usb 1-1: config 0 has an invalid interface number: 188 but max is 0
[  123.676265][ T4722] usb 1-1: config 0 has no interface number 0
[  123.686550][ T4722] usb 1-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  123.717482][ T5878] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  123.724668][ T5878] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  123.842990][ T1109] usb 6-1: USB disconnect, device number 4
[  123.876897][ T4722] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  123.907403][ T4722] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.915710][ T4722] usb 1-1: Product: syz
[  123.929252][ T4722] usb 1-1: Manufacturer: syz
[  123.934076][ T4722] usb 1-1: SerialNumber: syz
[  123.998573][ T4722] usb 1-1: config 0 descriptor??
[  124.018081][ T5879] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  124.068329][ T5885] loop2: detected capacity change from 0 to 32768
[  124.150708][ T5900] loop1: detected capacity change from 0 to 1024
[  124.156548][ T4225] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  124.167312][ T5885] XFS (loop2): Mounting V5 Filesystem
[  124.202308][ T5900] EXT4-fs (loop1): Ignoring removed oldalloc option
[  124.216556][ T5900] EXT4-fs (loop1): Ignoring removed bh option
[  124.222999][ T5900] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  124.253967][ T5885] XFS (loop2): Ending clean mount
[  124.259518][ T5879] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  124.278576][ T5885] XFS (loop2): Quotacheck needed: Please wait.
[  124.303407][ T5900] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,usrquota,data_err=ignore,nobarrier,oldalloc,grpquota,noload,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  124.340478][ T5885] XFS (loop2): Quotacheck: Done.
[  124.396611][ T4225] usb 5-1: Using ep0 maxpacket: 16
[  124.507037][ T5913] netlink: 'syz.5.400': attribute type 1 has an invalid length.
[  124.515020][ T5913] netlink: 'syz.5.400': attribute type 4 has an invalid length.
[  124.526893][ T5913] netlink: 9462 bytes leftover after parsing attributes in process `syz.5.400'.
[  124.566319][ T4192] XFS (loop2): Unmounting Filesystem
[  124.571104][ T5914] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3885: comm syz.1.398: Allocating blocks 497-513 which overlap fs metadata
[  124.676865][ T4225] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  124.699736][ T4225] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.709203][ T4225] usb 5-1: Product: syz
[  124.725962][ T4225] usb 5-1: Manufacturer: syz
[  124.731639][ T4225] usb 5-1: SerialNumber: syz
[  124.797638][ T5898] EXT4-fs (loop1): pa ffff88805fb5f380: logic 16, phys. 321, len 12
[  124.806371][ T5898] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4902: group 0, free 0, pa_free 1
[  124.843538][ T4225] usb 5-1: config 0 descriptor??
[  124.901966][ T4225] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  124.913227][ T5916] loop5: detected capacity change from 0 to 32768
[  124.920836][ T4722] asix 1-1:0.188 (unnamed net_device) (uninitialized): invalid hw address, using random
[  125.060659][ T5920] loop2: detected capacity change from 0 to 1024
[  125.085776][ T5916] XFS (loop5): Mounting V5 Filesystem
[  125.085904][ T5920] EXT4-fs (loop2): Ignoring removed bh option
[  125.100204][ T5920] EXT4-fs (loop2): Ignoring removed oldalloc option
[  125.107437][ T5920] EXT4-fs (loop2): Ignoring removed nobh option
[  125.121470][ T5920] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  125.212587][ T5920] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,nolazytime,barrier=0x0000000000000003,bsddf,bh,oldalloc,data_err=ignore,jqfmt=vfsv1,nobh,jqfmt=vfsv1,nouid32,dioread_nolock,jqfmt=vfsv0,,errors=continue. Quota mode: none.
[  125.215039][ T5916] XFS (loop5): Ending clean mount
[  125.246772][ T5916] XFS (loop5): Quotacheck needed: Please wait.
[  125.346737][ T4722] asix 1-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  125.347353][ T5916] XFS (loop5): Quotacheck: Done.
[  125.371340][ T4722] asix: probe of 1-1:0.188 failed with error -71
[  125.401524][ T4722] usb 1-1: USB disconnect, device number 5
[  125.551702][ T4374] XFS (loop5): Unmounting Filesystem
[  125.645746][ T5940] netlink: 12 bytes leftover after parsing attributes in process `syz.1.408'.
[  125.667148][ T5940] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  125.676332][ T5940] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  125.685995][ T5940] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  125.694808][ T5940] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  125.705844][ T5920] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3885: comm syz.2.401: Allocating blocks 497-513 which overlap fs metadata
[  125.715488][ T5940] netlink: 12 bytes leftover after parsing attributes in process `syz.1.408'.
[  125.754459][ T5920] EXT4-fs (loop2): pa ffff88805fb5f7e0: logic 128, phys. 385, len 8
[  125.763573][ T5920] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4902: group 0, free 0, pa_free 1
[  125.905713][ T5934] EXT4-fs error (device loop2): mb_free_blocks:1874: group 0, inode 15: block 369:freeing already freed block (bit 23); block bitmap corrupt.
[  126.026141][ T5944] overlayfs: metacopy with no lower data found - abort lookup (/file2)
[  126.211297][ T4225] ssu100: probe of 5-1:0.0 failed with error -71
[  126.239090][ T4225] usb 5-1: USB disconnect, device number 7
[  126.375896][ T5957] loop2: detected capacity change from 0 to 256
[  126.454434][ T5957] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  126.456242][ T5959] netlink: 'syz.0.416': attribute type 10 has an invalid length.
[  126.492384][ T5957] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  126.504875][ T5957] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c91aa, utbl_chksum : 0xe619d30d)
[  126.524770][ T5959] 8021q: adding VLAN 0 to HW filter on device team0
[  126.534756][ T5959] bond0: (slave team0): Enslaving as an active interface with an up link
[  127.275094][ T5977] overlayfs: metacopy with no lower data found - abort lookup (/file2)
[  127.317608][ T5966] loop2: detected capacity change from 0 to 32768
[  127.391374][ T5979] netlink: 32 bytes leftover after parsing attributes in process `syz.4.424'.
[  127.508817][ T5975] loop0: detected capacity change from 0 to 40427
[  127.516058][ T5966] XFS (loop2): Mounting V5 Filesystem
[  127.534536][ T5975] F2FS-fs (loop0): Small segment_count (9 < 1 * 24)
[  127.554251][ T5975] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  127.599687][ T5975] F2FS-fs (loop0): Found nat_bits in checkpoint
[  127.625833][ T5966] XFS (loop2): Ending clean mount
[  127.643813][ T5966] XFS (loop2): Quotacheck needed: Please wait.
[  127.738895][ T5975] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  127.763890][ T5975] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  127.838313][ T5999] netlink: 'syz.1.428': attribute type 10 has an invalid length.
[  127.840946][   T26] audit: type=1800 audit(1776098628.989:15): pid=5975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.422" name="file1" dev="loop0" ino=10 res=0 errno=0
[  127.865155][ T5966] XFS (loop2): Quotacheck: Done.
[  127.895614][ T5975] attempt to access beyond end of device
[  127.895614][ T5975] loop0: rw=2049, want=53328, limit=40427
[  127.933347][   T26] audit: type=1800 audit(1776098629.019:16): pid=5975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.422" name="file1" dev="loop0" ino=10 res=0 errno=0
[  127.954891][ T5999] 8021q: adding VLAN 0 to HW filter on device team0
[  128.010396][ T5975] attempt to access beyond end of device
[  128.010396][ T5975] loop0: rw=0, want=53328, limit=40427
[  128.030999][ T5999] bond0: (slave team0): Enslaving as an active interface with an up link
[  128.118585][ T4192] XFS (loop2): Unmounting Filesystem
[  128.709087][ T6016] loop1: detected capacity change from 0 to 4096
[  128.769008][ T6018] loop2: detected capacity change from 0 to 4096
[  128.786473][ T6016] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512)
[  128.987993][ T6025] loop0: detected capacity change from 0 to 2048
[  129.007284][ T6027] ntfs3: loop1: ntfs3_write_inode r=1e failed, -22.
[  129.074541][ T3065] ntfs3: loop1: ntfs3_write_inode r=1e failed, -22.
[  129.135876][ T6025] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  129.165225][ T4184] ntfs3: loop1: ntfs_evict_inode r=1e failed, -22.
[  129.186572][ T4184] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  129.282285][ T6031] loop4: detected capacity change from 0 to 4096
[  129.317286][ T4192] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22.
[  129.323911][ T4192] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  129.876772][ T4463] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  129.941229][ T6061] loop0: detected capacity change from 0 to 128
[  130.008274][ T6061] FAT-fs (loop0): Unrecognized mount option "utf8=dZs���?4b>���1" or missing value
[  130.136710][ T4463] usb 3-1: Using ep0 maxpacket: 16
[  130.189497][ T6068] loop5: detected capacity change from 0 to 128
[  130.254193][ T6068] FAT-fs (loop5): Invalid FSINFO signature: 0x41000006, 0x61417272 (sector = 1)
[  130.286974][ T4463] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  130.509884][ T4463] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  130.521913][ T4463] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.530831][ T4463] usb 3-1: Product: syz
[  130.535023][ T4463] usb 3-1: Manufacturer: syz
[  130.541967][ T4463] usb 3-1: SerialNumber: syz
[  130.553744][ T4463] usb 3-1: config 0 descriptor??
[  130.609214][ T4463] hub 3-1:0.0: bad descriptor, ignoring hub
[  130.615496][ T4463] hub: probe of 3-1:0.0 failed with error -5
[  130.633406][ T4463] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input11
[  130.913445][  T144] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.039906][  T144] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.057076][ T4259] usb 3-1: USB disconnect, device number 6
[  131.143142][  T144] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.256715][  T144] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.443082][ T6090] chnl_net:caif_netlink_parms(): no params data found
[  131.724958][ T6090] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.738454][ T6090] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.755932][ T6090] device bridge_slave_0 entered promiscuous mode
[  131.821699][ T6090] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.871928][ T6118] loop2: detected capacity change from 0 to 4096
[  131.883637][ T6090] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.892194][ T6090] device bridge_slave_1 entered promiscuous mode
[  132.041953][ T6130] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3062664160 (49002626560 ns) > initial count (27763811216 ns). Using initial count to start timer.
[  132.067977][ T6090] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  132.095245][ T6090] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  132.232418][ T6128] APIC base relocation is unsupported by KVM
[  132.246838][ T6090] team0: Port device team_slave_0 added
[  132.339742][ T6090] team0: Port device team_slave_1 added
[  132.456150][ T6090] batman_adv: batadv0: Adding interface: batadv_slave_0
[  132.494986][ T6090] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.530712][ T6090] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  132.591747][ T6090] batman_adv: batadv0: Adding interface: batadv_slave_1
[  132.599496][ T6090] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.628740][ T6090] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  132.752457][ T6090] device hsr_slave_0 entered promiscuous mode
[  132.763417][ T6090] device hsr_slave_1 entered promiscuous mode
[  132.798759][ T6157] loop4: detected capacity change from 0 to 128
[  132.885689][ T6157] FAT-fs (loop4): Invalid FSINFO signature: 0x41000006, 0x61417272 (sector = 1)
[  132.898101][ T4722] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  132.909853][  T144] device hsr_slave_0 left promiscuous mode
[  132.926712][  T144] device hsr_slave_1 left promiscuous mode
[  132.933546][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  132.942178][  T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  132.960178][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  132.977212][  T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  133.001530][  T144] device bridge_slave_1 left promiscuous mode
[  133.018725][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.036601][  T144] device bridge_slave_0 left promiscuous mode
[  133.043321][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.072823][  T144] device veth1_macvtap left promiscuous mode
[  133.081720][  T144] device veth0_macvtap left promiscuous mode
[  133.088768][  T144] device veth1_vlan left promiscuous mode
[  133.095010][  T144] device veth0_vlan left promiscuous mode
[  133.249422][ T6171] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  133.268667][ T4722] usb 2-1: New USB device found, idVendor=046d, idProduct=08b3, bcdDevice=ca.8e
[  133.286513][ T4722] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.309004][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  133.315674][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  133.316513][ T1109] Bluetooth: hci1: command 0x0409 tx timeout
[  133.369001][ T4722] pwc: Logitech QuickCam Zoom USB webcam detected.
[  133.548756][ T6176] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3062664160 (49002626560 ns) > initial count (27763811216 ns). Using initial count to start timer.
[  133.599160][ T4722] pwc: Failed to set LED on/off time (-71)
[  133.626984][ T4722] pwc: send_video_command error -71
[  133.632719][ T4722] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  133.645362][ T4722] Philips webcam: probe of 2-1:127.0 failed with error -71
[  133.670315][ T4722] usb 2-1: USB disconnect, device number 4
[  133.764346][ T6185] loop0: detected capacity change from 0 to 1024
[  133.775552][ T6183] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  133.804986][ T6185] EXT4-fs (loop0): Ignoring removed oldalloc option
[  133.827078][ T6185] EXT4-fs (loop0): Ignoring removed bh option
[  133.836873][ T6185] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  133.894233][  T144] team0 (unregistering): Port device team_slave_1 removed
[  133.926638][  T144] team0 (unregistering): Port device team_slave_0 removed
[  133.928231][ T6185] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,usrquota,data_err=ignore,nobarrier,oldalloc,grpquota,noload,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  134.000572][  T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  134.064707][  T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  134.172670][ T6185] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3885: comm syz.0.487: Allocating blocks 497-513 which overlap fs metadata
[  134.215007][ T6184] EXT4-fs (loop0): pa ffff888073f38a80: logic 16, phys. 321, len 12
[  134.223167][ T6184] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4902: group 0, free 0, pa_free 1
[  134.375163][ T6204] loop2: detected capacity change from 0 to 128
[  134.412015][ T6204] FAT-fs (loop2): Unrecognized mount option "U�g�>��b�e⼿���g��-�" or missing value
[  134.448220][  T144] bond0 (unregistering): Released all slaves
[  134.940777][ T6202] loop1: detected capacity change from 0 to 32768
[  134.967311][ T6090] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  135.028941][ T6090] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  135.088089][ T6090] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  135.151952][ T6090] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  135.153543][ T6202] XFS (loop1): Mounting V5 Filesystem
[  135.165325][ T6222] loop2: detected capacity change from 0 to 512
[  135.344667][ T6222] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  135.377981][ T4461] Bluetooth: hci1: command 0x041b tx timeout
[  135.387044][ T6222] ext4 filesystem being mounted at /106/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  135.401598][ T6202] XFS (loop1): Ending clean mount
[  135.447241][   T26] audit: type=1800 audit(1776098636.599:17): pid=6202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.492" name="file1" dev="loop1" ino=6150 res=0 errno=0
[  135.585767][   T26] audit: type=1800 audit(1776098636.629:18): pid=6202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.492" name="file1" dev="loop1" ino=6150 res=0 errno=0
[  135.686656][ T6090] 8021q: adding VLAN 0 to HW filter on device bond0
[  135.765058][ T4184] XFS (loop1): Unmounting Filesystem
[  135.783761][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  135.816083][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  135.833772][ T6090] 8021q: adding VLAN 0 to HW filter on device team0
[  135.857744][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  135.872521][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  135.899736][ T4511] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.907455][ T4511] bridge0: port 1(bridge_slave_0) entered forwarding state
[  135.952099][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  135.985456][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  135.998334][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  136.055591][ T4511] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.062978][ T4511] bridge0: port 2(bridge_slave_1) entered forwarding state
[  136.100174][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  136.149008][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  136.177583][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  136.245659][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  136.269374][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  136.287448][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  136.296892][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  136.320030][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  136.337523][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  136.384189][ T1167] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  136.397754][ T1167] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  136.452294][ T6090] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  136.619422][ T6243] loop0: detected capacity change from 0 to 32768
[  136.709080][ T6243] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.501 (6243)
[  136.738518][ T6243] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  136.748333][ T6243] BTRFS info (device loop0): force clearing of disk cache
[  136.755862][ T6243] BTRFS info (device loop0): metadata ratio 0
[  136.762898][ T6243] BTRFS info (device loop0): enabling ssd optimizations
[  136.770399][ T6243] BTRFS info (device loop0): using spread ssd allocation scheme
[  136.779370][ T6243] BTRFS info (device loop0): using free space tree
[  136.786253][ T6243] BTRFS info (device loop0): has skinny extents
[  136.861506][ T6245] chnl_net:caif_netlink_parms(): no params data found
[  137.096266][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  137.113572][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  137.158067][ T6243] BTRFS info (device loop0): clearing free space tree
[  137.165469][ T6243] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  137.194076][ T6245] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.247089][ T6245] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.255504][ T6245] device bridge_slave_0 entered promiscuous mode
[  137.263353][ T6243] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  137.348669][ T6090] 8021q: adding VLAN 0 to HW filter on device batadv0
[  137.357501][ T6245] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.396511][ T6245] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.404669][ T6245] device bridge_slave_1 entered promiscuous mode
[  137.425326][ T6243] BTRFS info (device loop0): creating free space tree
[  137.469472][ T6243] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  137.480722][ T1109] Bluetooth: hci1: command 0x040f tx timeout
[  137.496615][ T6243] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  137.526491][ T6245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  137.539317][ T6294] loop2: detected capacity change from 0 to 4096
[  137.587244][ T6245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  137.593940][ T6251] loop1: detected capacity change from 0 to 32768
[  137.610144][ T6294] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512)
[  137.745895][ T6245] team0: Port device team_slave_0 added
[  137.802952][ T6308] ntfs3: loop2: ntfs3_write_inode r=1e failed, -22.
[  137.864943][ T6245] team0: Port device team_slave_1 added
[  137.937216][ T6251] XFS (loop1): Mounting V5 Filesystem
[  138.035357][ T6245] batman_adv: batadv0: Adding interface: batadv_slave_0
[  138.077090][ T4242] ntfs3: loop2: ntfs3_write_inode r=1e failed, -22.
[  138.096595][ T4460] Bluetooth: hci4: command 0x0409 tx timeout
[  138.114700][ T4192] ntfs3: loop2: ntfs_evict_inode r=1e failed, -22.
[  138.123574][ T6251] XFS (loop1): Ending clean mount
[  138.150893][ T4192] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  138.196536][ T6245] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.363663][ T6245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  138.571961][ T6251] XFS (loop1): Quotacheck needed: Please wait.
[  138.628447][ T6245] batman_adv: batadv0: Adding interface: batadv_slave_1
[  138.644216][ T6245] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.695214][ T6251] XFS (loop1): Quotacheck: Done.
[  138.793922][ T6245] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  138.830934][ T4184] XFS (loop1): Unmounting Filesystem
[  138.852931][ T6324] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  138.877939][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  138.897956][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  138.985798][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  139.054504][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  139.120716][ T6245] device hsr_slave_0 entered promiscuous mode
[  139.165355][ T6245] device hsr_slave_1 entered promiscuous mode
[  139.203316][ T6245] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  139.236509][ T6245] Cannot create hsr debugfs directory
[  139.247005][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  139.264162][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  139.279919][ T6090] device veth0_vlan entered promiscuous mode
[  139.323855][ T6090] device veth1_vlan entered promiscuous mode
[  139.477112][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  139.517197][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  139.544980][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  139.553589][ T4461] Bluetooth: hci1: command 0x0419 tx timeout
[  139.586875][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  139.632006][ T6090] device veth0_macvtap entered promiscuous mode
[  139.677320][ T6090] device veth1_macvtap entered promiscuous mode
[  139.755066][ T6090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  139.768192][ T6090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  139.780849][ T6090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  139.791601][ T6090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  139.801777][ T6090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  139.812792][ T6090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  139.823231][ T6090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  139.838304][ T6090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  139.895641][ T6090] batman_adv: batadv0: Interface activated: batadv_slave_0
[  139.940467][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  139.967914][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  140.000033][ T6333] loop2: detected capacity change from 0 to 32768
[  140.003889][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  140.043123][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  140.051516][ T6351] loop0: detected capacity change from 0 to 4096
[  140.086879][ T6090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  140.089871][ T6333] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.512 (6333)
[  140.118039][ T6090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.180982][ T6090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  140.186600][ T1109] Bluetooth: hci4: command 0x041b tx timeout
[  140.239506][ T6090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.250386][ T6333] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  140.278798][ T6090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  140.302953][ T6333] BTRFS info (device loop2): setting nodatasum
[  140.318373][ T6090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.319614][ T6333] BTRFS info (device loop2): force zlib compression, level 3
[  140.346572][ T6333] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8)
[  140.356258][ T6333] BTRFS info (device loop2): use lzo compression, level 0
[  140.375422][ T6090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  140.386413][ T6090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.406491][ T6333] BTRFS info (device loop2): turning on flush-on-commit
[  140.413621][ T6333] BTRFS info (device loop2): enabling auto defrag
[  140.418806][ T6090] batman_adv: batadv0: Interface activated: batadv_slave_1
[  140.479140][ T6333] BTRFS info (device loop2): max_inline at 4096
[  140.486644][ T6333] BTRFS info (device loop2): using free space tree
[  140.493833][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  140.516607][ T6333] BTRFS info (device loop2): has skinny extents
[  140.539055][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  140.587637][ T6090] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  140.598054][ T6090] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  140.624616][ T6090] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  140.652711][ T6090] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  140.683780][ T6353] loop1: detected capacity change from 0 to 32768
[  140.790283][ T6353] JBD2: Ignoring recovery information on journal
[  141.001104][ T6333] BTRFS info (device loop2): enabling ssd optimizations
[  141.010053][ T6353] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  141.024567][ T6385] loop0: detected capacity change from 0 to 32768
[  141.079720][ T6385] XFS (loop0): Mounting V5 Filesystem
[  141.125937][ T6318] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.144437][ T6318] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.155853][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  141.238137][ T6385] XFS (loop0): Ending clean mount
[  141.241569][ T6245] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  141.261374][ T6385] XFS (loop0): Quotacheck needed: Please wait.
[  141.291354][ T6245] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  141.299227][ T6353] loop_set_status: loop1 () has still dirty pages (nrpages=5)
[  141.317335][ T6401] (syz.1.516,6401,0):ocfs2_verify_group_and_input:420 ERROR: add a group which is in the current volume.
[  141.337890][ T6401] (syz.1.516,6401,0):ocfs2_group_add:503 ERROR: status = -22
[  141.406682][ T6245] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  141.452199][ T6245] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  141.459409][ T6385] XFS (loop0): Quotacheck: Done.
[  141.490051][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.533649][ T4184] ocfs2: Unmounting device (7,1) on (node local)
[  141.583697][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.634955][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  141.858639][ T6245] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.911027][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  141.977315][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  142.026063][ T6245] 8021q: adding VLAN 0 to HW filter on device team0
[  142.068327][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  142.104527][ T4191] XFS (loop0): Unmounting Filesystem
[  142.112695][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  142.131878][ T6318] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.139332][ T6318] bridge0: port 1(bridge_slave_0) entered forwarding state
[  142.182144][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  142.197121][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  142.214295][ T6318] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.221840][ T6318] bridge0: port 2(bridge_slave_1) entered forwarding state
[  142.263212][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  142.271353][ T4454] Bluetooth: hci4: command 0x040f tx timeout
[  142.384184][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  142.411086][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  142.483170][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  142.539288][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  142.608194][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  142.621656][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  142.649107][ T6245] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  142.686931][ T6245] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  142.777211][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  142.787944][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  142.850631][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  142.868485][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  142.885453][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  142.914310][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  143.312958][ T4242] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  143.335623][ T4242] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  143.376252][ T6245] 8021q: adding VLAN 0 to HW filter on device batadv0
[  143.377495][ T6421] loop2: detected capacity change from 0 to 40427
[  143.474885][ T6421] F2FS-fs (loop2): Small segment_count (9 < 1 * 24)
[  143.484109][ T6421] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  143.573193][ T6421] F2FS-fs (loop2): Found nat_bits in checkpoint
[  143.700743][ T6463] loop0: detected capacity change from 0 to 128
[  143.787926][ T6421] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  143.816245][ T6421] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  144.033989][   T26] audit: type=1800 audit(1776098645.179:19): pid=6421 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.520" name="file1" dev="loop2" ino=10 res=0 errno=0
[  144.058379][ T6421] attempt to access beyond end of device
[  144.058379][ T6421] loop2: rw=2049, want=53328, limit=40427
[  144.107539][ T6421] attempt to access beyond end of device
[  144.107539][ T6421] loop2: rw=0, want=53328, limit=40427
[  144.129707][   T26] audit: type=1800 audit(1776098645.179:20): pid=6421 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.520" name="file1" dev="loop2" ino=10 res=0 errno=0
[  144.205598][ T4242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  144.237679][ T4242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  144.337079][ T4259] Bluetooth: hci4: command 0x0419 tx timeout
[  144.368935][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  144.422547][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  144.477361][ T6245] device veth0_vlan entered promiscuous mode
[  144.508906][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  144.530854][ T6481] loop6: detected capacity change from 0 to 256
[  144.533153][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  144.549648][ T6245] device veth1_vlan entered promiscuous mode
[  144.590178][ T6481] exfat: Deprecated parameter 'utf8'
[  144.595724][ T6481] exfat: Deprecated parameter 'namecase'
[  144.728296][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  144.743581][ T6481] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x36a12e94, utbl_chksum : 0xe619d30d)
[  144.762831][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  144.812369][ T6245] device veth0_macvtap entered promiscuous mode
[  144.840240][ T6245] device veth1_macvtap entered promiscuous mode
[  144.960888][ T6245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  144.969561][ T6490] loop6: detected capacity change from 0 to 128
[  145.016646][ T6245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.067060][ T6492] loop1: detected capacity change from 0 to 512
[  145.075470][ T6245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  145.106443][ T6245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.147785][ T6245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  145.219610][ T6245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.240385][ T6463] loop0: detected capacity change from 0 to 40427
[  145.252355][ T6245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  145.286443][ T6245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.306460][ T6245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  145.330701][ T6245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.357413][ T6245] batman_adv: batadv0: Interface activated: batadv_slave_0
[  145.378902][ T6492] EXT4-fs (loop1): orphan cleanup on readonly fs
[  145.458708][ T6492] EXT4-fs warning (device loop1): ext4_xattr_inode_get:492: inode #11: comm syz.1.538: ea_inode file size=4 entry size=6
[  145.492063][ T6463] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x1ffff
[  145.497139][ T6492] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  145.533535][ T6245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  145.548486][ T6245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.549301][ T6463] F2FS-fs (loop0): invalid crc value
[  145.565794][ T6245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  145.608441][ T6492] EXT4-fs error (device loop1): ext4_do_update_inode:5222: inode #15: comm syz.1.538: corrupted inode contents
[  145.625806][ T6245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.659333][ T6245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  145.663987][ T6492] EXT4-fs (loop1): Remounting filesystem read-only
[  145.671378][ T6245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.690001][ T6463] F2FS-fs (loop0): Found nat_bits in checkpoint
[  145.714876][ T6492] EXT4-fs error (device loop1): ext4_dirty_inode:6058: inode #15: comm syz.1.538: mark_inode_dirty error
[  145.748796][ T6492] EXT4-fs (loop1): Remounting filesystem read-only
[  145.753382][ T6245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  145.755915][ T6492] EXT4-fs error (device loop1): ext4_do_update_inode:5222: inode #15: comm syz.1.538: corrupted inode contents
[  145.772780][ T6245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.779359][ T4454] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  145.836127][ T6492] EXT4-fs (loop1): Remounting filesystem read-only
[  145.844035][ T6492] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2952: inode #15: comm syz.1.538: mark_inode_dirty error
[  145.851482][ T6245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  145.869421][ T6492] EXT4-fs (loop1): Remounting filesystem read-only
[  145.876099][ T6492] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2955: inode #15: comm syz.1.538: mark inode dirty (error -117)
[  145.892822][ T6463] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  145.893198][ T6492] EXT4-fs (loop1): Remounting filesystem read-only
[  145.906589][ T6245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.914146][ T6492] EXT4-fs warning (device loop1): ext4_evict_inode:302: xattr delete (err -117)
[  145.945510][ T6245] batman_adv: batadv0: Interface activated: batadv_slave_1
[  145.988960][ T6492] EXT4-fs (loop1): 1 orphan inode deleted
[  145.994909][ T6492] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrjquota=,auto_da_alloc=0x0000000000000004,debug_want_extra_isize=0x000000000000005c,noload,errors=remount-ro,min_batch_time=0x000000000000b656,init_itable=0x0000000000008d55,. Quota mode: none.
[  145.996667][ T6463] attempt to access beyond end of device
[  145.996667][ T6463] loop0: rw=2049, want=45112, limit=40427
[  146.020326][    C1] vkms_vblank_simulate: vblank timer overrun
[  146.048724][ T6245] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  146.060062][ T6245] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  146.070372][ T6245] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  146.080082][ T6245] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  146.089282][ T4454] usb 3-1: Using ep0 maxpacket: 8
[  146.101882][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  146.142937][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  146.159964][ T4191] attempt to access beyond end of device
[  146.159964][ T4191] loop0: rw=2049, want=45120, limit=40427
[  146.160114][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  146.174872][ T4184] EXT4-fs error (device loop1): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  146.191148][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  146.201069][    C1] vkms_vblank_simulate: vblank timer overrun
[  146.224982][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  146.227381][ T4184] EXT4-fs error (device loop1): ext4_lookup:1858: inode #11: comm syz-executor: unexpected EA_INODE flag
[  146.234361][ T6318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  146.266738][ T4454] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  146.275340][ T4454] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  146.301184][ T4184] EXT4-fs error (device loop1): ext4_lookup:1858: inode #11: comm syz-executor: unexpected EA_INODE flag
[  146.339766][ T4454] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  146.350622][ T4454] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  146.361425][ T4454] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  146.375190][ T4454] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  146.385391][ T4454] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.564348][ T4242] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  146.599762][ T4242] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  146.608747][ T1167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  146.616108][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  146.647259][ T1167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  146.664155][ T1167] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  146.706627][ T4454] usb 3-1: usb_control_msg returned -32
[  146.714475][ T4454] usbtmc 3-1:16.0: can't read capabilities
[  146.814305][ T4266] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  146.876997][ T4266] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.964160][ T4266] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  147.035379][ T4266] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.175802][ T4266] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  147.220582][ T4266] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.347465][ T4266] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  147.375323][ T4266] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.507021][ T4461] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  147.577546][ T6417] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  147.788184][ T4722] usb 3-1: USB disconnect, device number 7
[  147.797460][ T6505] usbtmc 3-1:16.0: usb_control_msg returned -71
[  147.823244][ T6543] chnl_net:caif_netlink_parms(): no params data found
[  147.866656][ T6417] usb 7-1: Using ep0 maxpacket: 16
[  147.908339][ T4461] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  147.920988][ T4461] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  147.932127][ T4461] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  147.943592][ T4461] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.958659][ T4461] usb 8-1: config 0 descriptor??
[  147.996732][ T6417] usb 7-1: config 128 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  147.995723][ T6543] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.010687][ T6417] usb 7-1: config 128 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  148.025664][ T6417] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  148.035503][ T6543] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.043229][ T6417] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.072181][ T6543] device bridge_slave_0 entered promiscuous mode
[  148.127389][ T6543] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.146950][ T6543] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.155325][ T6543] device bridge_slave_1 entered promiscuous mode
[  148.242383][ T6543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  148.258145][ T6567] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3101303136 (3101303136 ns) > initial count (1262665829 ns). Using initial count to start timer.
[  148.287802][ T6543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  148.383294][ T6543] team0: Port device team_slave_0 added
[  148.398677][ T6543] team0: Port device team_slave_1 added
[  148.448268][ T4461] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0
[  148.467026][ T6543] batman_adv: batadv0: Adding interface: batadv_slave_0
[  148.474663][ T6543] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.502751][ T4461] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0
[  148.529712][ T6417] mcp2221 0003:04D8:00DD.0005: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0
[  148.550576][ T4461] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:0D8C:0022.0004/input/input12
[  148.628136][ T4461] cm6533_jd 0003:0D8C:0022.0004: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.7-1/input0
[  148.630739][ T6543] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  148.660874][ T6535] udc-core: couldn't find an available UDC or it's busy
[  148.689706][ T6535] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  148.728053][ T6534] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[  148.740385][ T6534] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  148.749078][ T6534] CPU: 1 PID: 6534 Comm: syz.6.548 Not tainted syzkaller #0
[  148.756412][ T6534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  148.766836][ T6534] RIP: 0010:mcp_smbus_xfer+0x59/0x1070
[  148.772397][ T6534] Code: c3 a8 01 00 00 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 16 a0 55 fa 48 8b 1b 48 89 d8 48 c1 e8 03 48 89 44 24 08 <42> 80 3c 38 00 74 08 48 89 df e8 f8 9f 55 fa 4c 8b 3b 4d 8d a7 70
[  148.792507][ T6534] RSP: 0018:ffffc9000318f9a0 EFLAGS: 00010246
[  148.798757][ T6534] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000080000
[  148.807038][ T6534] RDX: ffffc9001479b000 RSI: 00000000000003f9 RDI: 00000000000003fa
[  148.815027][ T6534] RBP: 00000000000000ef R08: 00000000000000ef R09: 0000000000000004
[  148.823376][ T6534] R10: dffffc0000000000 R11: fffffbfff1b13c6e R12: dffffc0000000000
[  148.831735][ T6534] R13: 0000000000000001 R14: 0000000000000004 R15: dffffc0000000000
[  148.839710][ T6534] FS:  00007f5969b9d6c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
[  148.849229][ T6534] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  148.855917][ T6534] CR2: 0000001b31b1dff8 CR3: 000000001f91a000 CR4: 00000000003506e0
[  148.864173][ T6534] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  148.872630][ T6534] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  148.880921][ T6534] Call Trace:
[  148.884195][ T6534]  <TASK>
[  148.887120][ T6534]  __i2c_smbus_xfer+0x7b4/0x1dc0
[  148.892175][ T6534]  ? mcp_i2c_xfer+0x420/0x420
[  148.897200][ T6534]  ? i2c_smbus_write_i2c_block_data+0x1d0/0x1d0
[  148.903989][ T6534]  ? rt_mutex_lock_nested+0x1a4/0x210
[  148.909504][ T6534]  ? i2c_smbus_xfer+0x120/0x3b0
[  148.914469][ T6534]  ? rwsem_down_read_slowpath+0x9d0/0x9d0
[  148.920390][ T6534]  ? __might_fault+0xb7/0x110
[  148.925164][ T6534]  i2c_smbus_xfer+0x272/0x3b0
[  148.930270][ T6534]  ? i2c_smbus_read_byte+0x1d0/0x1d0
[  148.935633][ T6534]  ? __might_fault+0xb3/0x110
[  148.940486][ T6534]  i2cdev_ioctl_smbus+0x432/0x680
[  148.945606][ T6534]  ? i2cdev_ioctl_rdwr+0x6d0/0x6d0
[  148.950793][ T6534]  ? __might_fault+0xb3/0x110
[  148.955546][ T6534]  ? _copy_from_user+0x111/0x170
[  148.960659][ T6534]  i2cdev_ioctl+0x583/0x7b0
[  148.965331][ T6534]  ? i2cdev_write+0x120/0x120
[  148.970255][ T6534]  ? bpf_lsm_file_ioctl+0x5/0x10
[  148.975252][ T6534]  ? security_file_ioctl+0x7c/0xa0
[  148.980466][ T6534]  ? i2cdev_write+0x120/0x120
[  148.985173][ T6534]  __se_sys_ioctl+0xfa/0x170
[  148.989849][ T6534]  do_syscall_64+0x4c/0xa0
[  148.994377][ T6534]  ? clear_bhb_loop+0x30/0x80
[  148.999157][ T6534]  ? clear_bhb_loop+0x30/0x80
[  149.003851][ T6534]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  149.009891][ T6534] RIP: 0033:0x7f596b943819
[  149.014399][ T6534] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  149.034350][ T6534] RSP: 002b:00007f5969b9d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  149.042859][ T6534] RAX: ffffffffffffffda RBX: 00007f596bbbcfa0 RCX: 00007f596b943819
[  149.051006][ T6534] RDX: 0000200000000980 RSI: 0000000000000720 RDI: 0000000000000006
[  149.058979][ T6534] RBP: 00007f596b9d9c91 R08: 0000000000000000 R09: 0000000000000000
[  149.067209][ T6534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  149.075170][ T6534] R13: 00007f596bbbd038 R14: 00007f596bbbcfa0 R15: 00007fff84262708
[  149.083318][ T6534]  </TASK>
[  149.086341][ T6534] Modules linked in:
[  149.090415][    C1] vkms_vblank_simulate: vblank timer overrun
[  149.105513][ T6534] ---[ end trace 8143d4d729d602e2 ]---
[  149.109607][ T4259] usb 8-1: USB disconnect, device number 2
[  149.114044][ T6534] RIP: 0010:mcp_smbus_xfer+0x59/0x1070
[  149.127721][ T6534] Code: c3 a8 01 00 00 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 16 a0 55 fa 48 8b 1b 48 89 d8 48 c1 e8 03 48 89 44 24 08 <42> 80 3c 38 00 74 08 48 89 df e8 f8 9f 55 fa 4c 8b 3b 4d 8d a7 70
[  149.155145][ T6534] RSP: 0018:ffffc9000318f9a0 EFLAGS: 00010246
[  149.171931][ T6534] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000080000
[  149.182987][ T6543] batman_adv: batadv0: Adding interface: batadv_slave_1
[  149.195005][ T6534] RDX: ffffc9001479b000 RSI: 00000000000003f9 RDI: 00000000000003fa
[  149.211361][ T6543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  149.239809][    C1] vkms_vblank_simulate: vblank timer overrun
[  149.250261][ T4226] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  149.250300][ T6534] RBP: 00000000000000ef R08: 00000000000000ef R09: 0000000000000004
[  149.275052][ T6543] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  149.285595][ T6534] R10: dffffc0000000000 R11: fffffbfff1b13c6e R12: dffffc0000000000
[  149.302974][ T6534] R13: 0000000000000001 R14: 0000000000000004 R15: dffffc0000000000
[  149.319955][ T6534] FS:  00007f5969b9d6c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
[  149.329325][ T6534] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  149.336345][ T6534] CR2: 00007f2bc7ae62f8 CR3: 000000001f91a000 CR4: 00000000003506f0
[  149.345843][ T6534] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  149.350452][ T6543] device hsr_slave_0 entered promiscuous mode
[  149.354578][ T6534] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  149.369181][ T6534] Kernel panic - not syncing: Fatal exception
[  149.375906][ T6534] Kernel Offset: disabled
[  149.380357][ T6534] Rebooting in 86400 seconds..