last executing test programs:

8m52.936692806s ago: executing program 3 (id=197):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRESHEX, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYRESDEC, @ANYRES64], 0x8, 0x2ed, &(0x7f0000000a80)="$eJzs3L9PE2EYwPGnPyhtCZTBaDQxvNFFlwtUZ6UxkBibSJAafyQmB1y16dmSuwZTY0QnV+Mf4UAY2UiUf4DFTRcXNxYTTWQwnun1jkI5QKC0CN9PQu7hnve5vm9byPM2HKv33j4t5m0tr1ckHFcSEhFZE+mXsPhC3jHsxjHZ6JVc7vnx+fyd+w9uZbLZkXGlRjMTV9JKqb6BD89eJLxhS92y0v9o9Xv628rplbOrfyaeFGxVsFWpXFG6mix/reiTpqGmC3ZRU2rMNHTbUIWSbVj1fLmez5vlmZmq0kvTvckZy7BtpZeqqmhUVaWsKlZVRR7rhZLSNE31JgW7yc2Pj+uZfRZPtXgyOCSWldEjIpLYksnNd2RCAACgo5r7/7CoVvb/CxeWKz13F/u8/n8pFtT/X/1Sv9am/j8uIoH9v//4gf2/vrf+f2tHdLIcqP/H0TAQ23Iq1AhrSSujJ72fX9frhwuDbkD/DwAAAAAAAAAAAAAAAAAAAADA/2DNcVKO46T8o//VLSJxEfG/DyiNiMj1DkwZLXSA1x/HQOPGvWifiPlmNjebqx+9AcsiYoohg5KS3+77wVOL/TuPVE2/fDTnvPq52VzEzWTyUnDrhyTVJc31jjN6MzsypOo213dJcmN9WlJyKrg+HVgfk0sXN9RrkpJPU1IWU6bdeTTqXw4pdeN2tqk+4Y4DAAAAAOA40NS6wP27pm2Xr9ev76+bPx+INPbXg4H786ici3Z27QAAAAAAnBR29XlRN03D2iFIyO5j9h9ED+nK/gr/tcr/W4bDW+kOgf/gm1Jx72TLn5bQHp6WbYKw7KdqoLYaddBV+B8bNaV+Oo7jBjI23P5X0A3OvHv/q3UXvLYYD15pC4LIzm+Arrb9AgIAAADQNo2m3z8z3NkJAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABwArXjv6N1eo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAUfE3AAD//7ndB6A=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
mkdir(&(0x7f0000000000)='./bus\x00', 0xe7f6bec49cc54d58)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
shutdown(r5, 0x0)
pipe(0x0)
r6 = syz_open_procfs(r2, &(0x7f0000000280)='stat\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[@ANYRESHEX, @ANYBLOB=',w', @ANYRESHEX=r6, @ANYBLOB=',\x00'])
write(0xffffffffffffffff, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fdatasync(r0)

8m48.939110289s ago: executing program 3 (id=201):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x11, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
mkdirat(0xffffffffffffff9c, 0x0, 0x100)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0)
r0 = syz_open_dev$video4linux(&(0x7f0000000500), 0x20, 0x400)
ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r0, 0xc0305616, 0x0)
r1 = syz_open_dev$video4linux(0x0, 0x7, 0x28602)
ioctl$VIDIOC_SUBDEV_S_CROP(r1, 0xc038563c, &(0x7f0000000100)={0x1, 0x0, {0x6, 0x291e57e5, 0x2, 0x3}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), 0xffffffffffffffff)
r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
openat(0xffffffffffffff9c, 0x0, 0xc0042, 0x1fe)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r3 = gettid()
process_vm_writev(r3, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x21, &(0x7f0000000200)=ANY=[@ANYBLOB='nr_Inode='])
socket$inet6(0xa, 0x2, 0x0)

8m43.78599804s ago: executing program 3 (id=210):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40))
socket$packet(0x11, 0x3, 0x300)
socket$inet6(0xa, 0x800000000000002, 0x0)
socket$kcm(0x2, 0x3, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000d"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)
socket$inet6(0xa, 0x800000000000002, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000))
socket(0x28, 0x1, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet6_icmp(0xa, 0x2, 0x3a)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$rds(0x15, 0x5, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r2}, 0x18)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r3, @ANYRES64=0x0, @ANYRESOCT=r1], 0x20)

8m43.476202535s ago: executing program 3 (id=212):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = socket$alg(0x26, 0x5, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000540)={[{@jqfmt_vfsv1}, {@resgid}, {@barrier_val}, {@norecovery}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@resgid}, {@barrier}, {@grpid}, {@orlov}]}, 0x1, 0x572, &(0x7f0000000640)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x35, 0x1, 0x22bb938, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
unlink(&(0x7f0000000000)='./file0/file0\x00')
bind$alg(r0, &(0x7f0000000400)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000a00)=@newtaction={0x4c, 0x1e, 0x109, 0xfffffffd, 0xfffffffc, {}, [{0x38, 0x1, [@m_mirred={0x34, 0x0, 0x0, 0x0, {{0xb, 0x9}, {0x4, 0xe}, {0x6, 0x6, "2796"}, {0xc}, {0xc}}}]}]}, 0x4c}, 0x1, 0x2b1e}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ppoll(&(0x7f0000000100)=[{r6, 0x6}], 0x1, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth1_to_team\x00'})

8m40.670966579s ago: executing program 3 (id=215):
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x85}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000a00000012000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x54, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

8m36.377004527s ago: executing program 3 (id=218):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r0, 0x90004)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d0000008500000008000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
accept4(r0, 0x0, 0x0, 0x0)

8m21.052121178s ago: executing program 32 (id=218):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r0, 0x90004)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d0000008500000008000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
accept4(r0, 0x0, 0x0, 0x0)

1m14.335128107s ago: executing program 4 (id=1134):
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="850000006300fbff6500000000000000160000000000000038"], 0x0, 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.dequeue\x00', 0x26e1, 0x0)
close(r0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001240))
ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @random="7cf1e97c9e4f"})

1m13.972405573s ago: executing program 4 (id=1136):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)={'syztnl2\x00', &(0x7f0000000100)={'ip6gre0\x00', 0x0, 0x4, 0x5, 0x80, 0x10001, 0x71, @remote, @remote, 0x1, 0x7800, 0x4, 0xfffffffc}})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="08000000000000006d02"])

1m13.588847279s ago: executing program 4 (id=1139):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_int(r3, 0x0, 0xa, &(0x7f00000010c0)=0xd, 0x3)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYRES16=0x0, @ANYBLOB="040026bd7000fbdbdf25440000000c009900020000003800000048025a80200001800500040002000000140005000700ffff020007000008070009000f00b4000380050006000000000005000600010000000500040002000000140003000000030003000800000008000200e307140003000500060007000200ff0105000600400005000700000000001400050005000700040027b10700f0b60700030005000600020000004a000200562f072800170118f11a1419111015283c21501207190255520c0f394408544c501e16331f2e1d04013e330c1430083c0e3132180321092a10000e4017301941353f0b0942480000740000800500060002000000140005000001fe000300ac0dff070180ff7fbd00140003003a000f00060007000600feff008002001400050000000d005800ff07d400ff0700000100050004000100000022000100140c0503030c1b041b48163060120930480160600200001224051802360900000c00028005000400020000004800008042000200163c512a1746052b4147264805381a150f53492e3e2a524c3e0501521a110d1e17305219422a0b2e48411c1d0154265334451200413e070a20163109013c00000c00008005000400010000002000038014000500060000012333f7ff150001000800c2d705000400000000007c0002800500060002000000080002004d3654513e0002001b24462e173e20111d0a2f0e534b3251084a2312282d4a39274308123b4520454b4c50323d03003749283728223156331154231615451f5751450000270002001d4c134740562f0e563f4017002232482e10010414413249420854504940061f4f172500"], 0x268}, 0x1, 0x0, 0x0, 0xd5}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r5, 0x1, &(0x7f0000000140)=[&(0x7f0000064000/0x1000)=nil], &(0x7f0000000240)=[0x1], 0x0, 0x0)
syz_emit_ethernet(0x15a, &(0x7f0000000b80)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaabb81002a00080040e201480068000049b090780a0101007e356142e0000002072711ac1414bbac1414bbac141440ac1414bbffffffffac1414347f000001ac1414bbe000000194040100000000010000000000000000000000000200004e2000004e21000000010000033fe85500000000000000000080000000c70000000000000fff000004e600000002000000f0000000ae00000000000000010000000900000000000042a70000d05e0000000800000002000000bb000000020000000100000005000000f00000000a0000000b00000006000000830000000600000b5c00004010000000010000000700000004000000050060000000000008000070f40000000900000080000000000000008100000005000000060000508b000000040000000300000040000000020000ffff00000d9f000000300000000000000006000000d2000003ff000002a70000000400004010"], 0x0)
shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r6, &(0x7f00000004c0)=""/57, 0x39)
r7 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r7, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
sendmmsg$inet6(r7, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom$inet6(r7, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = fsopen(&(0x7f0000000000)='msdos\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id'])

1m12.628895034s ago: executing program 4 (id=1141):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x400, &(0x7f00000004c0)=ANY=[@ANYBLOB="6e6f626172726965722c6e6f657874656e745f63616368652c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474720000693a653d3078303030303030303030303030303766662c736d61636b6673726f6f080000006673f52b00e58abba2d0cc27be339f6f4fe5ad35a724e1531a622f050000008586eb5ba3614d2c24abf5a2614c0f111e057112dafd66336a5e3b6512b81cda80be6e9a34ccc2b88c0100008000000000e3f5def862b95c20ee847008000b0c22653d2ff39b36732e46b56357afe57094f42ba61c5e8b4e184d7dd50000000000000000c0469264c247cd3c7fcb39043dda97538456bc294ae31e525d3b664cf8e83b52b1885b866b58698b3f132aced62a4fc7c8c400b805173d7488a35708d2523190c0014689f57be6ee3f5d28935a0000000000000000000000000000000000000059c1403d010001008ab61fa90695a8b268c277645c1e357ec9316354f659d4244fe126a8364eaa0de6bf4ba21c767782a04bdbb8c86d0cc7e3f03f8ef15c0ee311768cccb8affb0ae5d7cd0000000097676c046a6c754c98dd5f400ad99a588d983ae6e07b4e0e0907266aca53b30a815a84295fb5eab2f263613d36994dc15562892c33ed149270907e9c2e4d0cac7dd9735621a0c6768d4f70c664699157854bb1b85ce3f6ea44456e4f1ae1575315d77f2b995ce4d6ce21b17ca891c155ddd9916e997c32e78231e8d54675e4edf480980023b9736180ff98cf93f888eb70abb728b7e91a5d75b7e43e54f92b6e679249576f12533bef1c93aa993977f15c0a7b595423444db6e87480c46c408f6d48afa1ba"], 0x1, 0x5514, &(0x7f0000005d80)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DCJmy67aK3qrv4gV3KqgdPmiZpyG6SKU2a1p48eBQPnv0nRMGTR/8GD569iQfFm6BkZqpbP8ClSWPb3w8mz7xv3jzzvGFZeGZKAjiz5pNffirFtbgUEbMRcTUiOy8VR2Y1D89FxPWImHnsKBXzf0ycj4jLEXFtlDzPWSre+vTm8MbKj2/8/PW3F85d+fyr76a3a2Dano+I7lZ+vtvNY9rK48NivjZsZ7G7PCxi/kb3UTFO87jb3Mgy7NYO1tWyeLuVr0+3dvqjuNmp1Uex1d7M5rd6+QX7w9ZBnuwDD2vb2bjR3Mhiu59msbWf17W3n//ftt8f5HkaRb4PsvQxGBzEfL6518z3s/Uoi/XeoJjP86aN5t4oDotYXC7qaaeR1bFxlG/6/+3Ndm9nLxk2t/vttJesVKovVKp3ytXttNEcNJfLtW7jznKy0OqMlpUHzVp3tZWmrU6zUk+7i8lCq14vV6vJwt3mRrvWS6rVyu3KrfLKYnF2M3n1/jtJp5EsjOLL7d7OoN3pJ5vpdpJ/YjFZqtx+cTG5UU3eWltP1h/cu7e2/vZ7d9+9/9La668Ui/5WVrKwdGtpqVy9VV6qLp6h/X9UFD3G/cORlJ5s+YVJ1QFwguj/gWmYXP+//SBi8v1/6P/H4kT1vxPr/z87s/uHI3nC/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNPj+7kvXstO5vPxlWL+qWLqmWJcioiZiPjtH8zG+UM5Z4s8c/+yfu4vNXxTiizD6BoXiuNyRKwWx69PT/pbAAAAgNPryw+vf5J36/nL/LQL4jjlN21mrr4/pnyliJib/2FM2WZGL8+OKVn27/tc7I0pW3YD6+KYkuW33M6NK9t/MnsoXHwslPIwc6zlAAAAx+JwJ3C8XQgAAADH6eNpF8B0lOLgUebBs+DsL+//fCB46dAIAAAAOIFK0y4AAAAAmLis//f7fwAAAHC65b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7lpA1EcgJ8NLvSfiqru26N0B8foEbrssuIAvQRHoFfIBTgD2eUIEUR4HBSiJIrisa2Q75PMMBb8/IzwYmakAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALp0Wa0X//9+/9c2Z7dv54WX/dG2bgAAAHgLttV6Ub+Zpf7H5vzn5tTXpl9ERBkRD43dR/HuJHPU5FSPfL66V8NFRJ1wuMakOT5ExM/muP7S9a8AAAAA52uzXM3TaD29zIYuiD6lSZvy069MeUVEVLOrTGnlIe9bprD6/z2OP5nS6gmsaaawNOU2zpX2LPXjfpy1m95pitSUT38/270DAAA9Gp00/Y5CAAAA6NPvoQtgGEXcLmUelwInqWmW996f9AAAAIBXqBi6AAAAAKBz9fjf/n8AAABw3tL+fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHRpW60Xm+Vq3jZnt28nz90AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADfvzjgIhEAZhsHd9ZzL3P6w0aGpqUgXCx98YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvPndX/5PTI0zydxrY+l5JFk7NbZOjb1z4+gP4+vXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7M9tCoAgEIbBrezrX3j/w8YLeoYIZkB42EVBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBH7hnLOLXO2BJPVbVME3vGvaqOrBJnVokrF/p4sPUPfwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMvO/bzGUcUBAH8zs7NJq+IaZQ8RseBBLzbd1tbexIMSPPgnCCHd1titP9ocbClCLt4k515EjyKCEm/9H3puoZd662EPFTxX5lcy+XFYhZ3ZZD8fePO+Mwzzvm8WQr77XgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsM/5wL06yQ6+I4/Law2d317P+0YE+c3/78XLWsjhqMunj4Y36SdSvnSw2nwwAAADzIanq+xDCk3RnNevjXl7/p9U9Wc3/00tFXNXzB+v+qq9q/6z9+cfT13YH6hXjZA+9ujEanjucSmd6s5xhz1+e4KZO/ubz716S/AOJP9l6dZzm7zP64cGDj7p5uDD9dAGA/+ds1ZdB9ftQ1g/aTAyAudGpFd5V/Z/02s0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAnjrfBCFUchhOXOXpx59Ozu+lH9/e3Hy1W7dO/edv2Z2SPSEMLVjdHwXFhscDaz7dbtO9fXRqPhzeaDN0MIbY3+QTn9659NcHMIU0rjTEtvfs6CuPywZyWf4xG0+EMJAIATKS1bVtc/SXdWs2vRUgjPf95f/79di8OE9f/Tzy89rI9Vr/8Hjc1w9q1s3vh65dbtO+9u3Fi7Nrw2/PK984P3BxcuX7x4eSX/rqQ4tp0mAAAAx1i3bPX6P146vP5/uhaHCev/b34cfFcfK1H/H2lv0a/tTAAAAObbK2f++Ts64nrU7YZv1zY3bw6K4+75+eLYQqr/2ULZ6vV/stR2VgAAAEATxlvRvvX/K7U4TLj+/+Ivr/9Wf2YSQjhVrv+fXf9qdKW56cy0qfzx8EL5cDsLAAAAKOvxUwfW/9N8/3+8u+UhDiG881YRl/8GcKL6P/n4+1/rY9X3/19oboozKe4X7yPv+yF0+m1nBAAAwEm2mLdeXv//le6sfvH76U+79v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANO3fAAAA///FdTwZ")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f00000002c0)={0x4, 0x10000000, 0x7, 0xffff})

1m10.020669216s ago: executing program 4 (id=1149):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_int(r3, 0x0, 0xa, &(0x7f00000010c0)=0xd, 0x3)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYRES16=0x0, @ANYBLOB="040026bd7000fbdbdf25440000000c009900020000003800000048025a80200001800500040002000000140005000700ffff020007000008070009000f00b4000380050006000000000005000600010000000500040002000000140003000000030003000800000008000200e307140003000500060007000200ff0105000600400005000700000000001400050005000700040027b10700f0b60700030005000600020000004a000200562f072800170118f11a1419111015283c21501207190255520c0f394408544c501e16331f2e1d04013e330c1430083c0e3132180321092a10000e4017301941353f0b0942480000740000800500060002000000140005000001fe000300ac0dff070180ff7fbd00140003003a000f00060007000600feff008002001400050000000d005800ff07d400ff0700000100050004000100000022000100140c0503030c1b041b48163060120930480160600200001224051802360900000c00028005000400020000004800008042000200163c512a1746052b4147264805381a150f53492e3e2a524c3e0501521a110d1e17305219422a0b2e48411c1d0154265334451200413e070a20163109013c00000c00008005000400010000002000038014000500060000012333f7ff150001000800c2d705000400000000007c0002800500060002000000080002004d3654513e0002001b24462e173e20111d0a2f0e534b3251084a2312282d4a39274308123b4520454b4c50323d03003749283728223156331154231615451f5751450000270002001d4c134740562f0e563f4017002232482e10010414413249420854504940061f4f172500"], 0x268}, 0x1, 0x0, 0x0, 0xd5}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r5, 0x1, &(0x7f0000000140)=[&(0x7f0000064000/0x1000)=nil], &(0x7f0000000240)=[0x1], 0x0, 0x0)
syz_emit_ethernet(0x15a, &(0x7f0000000b80)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaabb81002a00080040e201480068000049b090780a0101007e356142e0000002072711ac1414bbac1414bbac141440ac1414bbffffffffac1414347f000001ac1414bbe000000194040100000000010000000000000000000000000200004e2000004e21000000010000033fe85500000000000000000080000000c70000000000000fff000004e600000002000000f0000000ae00000000000000010000000900000000000042a70000d05e0000000800000002000000bb000000020000000100000005000000f00000000a0000000b00000006000000830000000600000b5c00004010000000010000000700000004000000050060000000000008000070f40000000900000080000000000000008100000005000000060000508b000000040000000300000040000000020000ffff00000d9f000000300000000000000006000000d2000003ff000002a70000000400004010"], 0x0)
shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r6, &(0x7f00000004c0)=""/57, 0x39)
r7 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r7, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
sendmmsg$inet6(r7, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom$inet6(r7, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = fsopen(&(0x7f0000000000)='msdos\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id'])

1m7.444315236s ago: executing program 4 (id=1158):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000000c0), 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f00000002c0)='EH', 0x2, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

1m6.953920004s ago: executing program 33 (id=1158):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000000c0), 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f00000002c0)='EH', 0x2, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

10.988553986s ago: executing program 5 (id=1333):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xfc, {"a2e3ad09edfc09f91b44090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b0732306c090890e0879b0a0ac6e70a9b3361959b4b9a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
syz_clone3(&(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, {0x16}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f0000001600)={{0x0, 0x0, 0x80}})

8.433122747s ago: executing program 5 (id=1337):
unshare(0x62000000)
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb7e, &(0x7f0000000c40)="$eJzs3M1rVFcbAPDn3nwYNb6JL/LyWkoNtGChOBrFSl2py9ZFof0DDHEiIdcPkhRMcBHbhXRVC910UWgXpX9AoetstNBV6aaVFrqXShHdp9zJnWQwM0mqMx4/fj84c8/HZM7z5JK555C5E8BLa6x8yCP2R8S5LGKk6s8jYrBRG4pYWn3eg/vXJh/evzaZxcrKB39nkVV9zdfKquPuqjEUEb+cyeK/n2ycd25hcWaiKOqzVfvw/MUrh+cWFg9NX5y4UL9QvzR+YvzY8RPHjr99pGu5vrv35tmvxk/t+f7Mrauv3fj9yyxOxXA11ppHt4zFWKxUWvv7I2Ki25Ml0lflk7X0Zf0JAwIAYFN5yxrufzESfbG+eBuJW78mDQ4AAADoipW+WPsfFQAAAPCiyuz/AQAA4AXX/BzAg/vXJpsl7ScSnq57pyNitF3+/bHUOA7FQETsepBF622t2eqPPbGxiNj30+iPZYke3Ye8maXrEfH/dvlnjfxHG3dxb8w/j4hu3Jk99kj7ecr/VBfmT50/AC+n5dOrF7KN1798bf0Tba5//W2uXY8j9fWv8/pvPf++Duu/97c5R/3Ap593Gmtd/xXfvnq7nL88PlFS/8K96xGv9Hde/5T5Zx3yP7fNOQb++PmHTmNl/mW+zfK081/5JuJg2/3P+jfaZJt/P9HhqemiXj22nePG7e/2dZq/9fyXpZy/uRd4Gsrzv6tD/lud/yvbnGP5r4N/dhrbOv/87mD2YaM2WPVcnZifnx2PGMzObuw/unkszec0X6PM/83XN//7b5d/+Z6wVP0eyr3A9epYtj9+ZM5D773zxuPn31tl/ucf8/zf3OYcX382e7fTWOr8AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg+5BExHFleW6vnea0WsTsi9sWuvLg8N//W1OWPLp0vxyJGYyCfmi7qRyJiZLWdle3xRn29ffSR9rGI2BsRX4zsbLRrk5eL86mTBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYM3uiBiOLK9FRB4RD0fyvFZLHRUAAADQdaOpAwAAAAB6zv4fAAAAXnz2/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPTY3gPLd7KIWDq5s1FKg9XYQNLIgF7LUwcAJNOXOgAgmf7UAQDJ2OMD2RbjQx1HdnQ9FgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeXQf3L9/JImLp5M5GKQ1WYwNJIwN6LU8dAJBMX+oAgGT6UwcAJGOPD2RbjA91HNnR9VgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHYNN0qW1yIib9TzvFaL2BMRozGQTU0X9SMR8Z+I+G1kYEfZHk8dNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF03t7A4M1EU9VkVFRWVtUrqdyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFKYW1icmSiK+uxc6kgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA1OYWFmcmiqI+28NK6hwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEjnnwAAAP///JMJmQ==")
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="600000001000ffff25bd700001dcdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000400230800000a000100aaaaaaaaaa0d0000340012800e000100697036677265746170"], 0x60}, 0x1, 0x0, 0x0, 0x4044030}, 0xc0)

8.349256058s ago: executing program 1 (id=1338):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_int(r3, 0x0, 0xa, &(0x7f00000010c0)=0xd, 0x3)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYRES16=0x0, @ANYBLOB="040026bd7000fbdbdf25440000000c009900020000003800000048025a80200001800500040002000000140005000700ffff020007000008070009000f00b4000380050006000000000005000600010000000500040002000000140003000000030003000800000008000200e307140003000500060007000200ff0105000600400005000700000000001400050005000700040027b10700f0b60700030005000600020000004a000200562f072800170118f11a1419111015283c21501207190255520c0f394408544c501e16331f2e1d04013e330c1430083c0e3132180321092a10000e4017301941353f0b0942480000740000800500060002000000140005000001fe000300ac0dff070180ff7fbd00140003003a000f00060007000600feff008002001400050000000d005800ff07d400ff0700000100050004000100000022000100140c0503030c1b041b48163060120930480160600200001224051802360900000c00028005000400020000004800008042000200163c512a1746052b4147264805381a150f53492e3e2a524c3e0501521a110d1e17305219422a0b2e48411c1d0154265334451200413e070a20163109013c00000c00008005000400010000002000038014000500060000012333f7ff150001000800c2d705000400000000007c0002800500060002000000080002004d3654513e0002001b24462e173e20111d0a2f0e534b3251084a2312282d4a39274308123b4520454b4c50323d03003749283728223156331154231615451f5751450000270002001d4c134740562f0e563f4017002232482e10010414413249420854504940061f4f172500"], 0x268}, 0x1, 0x0, 0x0, 0xd5}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r5, 0x1, &(0x7f0000000140)=[&(0x7f0000064000/0x1000)=nil], &(0x7f0000000240)=[0x1], 0x0, 0x0)
syz_emit_ethernet(0x15a, &(0x7f0000000b80)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaabb81002a00080040e201480068000049b090780a0101007e356142e0000002072711ac1414bbac1414bbac141440ac1414bbffffffffac1414347f000001ac1414bbe000000194040100000000010000000000000000000000000200004e2000004e21000000010000033fe85500000000000000000080000000c70000000000000fff000004e600000002000000f0000000ae00000000000000010000000900000000000042a70000d05e0000000800000002000000bb000000020000000100000005000000f00000000a0000000b00000006000000830000000600000b5c00004010000000010000000700000004000000050060000000000008000070f40000000900000080000000000000008100000005000000060000508b000000040000000300000040000000020000ffff00000d9f000000300000000000000006000000d2000003ff000002a70000000400004010"], 0x0)
shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r6, &(0x7f00000004c0)=""/57, 0x39)
r7 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r7, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
sendmmsg$inet6(r7, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom$inet6(r7, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = fsopen(&(0x7f0000000000)='msdos\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id'])

7.516770871s ago: executing program 0 (id=1341):
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r1, 0x0, r0, 0x0, 0x6, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x3ff)
dup3(r1, r0, 0x80000)
sendmsg$IPSET_CMD_PROTOCOL(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c000000010605"], 0x2c}, 0x1, 0x0, 0x0, 0x40001d0}, 0x0)

7.279646425s ago: executing program 1 (id=1342):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_int(r3, 0x0, 0xa, &(0x7f00000010c0)=0xd, 0x3)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYRES16=0x0, @ANYBLOB="040026bd7000fbdbdf25440000000c009900020000003800000048025a80200001800500040002000000140005000700ffff020007000008070009000f00b4000380050006000000000005000600010000000500040002000000140003000000030003000800000008000200e307140003000500060007000200ff0105000600400005000700000000001400050005000700040027b10700f0b60700030005000600020000004a000200562f072800170118f11a1419111015283c21501207190255520c0f394408544c501e16331f2e1d04013e330c1430083c0e3132180321092a10000e4017301941353f0b0942480000740000800500060002000000140005000001fe000300ac0dff070180ff7fbd00140003003a000f00060007000600feff008002001400050000000d005800ff07d400ff0700000100050004000100000022000100140c0503030c1b041b48163060120930480160600200001224051802360900000c00028005000400020000004800008042000200163c512a1746052b4147264805381a150f53492e3e2a524c3e0501521a110d1e17305219422a0b2e48411c1d0154265334451200413e070a20163109013c00000c00008005000400010000002000038014000500060000012333f7ff150001000800c2d705000400000000007c0002800500060002000000080002004d3654513e0002001b24462e173e20111d0a2f0e534b3251084a2312282d4a39274308123b4520454b4c50323d03003749283728223156331154231615451f5751450000270002001d4c134740562f0e563f4017002232482e10010414413249420854504940061f4f172500"], 0x268}, 0x1, 0x0, 0x0, 0xd5}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r5, 0x1, &(0x7f0000000140)=[&(0x7f0000064000/0x1000)=nil], &(0x7f0000000240)=[0x1], 0x0, 0x0)
syz_emit_ethernet(0x15a, &(0x7f0000000b80)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaabb81002a00080040e201480068000049b090780a0101007e356142e0000002072711ac1414bbac1414bbac141440ac1414bbffffffffac1414347f000001ac1414bbe000000194040100000000010000000000000000000000000200004e2000004e21000000010000033fe85500000000000000000080000000c70000000000000fff000004e600000002000000f0000000ae00000000000000010000000900000000000042a70000d05e0000000800000002000000bb000000020000000100000005000000f00000000a0000000b00000006000000830000000600000b5c00004010000000010000000700000004000000050060000000000008000070f40000000900000080000000000000008100000005000000060000508b000000040000000300000040000000020000ffff00000d9f000000300000000000000006000000d2000003ff000002a70000000400004010"], 0x0)
shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r6, &(0x7f00000004c0)=""/57, 0x39)
r7 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r7, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
sendmmsg$inet6(r7, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom$inet6(r7, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = fsopen(&(0x7f0000000000)='msdos\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id'])

6.994806189s ago: executing program 0 (id=1344):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_int(r3, 0x0, 0xa, &(0x7f00000010c0)=0xd, 0x3)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r5, 0x1, &(0x7f0000000140)=[&(0x7f0000064000/0x1000)=nil], &(0x7f0000000240)=[0x1], 0x0, 0x0)
syz_emit_ethernet(0x15a, &(0x7f0000000b80)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaabb81002a00080040e201480068000049b090780a0101007e356142e0000002072711ac1414bbac1414bbac141440ac1414bbffffffffac1414347f000001ac1414bbe000000194040100000000010000000000000000000000000200004e2000004e21000000010000033fe85500000000000000000080000000c70000000000000fff000004e600000002000000f0000000ae00000000000000010000000900000000000042a70000d05e0000000800000002000000bb000000020000000100000005000000f00000000a0000000b00000006000000830000000600000b5c00004010000000010000000700000004000000050060000000000008000070f40000000900000080000000000000008100000005000000060000508b000000040000000300000040000000020000ffff00000d9f000000300000000000000006000000d2000003ff000002a70000000400004010"], 0x0)
shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r6, &(0x7f00000004c0)=""/57, 0x39)
r7 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r7, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
sendmmsg$inet6(r7, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom$inet6(r7, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = fsopen(&(0x7f0000000000)='msdos\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id'])

6.082105134s ago: executing program 1 (id=1345):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x8, 0x0)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0)
mremap(&(0x7f000008f000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000486000/0x1000)=nil)
mbind(&(0x7f0000673000/0x1000)=nil, 0x1000, 0x3, &(0x7f00000009c0)=0x7, 0x3, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0)

5.925381316s ago: executing program 0 (id=1346):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r0}, 0x18)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)

5.728976889s ago: executing program 5 (id=1347):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_int(r3, 0x0, 0xa, &(0x7f00000010c0)=0xd, 0x3)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYRES16=0x0, @ANYBLOB="040026bd7000fbdbdf25440000000c009900020000003800000048025a80200001800500040002000000140005000700ffff020007000008070009000f00b4000380050006000000000005000600010000000500040002000000140003000000030003000800000008000200e307140003000500060007000200ff0105000600400005000700000000001400050005000700040027b10700f0b60700030005000600020000004a000200562f072800170118f11a1419111015283c21501207190255520c0f394408544c501e16331f2e1d04013e330c1430083c0e3132180321092a10000e4017301941353f0b0942480000740000800500060002000000140005000001fe000300ac0dff070180ff7fbd00140003003a000f00060007000600feff008002001400050000000d005800ff07d400ff0700000100050004000100000022000100140c0503030c1b041b48163060120930480160600200001224051802360900000c00028005000400020000004800008042000200163c512a1746052b4147264805381a150f53492e3e2a524c3e0501521a110d1e17305219422a0b2e48411c1d0154265334451200413e070a20163109013c00000c00008005000400010000002000038014000500060000012333f7ff150001000800c2d705000400000000007c0002800500060002000000080002004d3654513e0002001b24462e173e20111d0a2f0e534b3251084a2312282d4a39274308123b4520454b4c50323d03003749283728223156331154231615451f5751450000270002001d4c134740562f0e563f4017002232482e10010414413249420854504940061f4f172500"], 0x268}, 0x1, 0x0, 0x0, 0xd5}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x10)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r4, 0x1, &(0x7f0000000140)=[&(0x7f0000064000/0x1000)=nil], &(0x7f0000000240)=[0x1], 0x0, 0x0)
syz_emit_ethernet(0x15a, &(0x7f0000000b80)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaabb81002a00080040e201480068000049b090780a0101007e356142e0000002072711ac1414bbac1414bbac141440ac1414bbffffffffac1414347f000001ac1414bbe000000194040100000000010000000000000000000000000200004e2000004e21000000010000033fe85500000000000000000080000000c70000000000000fff000004e600000002000000f0000000ae00000000000000010000000900000000000042a70000d05e0000000800000002000000bb000000020000000100000005000000f00000000a0000000b00000006000000830000000600000b5c00004010000000010000000700000004000000050060000000000008000070f40000000900000080000000000000008100000005000000060000508b000000040000000300000040000000020000ffff00000d9f000000300000000000000006000000d2000003ff000002a70000000400004010"], 0x0)
shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r5, &(0x7f00000004c0)=""/57, 0x39)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r6, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
sendmmsg$inet6(r6, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom$inet6(r6, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = fsopen(&(0x7f0000000000)='msdos\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id'])

3.668274631s ago: executing program 5 (id=1351):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_int(r3, 0x0, 0xa, &(0x7f00000010c0)=0xd, 0x3)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYRES16=0x0, @ANYBLOB="040026bd7000fbdbdf25440000000c009900020000003800000048025a80200001800500040002000000140005000700ffff020007000008070009000f00b4000380050006000000000005000600010000000500040002000000140003000000030003000800000008000200e307140003000500060007000200ff0105000600400005000700000000001400050005000700040027b10700f0b60700030005000600020000004a000200562f072800170118f11a1419111015283c21501207190255520c0f394408544c501e16331f2e1d04013e330c1430083c0e3132180321092a10000e4017301941353f0b0942480000740000800500060002000000140005000001fe000300ac0dff070180ff7fbd00140003003a000f00060007000600feff008002001400050000000d005800ff07d400ff0700000100050004000100000022000100140c0503030c1b041b48163060120930480160600200001224051802360900000c00028005000400020000004800008042000200163c512a1746052b4147264805381a150f53492e3e2a524c3e0501521a110d1e17305219422a0b2e48411c1d0154265334451200413e070a20163109013c00000c00008005000400010000002000038014000500060000012333f7ff150001000800c2d705000400000000007c0002800500060002000000080002004d3654513e0002001b24462e173e20111d0a2f0e534b3251084a2312282d4a39274308123b4520454b4c50323d03003749283728223156331154231615451f5751450000270002001d4c134740562f0e563f4017002232482e10010414413249420854504940061f4f172500"], 0x268}, 0x1, 0x0, 0x0, 0xd5}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r5, 0x1, &(0x7f0000000140)=[&(0x7f0000064000/0x1000)=nil], &(0x7f0000000240)=[0x1], 0x0, 0x0)
syz_emit_ethernet(0x15a, &(0x7f0000000b80)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaabb81002a00080040e201480068000049b090780a0101007e356142e0000002072711ac1414bbac1414bbac141440ac1414bbffffffffac1414347f000001ac1414bbe000000194040100000000010000000000000000000000000200004e2000004e21000000010000033fe85500000000000000000080000000c70000000000000fff000004e600000002000000f0000000ae00000000000000010000000900000000000042a70000d05e0000000800000002000000bb000000020000000100000005000000f00000000a0000000b00000006000000830000000600000b5c00004010000000010000000700000004000000050060000000000008000070f40000000900000080000000000000008100000005000000060000508b000000040000000300000040000000020000ffff00000d9f000000300000000000000006000000d2000003ff000002a70000000400004010"], 0x0)
shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r6, &(0x7f00000004c0)=""/57, 0x39)
r7 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r7, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
sendmmsg$inet6(r7, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom$inet6(r7, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = fsopen(&(0x7f0000000000)='msdos\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id'])

3.572347603s ago: executing program 0 (id=1352):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000fe6000/0x1000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f00000001c0)="337b0000f30fbdf92666f30f1ecc3e263e2e0f0f4ae8bb66b8bb750f8666efbafc0cec66b9800000c00f326635008000000f300f01c4baf80c66b8e8e12d80660eba270ced66b8806fffff640f080f21f8663500000f000f23f8baa100ed642e263e0f0010", 0x65}], 0x1, 0xa, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.910575304s ago: executing program 1 (id=1354):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r0, &(0x7f00000005c0)={'syz1\x00', {0x1, 0x8, 0xd}, 0x0, [0x0, 0x0, 0x0, 0xdb, 0x0, 0x0, 0x101, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0xfffffffe, 0x0, 0x47b07c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf60d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x171b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x1, 0x2], [0x0, 0x5, 0x0, 0x0, 0x0, 0xd1, 0x0, 0x80000000, 0x0, 0x0, 0x10000, 0xc157, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf9], [0x0, 0xa6d3, 0x3, 0x97aa, 0x0, 0x0, 0x80002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x400001, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x70bb], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x6, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000]}, 0x45c)
r1 = dup(r0)
ioctl$UI_DEV_CREATE(r1, 0x5501)
r2 = syz_io_uring_setup(0x70ca, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3, 0x179}, &(0x7f0000000100)=<r3=>0x0, &(0x7f00000007c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x6000, @fd_index=0x3, 0x0, &(0x7f0000000440)=[{&(0x7f0000000140)="f5", 0x1}], 0x1})
io_uring_enter(r2, 0x4d10, 0x2, 0x2, 0x0, 0x0)

2.700101137s ago: executing program 5 (id=1355):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_int(r3, 0x0, 0xa, &(0x7f00000010c0)=0xd, 0x3)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r5, 0x1, &(0x7f0000000140)=[&(0x7f0000064000/0x1000)=nil], &(0x7f0000000240)=[0x1], 0x0, 0x0)
syz_emit_ethernet(0x15a, &(0x7f0000000b80)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaabb81002a00080040e201480068000049b090780a0101007e356142e0000002072711ac1414bbac1414bbac141440ac1414bbffffffffac1414347f000001ac1414bbe000000194040100000000010000000000000000000000000200004e2000004e21000000010000033fe85500000000000000000080000000c70000000000000fff000004e600000002000000f0000000ae00000000000000010000000900000000000042a70000d05e0000000800000002000000bb000000020000000100000005000000f00000000a0000000b00000006000000830000000600000b5c00004010000000010000000700000004000000050060000000000008000070f40000000900000080000000000000008100000005000000060000508b000000040000000300000040000000020000ffff00000d9f000000300000000000000006000000d2000003ff000002a70000000400004010"], 0x0)
shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r6, &(0x7f00000004c0)=""/57, 0x39)
r7 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r7, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
sendmmsg$inet6(r7, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom$inet6(r7, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = fsopen(&(0x7f0000000000)='msdos\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id'])

2.576527709s ago: executing program 2 (id=1356):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_int(r3, 0x0, 0xa, &(0x7f00000010c0)=0xd, 0x3)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYRES16=0x0, @ANYBLOB="040026bd7000fbdbdf25440000000c009900020000003800000048025a80200001800500040002000000140005000700ffff020007000008070009000f00b4000380050006000000000005000600010000000500040002000000140003000000030003000800000008000200e307140003000500060007000200ff0105000600400005000700000000001400050005000700040027b10700f0b60700030005000600020000004a000200562f072800170118f11a1419111015283c21501207190255520c0f394408544c501e16331f2e1d04013e330c1430083c0e3132180321092a10000e4017301941353f0b0942480000740000800500060002000000140005000001fe000300ac0dff070180ff7fbd00140003003a000f00060007000600feff008002001400050000000d005800ff07d400ff0700000100050004000100000022000100140c0503030c1b041b48163060120930480160600200001224051802360900000c00028005000400020000004800008042000200163c512a1746052b4147264805381a150f53492e3e2a524c3e0501521a110d1e17305219422a0b2e48411c1d0154265334451200413e070a20163109013c00000c00008005000400010000002000038014000500060000012333f7ff150001000800c2d705000400000000007c0002800500060002000000080002004d3654513e0002001b24462e173e20111d0a2f0e534b3251084a2312282d4a39274308123b4520454b4c50323d03003749283728223156331154231615451f5751450000270002001d4c134740562f0e563f4017002232482e10010414413249420854504940061f4f172500"], 0x268}, 0x1, 0x0, 0x0, 0xd5}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r5, 0x1, &(0x7f0000000140)=[&(0x7f0000064000/0x1000)=nil], &(0x7f0000000240)=[0x1], 0x0, 0x0)
syz_emit_ethernet(0x15a, &(0x7f0000000b80)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaabb81002a00080040e201480068000049b090780a0101007e356142e0000002072711ac1414bbac1414bbac141440ac1414bbffffffffac1414347f000001ac1414bbe000000194040100000000010000000000000000000000000200004e2000004e21000000010000033fe85500000000000000000080000000c70000000000000fff000004e600000002000000f0000000ae00000000000000010000000900000000000042a70000d05e0000000800000002000000bb000000020000000100000005000000f00000000a0000000b00000006000000830000000600000b5c00004010000000010000000700000004000000050060000000000008000070f40000000900000080000000000000008100000005000000060000508b000000040000000300000040000000020000ffff00000d9f000000300000000000000006000000d2000003ff000002a70000000400004010"], 0x0)
shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r6, &(0x7f00000004c0)=""/57, 0x39)
r7 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r7, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
sendmmsg$inet6(r7, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom$inet6(r7, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = fsopen(&(0x7f0000000000)='msdos\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id'])

2.405830361s ago: executing program 0 (id=1357):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"})
r1 = syz_open_pts(r0, 0x900)
dup3(r1, r0, 0x80000)
ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000040)={0x9, 0x81, 0x7fff, 0x9, 0x1a, "dd99d1d7dbe6d961"})

1.772389682s ago: executing program 1 (id=1358):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_int(r3, 0x0, 0xa, &(0x7f00000010c0)=0xd, 0x3)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYRES16=0x0, @ANYBLOB="040026bd7000fbdbdf25440000000c009900020000003800000048025a80200001800500040002000000140005000700ffff020007000008070009000f00b4000380050006000000000005000600010000000500040002000000140003000000030003000800000008000200e307140003000500060007000200ff0105000600400005000700000000001400050005000700040027b10700f0b60700030005000600020000004a000200562f072800170118f11a1419111015283c21501207190255520c0f394408544c501e16331f2e1d04013e330c1430083c0e3132180321092a10000e4017301941353f0b0942480000740000800500060002000000140005000001fe000300ac0dff070180ff7fbd00140003003a000f00060007000600feff008002001400050000000d005800ff07d400ff0700000100050004000100000022000100140c0503030c1b041b48163060120930480160600200001224051802360900000c00028005000400020000004800008042000200163c512a1746052b4147264805381a150f53492e3e2a524c3e0501521a110d1e17305219422a0b2e48411c1d0154265334451200413e070a20163109013c00000c00008005000400010000002000038014000500060000012333f7ff150001000800c2d705000400000000007c0002800500060002000000080002004d3654513e0002001b24462e173e20111d0a2f0e534b3251084a2312282d4a39274308123b4520454b4c50323d03003749283728223156331154231615451f5751450000270002001d4c134740562f0e563f4017002232482e10010414413249420854504940061f4f172500"], 0x268}, 0x1, 0x0, 0x0, 0xd5}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r5, 0x1, &(0x7f0000000140)=[&(0x7f0000064000/0x1000)=nil], &(0x7f0000000240)=[0x1], 0x0, 0x0)
syz_emit_ethernet(0x15a, &(0x7f0000000b80)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaabb81002a00080040e201480068000049b090780a0101007e356142e0000002072711ac1414bbac1414bbac141440ac1414bbffffffffac1414347f000001ac1414bbe000000194040100000000010000000000000000000000000200004e2000004e21000000010000033fe85500000000000000000080000000c70000000000000fff000004e600000002000000f0000000ae00000000000000010000000900000000000042a70000d05e0000000800000002000000bb000000020000000100000005000000f00000000a0000000b00000006000000830000000600000b5c00004010000000010000000700000004000000050060000000000008000070f40000000900000080000000000000008100000005000000060000508b000000040000000300000040000000020000ffff00000d9f000000300000000000000006000000d2000003ff000002a70000000400004010"], 0x0)
shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r6, &(0x7f00000004c0)=""/57, 0x39)
r7 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r7, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
sendmmsg$inet6(r7, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom$inet6(r7, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = fsopen(&(0x7f0000000000)='msdos\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id'])

1.645424094s ago: executing program 5 (id=1359):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0x8c0, &(0x7f0000000080)={[{@localalloc={'localalloc', 0x3d, 0xf}}, {@heartbeat_none}, {@heartbeat_none}, {@inode64}, {@coherency_full}, {@resv_level={'resv_level', 0x3d, 0x20}}, {@err_cont}, {@user_xattr}, {@acl}, {@data_writeback}, {@intr}, {@journal_async_commit}]}, 0x1, 0x444c, &(0x7f00000088c0)="$eJzs3c9rXNUeAPBzb9LXpK/tS/q66IMHb+AVFJWQdKWmYJqmTZM2Vqot4mY6SaZtdJIpyURcFIm7givBhQgWBTeSVcnCbf0T3Lis64Iu3AhCMTIzd5K584OOIZNo+/kscuee38n33jPnLm5OnCjdWljJLKxkckuZ4tyNlVOZ94uF1cV8iPdIy/4P7F3/bPniZKhomdmN62S/r71n2eWz59+8diqE7+Z/eLS5ublZiXxvaGmk7vOvv9yZ2z7GW+lxQ51yu61b2y3vhBCON42rrCeE8Pa3IUQhhDNJ2nhy7A8hHAnVvGt3Pr6e2aXR3H+YP519PHN3Y/Tk9Pq9jfa/exTC54X/vHRz8af/94z++MIudQ8AAAAAAAAAAAAAAAAAwN/c5JXLV98YHgkPotC7HjW/rzuZHNu9H7u5a/7XovWF3f+FAQAAAAAAAAAAAAAAAAAA4C9o+/3/THSsxfv/E8lxrE39zde6P0a6Z+r1yxPnhkeS/d+jpvyXk6Sfz/SEwaZ939P7rYe6fdZrWu//3tzPTtXGV+t3IETxUOo8joeGQvgq2fj9RHQoLhRXSi/eKK4uzUdtdrp/dqTjX929PxWdZEP/TuM/3tB+9/f//3fT1VQ+v757l9hTLR3/nrblvv4o6ij+Zxvq7UX82bl0/KvTYX99gbHqBFCO/ye9T47/REP73Yr/0RBCJiqPNZOaAcprmHJ6u/UKaen4H6ikpabO5A/Z7v7/rSH+5xra36/5f63xi4iW0vH/RyWtL1Vi+/4fjJ98/59vaH8/4l8e/5rv/46k43+wmpheFVf+kp3O/5MN7Xcr/lfjZJxHo9QVsB5V09v9vzrS0vHva8rffv6LO1r/XWiov1fPf7V+a89/ten/+aj6/Edr6fj3ty3X6f0/1VCv2/P/WGX9x06l43+okpZeOw9UfnYa/+mG9rsV/8qqpK8W/+355PeD1fQvrf86ko7/P6uJcX2JtcrPyvovqot7VE1vXP9fbGh/P9Z/5fGvxd3t9WmRjv/hauKJ5nIffhPC9x18/19qqNf9+IcwbK2/Y+n4H2lbrnL/9z05/jPbHytPEd2O/3Pts5KrYq2b3QMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsu/HkOBCieCh1HsdDQyGcTc5PhEPRbG4+O1sozr23EsJEkp4Jx6KbheJsrpBdWCrO57O5QqE4F8K5JP946ItWCsVSdjF3+/xWW/3RrXxuuTSbz5VCCJNJ+n/DkVpbswulxdztEMKFrbx/xcXl27dyS9n5heVXh4eHh8PU1hgGo/wHpfxSqdp7NTeE6a26A1Hd4CrZF7fGcjh6t7i6vJQrVNIv1dUpFOdyhbo6M0nep2EwKi2vLs3lSvlsoXiz1t9+GkuOE1NX3rpyaaQp/3pUPY7v7bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMejL7yWQiht3oWhxDGah+iVuXvP8yfzj6eubsxenJ6/d7Go3blAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4gx04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirs0jFKA0EUBuA3Y6F2HsNq2e1sVxTRwhXBE+gxPIwexUt4hxQp0qYIgWQWwmYXtkmq72sezM/MezAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCep/fu461uIlJcbS4j/r7+F4f5S6k/9+P3L84wI6fz/No9PNZN+fd0lN+Vo2Wbd+l69f0ZI7X3O9iT4T7t9X2uJ+ea2rep+fq+N5FyFRFtyW9TzlU17y0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDLDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgWAAAAABAmL91FH0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8CgAA//9Q/R+A")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000540), 0x44800, 0x0)
sendfile(r1, r2, 0x0, 0xfffe82)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2, 0x11, r0, 0x0)
read(r0, &(0x7f0000001400)=""/4096, 0x1000)

1.609018464s ago: executing program 2 (id=1360):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000005700)={{0x1, 0x0, 0x80, {0xd000, 0xdddd1000}}, "cb31455c9e9d288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97af85a08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adb41456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61280000008067810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d03ff4b723d86b7564e550378599c3e0c7a5cd6bea1d76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e259ce021216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e50100cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d744bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf40334f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e1549d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4061d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa710c3e20fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362eb5bf86fce896dbc2a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca433d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a41ba51d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eeae43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b5511ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.200199241s ago: executing program 2 (id=1361):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "41328ac34a4ad2ba", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38)
sendmsg$DEVLINK_CMD_TRAP_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x8000)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000019600)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x2}}], 0x28}, 0x0)

1.094373182s ago: executing program 2 (id=1362):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0xa7210e10bc3c9def)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000540)='./file0\x00', 0x184)
renameat(r1, &(0x7f00000025c0)='./file0\x00', r1, &(0x7f0000002600)='./file1\x00')
fchdir(r0)
open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0)

918.567195ms ago: executing program 2 (id=1363):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x4)
io_setup(0x2007, &(0x7f0000000980)=<r1=>0x0)
r2 = eventfd2(0x0, 0x0)
io_submit(r1, 0x1, &(0x7f0000000280)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r2}])
ppoll(&(0x7f0000000880)=[{r2, 0x1001}], 0x1, 0x0, 0x0, 0x0)
shutdown(r0, 0x0)

778.057347ms ago: executing program 0 (id=1364):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_int(r3, 0x0, 0xa, &(0x7f00000010c0)=0xd, 0x3)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYRES16=0x0, @ANYBLOB="040026bd7000fbdbdf25440000000c009900020000003800000048025a80200001800500040002000000140005000700ffff020007000008070009000f00b4000380050006000000000005000600010000000500040002000000140003000000030003000800000008000200e307140003000500060007000200ff0105000600400005000700000000001400050005000700040027b10700f0b60700030005000600020000004a000200562f072800170118f11a1419111015283c21501207190255520c0f394408544c501e16331f2e1d04013e330c1430083c0e3132180321092a10000e4017301941353f0b0942480000740000800500060002000000140005000001fe000300ac0dff070180ff7fbd00140003003a000f00060007000600feff008002001400050000000d005800ff07d400ff0700000100050004000100000022000100140c0503030c1b041b48163060120930480160600200001224051802360900000c00028005000400020000004800008042000200163c512a1746052b4147264805381a150f53492e3e2a524c3e0501521a110d1e17305219422a0b2e48411c1d0154265334451200413e070a20163109013c00000c00008005000400010000002000038014000500060000012333f7ff150001000800c2d705000400000000007c0002800500060002000000080002004d3654513e0002001b24462e173e20111d0a2f0e534b3251084a2312282d4a39274308123b4520454b4c50323d03003749283728223156331154231615451f5751450000270002001d4c134740562f0e563f4017002232482e10010414413249420854504940061f4f172500"], 0x268}, 0x1, 0x0, 0x0, 0xd5}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r5, 0x1, &(0x7f0000000140)=[&(0x7f0000064000/0x1000)=nil], &(0x7f0000000240)=[0x1], 0x0, 0x0)
syz_emit_ethernet(0x15a, &(0x7f0000000b80)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaabb81002a00080040e201480068000049b090780a0101007e356142e0000002072711ac1414bbac1414bbac141440ac1414bbffffffffac1414347f000001ac1414bbe000000194040100000000010000000000000000000000000200004e2000004e21000000010000033fe85500000000000000000080000000c70000000000000fff000004e600000002000000f0000000ae00000000000000010000000900000000000042a70000d05e0000000800000002000000bb000000020000000100000005000000f00000000a0000000b00000006000000830000000600000b5c00004010000000010000000700000004000000050060000000000008000070f40000000900000080000000000000008100000005000000060000508b000000040000000300000040000000020000ffff00000d9f000000300000000000000006000000d2000003ff000002a70000000400004010"], 0x0)
shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r6, &(0x7f00000004c0)=""/57, 0x39)
r7 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r7, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
sendmmsg$inet6(r7, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom$inet6(r7, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = fsopen(&(0x7f0000000000)='msdos\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id'])

707.777218ms ago: executing program 1 (id=1365):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
ioctl$FIGETBSZ(r0, 0x2, 0x0)

0s ago: executing program 2 (id=1366):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5})
r0 = socket$inet(0xa, 0x801, 0x84)
sendto$inet(r0, &(0x7f0000000080)='w', 0x34000, 0x0, &(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010102}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x4)
r2 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$inet(r2, &(0x7f0000000f00)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010102}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000100)='f', 0x1}], 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="20000000000000008400000008"], 0x20}, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)

kernel console output (not intermixed with test programs):

T8299] smc: adding ib device syz2 with port count 1
[  476.203031][ T8299] smc:    ib device syz2 port 1 has pnetid 
[  476.211409][ T8299] ip6_vti0 speed is unknown, defaulting to 1000
[  476.343973][ T8299] ip6_vti0 speed is unknown, defaulting to 1000
[  476.467536][ T8299] ip6_vti0 speed is unknown, defaulting to 1000
[  476.590245][ T8299] ip6_vti0 speed is unknown, defaulting to 1000
[  476.714182][ T5836] ip6_vti0 speed is unknown, defaulting to 1000
[  476.721217][ T8294] vhci_hcd: connection reset by peer
[  477.101219][ T3432] vhci_hcd: stop threads
[  477.224456][ T3432] vhci_hcd: release socket
[  477.229388][ T3432] vhci_hcd: disconnect device
[  479.204390][ T8329] loop1: detected capacity change from 0 to 32768
[  479.232313][ T8329] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.442 (8329)
[  479.247752][ T8329] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  479.259281][ T8329] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  479.268054][ T8329] BTRFS info (device loop1): setting nodatacow, compression disabled
[  479.276260][ T8329] BTRFS info (device loop1): max_inline at 0
[  479.282260][ T8329] BTRFS info (device loop1): enabling disk space caching
[  479.289352][ T8329] BTRFS info (device loop1): turning off barriers
[  479.295826][ T8329] BTRFS info (device loop1): turning on flush-on-commit
[  479.302795][ T8329] BTRFS info (device loop1): doing ref verification
[  479.309623][ T8329] BTRFS info (device loop1): force clearing of disk cache
[  479.316869][ T8329] BTRFS info (device loop1): enabling ssd optimizations
[  479.323864][ T8329] BTRFS info (device loop1): max_inline at 4096
[  479.330197][ T8329] BTRFS info (device loop1): disk space caching is enabled
[  479.478406][ T8333] syz_tun: left allmulticast mode
[  479.483834][ T8333] syz_tun: left promiscuous mode
[  479.510560][ T8333] bridge0: port 3(syz_tun) entered disabled state
[  479.685118][ T8329] BTRFS info (device loop1): auto enabling async discard
[  479.696572][ T8329] BTRFS info (device loop1): rebuilding free space tree
[  479.716945][ T8329] BTRFS info (device loop1): disabling free space tree
[  479.723866][ T8329] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  479.733618][ T8329] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  480.006460][ T8337] loop4: detected capacity change from 0 to 4096
[  480.968530][ T8333] bridge_slave_0: left allmulticast mode
[  481.002356][ T8333] bridge_slave_0: left promiscuous mode
[  481.021288][ T8333] bridge0: port 1(bridge_slave_0) entered disabled state
[  481.040745][ T2130] vhci_hcd: vhci_device speed not set
[  481.273820][   T28] kauditd_printk_skb: 2 callbacks suppressed
[  481.273866][   T28] audit: type=1800 audit(1752891641.185:149): pid=8357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.442" name="bus" dev="overlay" ino=270 res=0 errno=0
[  481.941352][ T8363] netlink: 72 bytes leftover after parsing attributes in process `syz.0.446'.
[  483.214492][ T8333] bridge_slave_1: left allmulticast mode
[  483.257571][ T8333] bridge_slave_1: left promiscuous mode
[  483.263444][ T8333] bridge0: port 2(bridge_slave_1) entered disabled state
[  484.236361][   T50] Bluetooth: hci4: unexpected event for opcode 0x0000
[  484.437732][ T8333] bond0: (slave bond_slave_0): Releasing backup interface
[  485.003795][ T8333] bond0: (slave bond_slave_1): Releasing backup interface
[  485.331734][ T8374] loop4: detected capacity change from 0 to 128
[  487.574897][ T8333] team0: Port device team_slave_0 removed
[  487.623503][ T8374] EXT4-fs: error -4 creating inode table initialization thread
[  487.654021][ T8374] EXT4-fs (loop4): mount failed
[  487.758131][ T8333] team0: Port device team_slave_1 removed
[  487.765253][ T8333] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  487.772690][ T8333] batman_adv: batadv0: Removing interface: batadv_slave_0
[  487.813362][ T5797] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  488.015496][ T8333] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  488.024131][ T8333] batman_adv: batadv0: Removing interface: batadv_slave_1
[  488.781592][   T50] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  488.790805][   T50] Bluetooth: hci4: Injecting HCI hardware error event
[  488.800719][ T5796] Bluetooth: hci4: hardware error 0x00
[  490.915651][ T5796] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  491.951622][ T8406] loop2: detected capacity change from 0 to 2048
[  492.153115][ T8410] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  492.908787][ T8406] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  494.121247][ T8421] loop1: detected capacity change from 0 to 4096
[  494.346947][ T5796] Bluetooth: hci3: command 0x0406 tx timeout
[  497.311879][ T8443] tipc: Cannot configure node identity twice
[  499.061906][ T8444] sctp: failed to load transform for md5: -2
[  501.611203][ T8478] hub 8-0:1.0: USB hub found
[  501.628365][ T8478] hub 8-0:1.0: 1 port detected
[  501.969283][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  501.975659][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  503.200252][ T8495] syz.2.468 uses obsolete (PF_INET,SOCK_PACKET)
[  503.228706][ T5796] Bluetooth: hci3: unexpected event for opcode 0x2042
[  507.396777][ T5796] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  507.406049][ T5796] Bluetooth: hci3: Injecting HCI hardware error event
[  507.421790][   T50] Bluetooth: hci3: hardware error 0x00
[  509.556022][   T50] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  520.504827][ T8622] netlink: 80 bytes leftover after parsing attributes in process `syz.0.490'.
[  522.457649][   T50] Bluetooth: hci2: Invalid handle: 0xff00 > 0x0eff
[  522.495409][ T8629] netlink: 4 bytes leftover after parsing attributes in process `syz.4.491'.
[  522.506452][ T8629] netlink: 12 bytes leftover after parsing attributes in process `syz.4.491'.
[  526.534506][ T5913] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  527.434988][ T5913] usb 2-1: Using ep0 maxpacket: 16
[  527.467362][ T5913] usb 2-1: unable to get BOS descriptor or descriptor too short
[  527.501857][ T5913] usb 2-1: config 218 has an invalid interface number: 5 but max is 0
[  527.533946][ T5913] usb 2-1: config 218 has no interface number 0
[  527.561474][ T8694] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  527.569191][ T5913] usb 2-1: config 218 interface 5 has no altsetting 0
[  527.591436][ T5913] usb 2-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=f1.1d
[  527.608911][ T8694] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  527.654375][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.670510][ T5913] usb 2-1: Product: syz
[  527.684427][ T5913] usb 2-1: Manufacturer: syz
[  527.696037][ T5913] usb 2-1: SerialNumber: syz
[  528.100050][ T5913] snd-usb-audio: probe of 2-1:218.5 failed with error -22
[  528.138770][ T5913] usb 2-1: USB disconnect, device number 2
[  528.398085][ T8706] loop4: detected capacity change from 0 to 2048
[  528.410305][ T8706] EXT4-fs: Ignoring removed mblk_io_submit option
[  528.492027][ T8706] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  528.714932][ T7369] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  529.294393][ T5913] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  530.147094][ T5913] usb 5-1: Using ep0 maxpacket: 16
[  530.179370][ T5913] usb 5-1: unable to get BOS descriptor or descriptor too short
[  530.199073][ T5913] usb 5-1: config 13 has an invalid interface number: 101 but max is 0
[  530.214368][ T5913] usb 5-1: config 13 has no interface number 0
[  530.232215][ T5913] usb 5-1: config 13 interface 101 has no altsetting 0
[  530.254053][ T5913] usb 5-1: New USB device found, idVendor=2040, idProduct=5510, bcdDevice=1e.4f
[  530.273654][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  530.301568][ T5913] usb 5-1: Product: syz
[  530.314571][ T5913] usb 5-1: Manufacturer: syz
[  530.319224][ T5913] usb 5-1: SerialNumber: syz
[  530.409039][ T8704] loop0: detected capacity change from 0 to 65536
[  530.442270][ T8704] XFS (loop0): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  530.472569][ T8704] XFS (loop0): Ending clean mount
[  530.611483][ T5913] smsusb:smsusb_probe: board id=8, interface number 101
[  530.629632][ T5913] usb 5-1: USB disconnect, device number 4
[  530.653245][ T5790] XFS (loop0): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  531.416176][ T8737] loop0: detected capacity change from 0 to 512
[  531.443844][ T8737] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  531.504412][ T8737] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  531.533769][ T8737] EXT4-fs (loop0): orphan cleanup on readonly fs
[  531.546607][ T8737] EXT4-fs error (device loop0): mb_free_blocks:1943: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[  531.674893][ T8737] EXT4-fs (loop0): Remounting filesystem read-only
[  531.794016][ T8737] EXT4-fs (loop0): 1 truncate cleaned up
[  531.855914][ T8737] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  532.846713][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  533.043942][ T8755] netlink: 'syz.1.521': attribute type 32 has an invalid length.
[  533.387416][ T8759] loop0: detected capacity change from 0 to 32768
[  533.411517][ T8759] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.519 (8759)
[  533.435728][ T8759] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  533.445964][ T8759] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  533.454730][ T8759] BTRFS info (device loop0): setting nodatacow, compression disabled
[  533.462838][ T8759] BTRFS info (device loop0): max_inline at 0
[  533.468973][ T8759] BTRFS info (device loop0): enabling disk space caching
[  533.476085][ T8759] BTRFS info (device loop0): turning off barriers
[  533.482516][ T8759] BTRFS info (device loop0): turning on flush-on-commit
[  533.489509][ T8759] BTRFS info (device loop0): doing ref verification
[  533.496149][ T8759] BTRFS info (device loop0): force clearing of disk cache
[  533.503368][ T8759] BTRFS info (device loop0): enabling ssd optimizations
[  533.510511][ T8759] BTRFS info (device loop0): max_inline at 4096
[  533.516818][ T8759] BTRFS info (device loop0): disk space caching is enabled
[  533.659273][ T8759] BTRFS info (device loop0): auto enabling async discard
[  533.667914][ T8759] BTRFS info (device loop0): rebuilding free space tree
[  533.704998][ T8759] BTRFS info (device loop0): disabling free space tree
[  533.711932][ T8759] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  533.721680][ T8759] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  534.179493][   T28] audit: type=1800 audit(1752891694.015:150): pid=8779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.519" name="bus" dev="loop0" ino=270 res=0 errno=0
[  534.770985][ T8776] loop1: detected capacity change from 0 to 4096
[  534.900413][ T8776] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  535.190215][ T8776] ntfs: volume version 3.1.
[  535.697317][ T5790] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  538.080495][ T8809] loop0: detected capacity change from 0 to 256
[  538.160193][ T8809] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d)
[  538.281156][ T8811] loop4: detected capacity change from 0 to 4096
[  538.298723][ T8811] ntfs: (device loop4): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  538.331505][ T8809] exFAT-fs (loop0): error, invalid access to FAT free cluster (entry 0x00000008)
[  538.545792][ T8816] loop2: detected capacity change from 0 to 32768
[  538.559706][ T8809] exFAT-fs (loop0): Filesystem has been set read-only
[  538.572418][ T8816] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.533 (8816)
[  538.625453][ T8816] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  538.636799][ T8816] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  538.645557][ T8816] BTRFS info (device loop2): setting nodatacow, compression disabled
[  538.653658][ T8816] BTRFS info (device loop2): max_inline at 0
[  538.659751][ T8816] BTRFS info (device loop2): enabling disk space caching
[  538.666885][ T8816] BTRFS info (device loop2): turning off barriers
[  538.673313][ T8816] BTRFS info (device loop2): turning on flush-on-commit
[  538.680316][ T8816] BTRFS info (device loop2): doing ref verification
[  538.686935][ T8816] BTRFS info (device loop2): force clearing of disk cache
[  538.694064][ T8816] BTRFS info (device loop2): enabling ssd optimizations
[  538.701098][ T8816] BTRFS info (device loop2): max_inline at 4096
[  538.707374][ T8816] BTRFS info (device loop2): disk space caching is enabled
[  538.802259][ T8811] ntfs: volume version 3.1.
[  538.815453][ T8816] BTRFS info (device loop2): auto enabling async discard
[  538.823984][ T8816] BTRFS info (device loop2): rebuilding free space tree
[  538.906675][ T8816] BTRFS info (device loop2): disabling free space tree
[  538.913598][ T8816] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  538.923284][ T8816] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  539.297002][   T28] audit: type=1800 audit(1752891699.215:151): pid=8837 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.533" name="bus" dev="overlay" ino=270 res=0 errno=0
[  540.407102][ T5800] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  540.412714][ T8849] loop4: detected capacity change from 0 to 1024
[  540.525733][ T8849] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  540.772752][ T7369] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  541.230811][ T8848] loop1: detected capacity change from 0 to 32768
[  541.251015][ T8848] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.544 (8848)
[  541.318834][ T8848] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  541.344522][ T8848] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  541.373691][ T8848] BTRFS info (device loop1): turning off barriers
[  541.393061][ T8848] BTRFS info (device loop1): setting nodatasum
[  541.401167][ T8848] BTRFS info (device loop1): use zlib compression, level 3
[  541.436763][ T8848] BTRFS info (device loop1): using free space tree
[  541.529088][ T8878] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  541.789010][ T8877] loop0: detected capacity change from 0 to 4096
[  541.825229][ T8877] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  541.914987][ T5797] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  541.949418][ T8877] ntfs: volume version 3.1.
[  542.663176][ T8899] loop4: detected capacity change from 0 to 256
[  542.675260][ T8899] exfat: Deprecated parameter 'utf8'
[  543.032201][ T8899] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x7b823c56, utbl_chksum : 0xe619d30d)
[  544.374452][ T8910] loop0: detected capacity change from 0 to 512
[  544.445450][ T8910] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  544.474414][ T8910] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  544.482648][ T8910] System zones: 0-1, 15-15, 18-18, 34-34
[  544.493310][ T8910] EXT4-fs (loop0): orphan cleanup on readonly fs
[  544.501945][ T8910] Quota error (device loop0): v2_read_header: Failed header read: expected=8 got=0
[  544.511759][ T8910] EXT4-fs warning (device loop0): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  544.526489][ T8910] EXT4-fs (loop0): Cannot turn on quotas: error -22
[  544.549417][ T8910] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.560: bg 0: block 40: padding at end of block bitmap is not set
[  544.580681][ T8910] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6642: Corrupt filesystem
[  544.608605][ T8910] EXT4-fs (loop0): 1 truncate cleaned up
[  544.619804][ T8910] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  544.710646][ T8910] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  544.724662][ T8910] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  544.819050][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  544.913897][ T8917] loop2: detected capacity change from 0 to 4096
[  544.959985][ T8917] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  544.995787][ T8919] loop4: detected capacity change from 0 to 2048
[  545.615266][ T8919] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  545.677985][ T8917] ntfs: volume version 3.1.
[  546.104396][ T5843] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  547.014306][ T5843] usb 1-1: Using ep0 maxpacket: 16
[  547.027656][ T5843] usb 1-1: unable to get BOS descriptor or descriptor too short
[  547.057174][ T5843] usb 1-1: config 13 has an invalid interface number: 101 but max is 0
[  547.072392][ T5843] usb 1-1: config 13 has no interface number 0
[  547.084558][ T5843] usb 1-1: config 13 interface 101 has no altsetting 0
[  547.097961][ T5843] usb 1-1: New USB device found, idVendor=2040, idProduct=5510, bcdDevice=1e.4f
[  547.134270][ T5843] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  547.142337][ T5843] usb 1-1: Product: syz
[  547.174598][ T5843] usb 1-1: Manufacturer: syz
[  547.179268][ T5843] usb 1-1: SerialNumber: syz
[  547.273462][ T8944] loop4: detected capacity change from 0 to 16
[  547.311128][ T8944] erofs: (device loop4): mounted with root inode @ nid 36.
[  547.457727][ T5843] smsusb:smsusb_probe: board id=8, interface number 101
[  547.492472][ T5843] usb 1-1: USB disconnect, device number 4
[  548.231690][    T9] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  548.317190][ T8953] loop2: detected capacity change from 0 to 64
[  548.423631][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  548.442841][    T9] usb 2-1: not running at top speed; connect to a high speed hub
[  548.456207][    T9] usb 2-1: New USB device found, idVendor=1235, idProduct=4661, bcdDevice=ae.13
[  548.469882][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  548.479330][    T9] usb 2-1: Product: syz
[  548.483544][    T9] usb 2-1: Manufacturer: syz
[  548.495179][    T9] usb 2-1: SerialNumber: syz
[  549.395022][    T9] usb 2-1: Quirk or no altest; falling back to MIDI 1.0
[  549.481813][ T8963] loop4: detected capacity change from 0 to 256
[  549.521314][    T9] snd-usb-audio: probe of 2-1:8.0 failed with error -2
[  549.544621][    T9] usb 2-1: USB disconnect, device number 3
[  549.651741][ T8969] netlink: 104 bytes leftover after parsing attributes in process `syz.1.584'.
[  549.665591][ T7931] udevd[7931]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:8.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  549.684213][ T8963] FAT-fs (loop4): Directory bread(block 64) failed
[  549.690934][ T8963] FAT-fs (loop4): Directory bread(block 65) failed
[  549.745366][ T8963] FAT-fs (loop4): Directory bread(block 66) failed
[  549.751966][ T8963] FAT-fs (loop4): Directory bread(block 67) failed
[  549.784893][ T8963] FAT-fs (loop4): Directory bread(block 68) failed
[  549.792775][ T8963] FAT-fs (loop4): Directory bread(block 69) failed
[  549.814400][ T8963] FAT-fs (loop4): Directory bread(block 70) failed
[  549.854344][ T8963] FAT-fs (loop4): Directory bread(block 71) failed
[  549.861540][ T8963] FAT-fs (loop4): Directory bread(block 72) failed
[  549.889818][ T8963] FAT-fs (loop4): Directory bread(block 73) failed
[  550.082051][ T8971] loop0: detected capacity change from 0 to 4096
[  550.107897][ T8963] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF
[  550.140662][ T8971] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  550.465704][ T8977] netlink: 4 bytes leftover after parsing attributes in process `syz.1.587'.
[  550.537709][ T8977] netlink: 12 bytes leftover after parsing attributes in process `syz.1.587'.
[  551.111084][ T8971] ntfs: volume version 3.1.
[  551.665411][ T8981] loop4: detected capacity change from 0 to 1024
[  551.777186][ T8983] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  551.802358][ T8983] syzkaller0: entered promiscuous mode
[  551.829635][ T8983] syzkaller0: entered allmulticast mode
[  551.872539][ T8981] afs: Unexpected value for 'dyn'
[  552.077541][ T8967] loop2: detected capacity change from 0 to 40427
[  552.107126][ T8967] F2FS-fs (loop2): build fault injection attr: rate: 14, type: 0x7ffff
[  552.148223][ T8967] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x8c
[  552.180091][ T8967] F2FS-fs (loop2): invalid crc value
[  552.214650][ T8967] F2FS-fs (loop2): Found nat_bits in checkpoint
[  552.339101][ T8967] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x644/0x920
[  552.435694][ T5843] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  552.445828][ T8967] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  552.639695][ T5843] usb 5-1: unable to get BOS descriptor or descriptor too short
[  552.655963][ T5843] usb 5-1: not running at top speed; connect to a high speed hub
[  552.679588][ T5843] usb 5-1: New USB device found, idVendor=1235, idProduct=4661, bcdDevice=ae.13
[  552.704685][ T5843] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  552.731375][ T5843] usb 5-1: Product: syz
[  552.740106][ T9006] ubi0: attaching mtd0
[  552.749599][ T5843] usb 5-1: Manufacturer: syz
[  552.758983][ T5843] usb 5-1: SerialNumber: syz
[  552.771645][ T9006] ubi0: scanning is finished
[  552.789581][ T9006] ubi0: empty MTD device detected
[  552.934679][ T9006] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  552.972241][ T9006] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  553.020449][ T9006] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  553.037323][ T5843] usb 5-1: Quirk or no altest; falling back to MIDI 1.0
[  553.054565][ T9006] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  553.074306][ T9006] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  553.099034][ T9006] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  553.117342][ T9006] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 4064603534
[  553.147903][ T5843] snd-usb-audio: probe of 5-1:8.0 failed with error -2
[  553.165213][ T9006] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  553.178472][ T5843] usb 5-1: USB disconnect, device number 5
[  553.324861][ T9007] ubi0: background thread "ubi_bgt0d" started, PID 9007
[  553.795324][ T7931] udevd[7931]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:8.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  553.936407][ T9019] netlink: 8 bytes leftover after parsing attributes in process `syz.0.604'.
[  554.004585][ T9019] netlink: 12 bytes leftover after parsing attributes in process `syz.0.604'.
[  554.393597][ T9031] loop0: detected capacity change from 0 to 2048
[  554.444875][ T9031] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  554.485221][ T7931] udevd[7931]: incorrect nilfs2 checksum on /dev/loop0
[  554.513324][ T9037] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  554.528015][ T9038] loop1: detected capacity change from 0 to 16
[  554.578109][ T9038] erofs: (device loop1): mounted with root inode @ nid 36.
[  555.353474][ T9040] loop2: detected capacity change from 0 to 32768
[  555.388454][ T9040] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.613 (9040)
[  555.447871][ T9040] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  555.488041][ T9040] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  555.516054][ T9040] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8)
[  555.546423][ T9040] BTRFS info (device loop2): force lzo compression, level 0
[  555.553800][ T9040] BTRFS info (device loop2): turning on sync discard
[  555.580056][ T9040] BTRFS info (device loop2): force clearing of disk cache
[  555.604454][ T9040] BTRFS info (device loop2): enabling disk space caching
[  555.622102][ T9040] BTRFS info (device loop2): turning off discard
[  555.631946][ T9040] BTRFS info (device loop2): disk space caching is enabled
[  555.755557][ T9040] BTRFS info (device loop2): enabling ssd optimizations
[  555.780562][ T9043] loop1: detected capacity change from 0 to 40427
[  555.805095][ T9044] loop4: detected capacity change from 0 to 32768
[  555.820565][ T9040] BTRFS info (device loop2): rebuilding free space tree
[  555.836255][ T9043] F2FS-fs (loop1): invalid crc value
[  555.886887][ T9043] F2FS-fs (loop1): Found nat_bits in checkpoint
[  555.925433][ T9040] BTRFS info (device loop2): disabling free space tree
[  555.942671][ T9040] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  555.971084][ T9040] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  556.023034][ T9043] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  556.149641][ T9044] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  556.296096][ T5800] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  556.320239][ T9048] loop0: detected capacity change from 0 to 32768
[  556.356772][ T7369] (syz-executor,7369,1):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
[  556.445345][ T7369] ocfs2: Unmounting device (7,4) on (node local)
[  556.452745][ T9048] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  556.912786][ T9080] loop4: detected capacity change from 0 to 128
[  556.953298][ T9048] XFS (loop0): Ending clean mount
[  556.992571][ T9080] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  557.037184][ T9048] XFS (loop0): Quotacheck needed: Please wait.
[  557.155702][ T9080] ext4 filesystem being mounted at /82/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  557.228926][ T9048] XFS (loop0): Quotacheck: Done.
[  557.303515][ T7369] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  557.493215][ T5790] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  557.903140][ T9081] loop1: detected capacity change from 0 to 40427
[  557.955306][ T9081] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x7ffff
[  557.977719][ T9081] F2FS-fs (loop1): invalid crc value
[  558.013068][ T9081] F2FS-fs (loop1): Found nat_bits in checkpoint
[  558.081424][ T9096] loop0: detected capacity change from 0 to 1024
[  558.089483][ T9095] mac80211_hwsim hwsim11 syzkaller0: entered promiscuous mode
[  558.142613][ T9095] mac80211_hwsim hwsim11 syzkaller0: entered allmulticast mode
[  558.179830][ T9085] loop2: detected capacity change from 0 to 40427
[  558.186602][ T9081] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  558.251244][ T9085] F2FS-fs (loop2): heap/no_heap options were deprecated
[  558.311264][ T9085] F2FS-fs (loop2): invalid crc value
[  558.336509][   T11] hfsplus: b-tree write err: -5, ino 4
[  558.354675][ T5797] syz-executor: attempt to access beyond end of device
[  558.354675][ T5797] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  558.379214][ T9085] F2FS-fs (loop2): Found nat_bits in checkpoint
[  558.399982][ T5797] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  558.469713][ T9100] loop4: detected capacity change from 0 to 1024
[  558.561399][ T9100] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  558.566173][ T9102] loop0: detected capacity change from 0 to 512
[  558.579305][ T9085] F2FS-fs (loop2): Start checkpoint disabled!
[  558.605619][ T9085] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  558.617801][ T9100] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869)
[  558.664759][ T9100] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  558.709607][ T9100] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #3: comm syz.4.626: pblk 82 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  558.758503][ T9100] EXT4-fs (loop4): no journal found
[  558.794951][ T9100] EXT4-fs (loop4): can't get journal size
[  558.829934][ T9100] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  559.017576][ T9102] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  559.030342][ T7369] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  559.043862][ T9102] EXT4-fs (loop0): Test dummy encryption mode enabled
[  559.111479][ T9102] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13
[  559.210613][ T9102] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.627: attempt to clear invalid blocks 2 len 1
[  559.268159][ T9102] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  559.294569][ T9102] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.627: invalid indirect mapped block 1819239214 (level 0)
[  559.309523][ T9102] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.627: invalid indirect mapped block 1819239214 (level 1)
[  559.372648][ T9102] EXT4-fs (loop0): 1 truncate cleaned up
[  559.404124][ T9102] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  560.100316][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  560.347650][ T9131] loop1: detected capacity change from 0 to 256
[  561.476432][ T9142] loop1: detected capacity change from 0 to 512
[  561.567065][ T9147] loop4: detected capacity change from 0 to 64
[  561.581268][ T9142] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  561.664302][ T5843] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  561.664438][ T9142] ext4 filesystem being mounted at /165/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  561.857092][ T5843] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  561.890339][ T5843] usb 1-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00
[  561.907635][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  561.914340][ T5843] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  561.930610][ T9144] loop2: detected capacity change from 0 to 32768
[  561.983832][ T5843] usb 1-1: config 0 descriptor??
[  562.159339][ T9144] ERROR: (device loop2): dtReadFirst: DT_GETPAGE: dtree page corrupt
[  562.159339][ T9144] 
[  562.166727][ T9153] loop4: detected capacity change from 0 to 1024
[  562.206182][ T9144] ERROR: (device loop2): remounting filesystem as read-only
[  562.215909][ T9144] jfs_readdir: unexpected rc = -5 from dtReadNext
[  562.957454][ T5843] uclogic 0003:2179:0053.0001: interface is invalid, ignoring
[  562.987452][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  562.994111][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  563.135297][ T5843] usb 1-1: USB disconnect, device number 5
[  563.140112][ T9162] loop1: detected capacity change from 0 to 16
[  563.183517][ T9162] erofs: (device loop1): mounted with root inode @ nid 36.
[  563.233206][   T50] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 0] out[9000]
[  563.336181][ T9162] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  563.368337][   T28] audit: type=1800 audit(1752891723.285:152): pid=9162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.646" name="file2" dev="loop1" ino=89 res=0 errno=0
[  564.345545][ T9169] syzkaller0: entered promiscuous mode
[  564.366572][ T9169] syzkaller0: entered allmulticast mode
[  565.385035][ T9167] loop4: detected capacity change from 0 to 32768
[  565.401836][ T9179] syzkaller0: entered promiscuous mode
[  565.424396][ T9179] syzkaller0: entered allmulticast mode
[  565.451655][ T9167] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[  565.547777][ T9167] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  565.733074][ T9186] loop2: detected capacity change from 0 to 8192
[  565.908876][ T7369] ocfs2: Unmounting device (7,4) on (node local)
[  567.000713][ T9202] loop4: detected capacity change from 0 to 2048
[  567.156705][ T9202] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  567.258383][ T9205] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  567.272634][ T9205] tipc: Resetting bearer <eth:syzkaller0>
[  567.458597][ T9204] tipc: Disabling bearer <eth:syzkaller0>
[  568.229662][ T9211] loop1: detected capacity change from 0 to 256
[  569.161356][ T9224] loop1: detected capacity change from 0 to 256
[  569.237196][ T9224] FAT-fs (loop1): Directory bread(block 64) failed
[  569.248802][ T9224] FAT-fs (loop1): Directory bread(block 65) failed
[  569.255856][ T9224] FAT-fs (loop1): Directory bread(block 66) failed
[  569.282498][ T9224] FAT-fs (loop1): Directory bread(block 67) failed
[  569.340984][ T9224] FAT-fs (loop1): Directory bread(block 68) failed
[  569.429855][ T9224] FAT-fs (loop1): Directory bread(block 69) failed
[  569.530940][ T9224] FAT-fs (loop1): Directory bread(block 70) failed
[  569.639403][ T9224] FAT-fs (loop1): Directory bread(block 71) failed
[  569.747066][ T9224] FAT-fs (loop1): Directory bread(block 72) failed
[  569.873997][ T9224] FAT-fs (loop1): Directory bread(block 73) failed
[  570.224878][ T9231] loop4: detected capacity change from 0 to 2048
[  570.297197][ T9231] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  570.453240][ T9234] loop1: detected capacity change from 0 to 4096
[  570.672235][ T9242] loop4: detected capacity change from 0 to 256
[  570.797444][ T9244] loop2: detected capacity change from 0 to 128
[  570.840079][ T9244] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  570.889764][ T9244] ext4 filesystem being mounted at /177/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  571.672800][ T9257] syzkaller0: entered promiscuous mode
[  571.682765][ T9257] syzkaller0: entered allmulticast mode
[  571.702484][ T5800] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  572.423836][ T9261] loop2: detected capacity change from 0 to 256
[  572.439291][ T9261] exfat: Deprecated parameter 'namecase'
[  572.475182][ T9261] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e0d861, utbl_chksum : 0xe619d30d)
[  573.146473][ T9267] loop4: detected capacity change from 0 to 32768
[  573.181005][ T9267] 
[  573.181005][ T9267]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  573.181005][ T9267] 
[  573.234158][ T9267] 
[  573.234158][ T9267]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  573.234158][ T9267] 
[  573.245661][ T9267] 
[  573.245661][ T9267]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  573.245661][ T9267] 
[  573.257400][ T9267] 
[  573.257400][ T9267]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  573.257400][ T9267] 
[  573.275192][ T9267] 
[  573.275192][ T9267]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  573.275192][ T9267] 
[  573.300726][ T9275] loop2: detected capacity change from 0 to 32768
[  573.317623][  T113] 
[  573.317623][  T113]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  573.317623][  T113] 
[  573.378719][ T9280] 
[  573.378719][ T9280]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  573.378719][ T9280] 
[  573.407615][ T9280] 
[  573.407615][ T9280]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  573.407615][ T9280] 
[  573.409963][ T9275] JBD2: Ignoring recovery information on journal
[  573.602010][ T9275] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  573.639089][ T7369] 
[  573.639089][ T7369]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  573.639089][ T7369] 
[  573.681392][ T7369] 
[  573.681392][ T7369]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  573.681392][ T7369] 
[  574.596742][ T5800] ocfs2: Unmounting device (7,2) on (node local)
[  574.904831][ T5796] Bluetooth: hci2: command 0x0406 tx timeout
[  575.126152][ T9301] loop4: detected capacity change from 0 to 1024
[  575.148451][ T9297] loop1: detected capacity change from 0 to 4096
[  575.178937][ T9297] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512).
[  575.217459][ T9301] hfsplus: bad catalog entry type
[  575.353574][   T12] hfsplus: b-tree write err: -5, ino 4
[  576.293864][ T9307] loop2: detected capacity change from 0 to 4096
[  576.306646][ T9307] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512).
[  577.952447][ T9299] loop0: detected capacity change from 0 to 32768
[  580.349171][ T9349] loop1: detected capacity change from 0 to 64
[  580.464495][ T9349] hfs: unable to load codepage "koi8m¤(�50"
[  580.470474][ T9349] hfs: unable to parse mount options
[  580.530535][ T5796] Bluetooth: hci2: unexpected event for opcode 0x0c12
[  580.730030][ T9356] loop1: detected capacity change from 0 to 256
[  580.878322][ T9333] loop0: detected capacity change from 0 to 32768
[  580.902346][ T9333] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.700 (9333)
[  580.933399][ T9356] FAT-fs (loop1): Directory bread(block 64) failed
[  580.952339][ T9356] FAT-fs (loop1): Directory bread(block 65) failed
[  580.972273][ T9356] FAT-fs (loop1): Directory bread(block 66) failed
[  580.984172][ T9347] loop4: detected capacity change from 0 to 32768
[  580.994857][ T9356] FAT-fs (loop1): Directory bread(block 67) failed
[  581.001518][ T9356] FAT-fs (loop1): Directory bread(block 68) failed
[  581.034033][ T9356] FAT-fs (loop1): Directory bread(block 69) failed
[  581.042965][ T9356] FAT-fs (loop1): Directory bread(block 70) failed
[  581.057091][ T9356] FAT-fs (loop1): Directory bread(block 71) failed
[  581.063924][ T9356] FAT-fs (loop1): Directory bread(block 72) failed
[  581.081308][ T9347] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.705 (9347)
[  581.148146][ T9356] FAT-fs (loop1): Directory bread(block 73) failed
[  581.211412][ T9333] BTRFS error (device loop0): open_ctree failed: -4
[  581.218386][ T9347] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  581.341200][ T9347] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  581.532468][ T9347] BTRFS info (device loop4): using free space tree
[  581.851939][ T7759] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by udevd (7759)
[  582.675549][ T9347] BTRFS info (device loop4): enabling ssd optimizations
[  582.712429][ T9347] BTRFS info (device loop4): auto enabling async discard
[  583.553009][ T7369] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  583.822483][ T9398] loop2: detected capacity change from 0 to 512
[  583.940326][ T9398] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.715: Invalid inode bitmap blk 4 in block_group 0
[  583.958376][ T9398] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  584.262486][ T9398] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters
[  584.335355][ T9398] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.715: Invalid inode bitmap blk 4 in block_group 0
[  584.433481][ T9398] EXT4-fs error (device loop2) in ext4_free_inode:363: Corrupt filesystem
[  584.484412][ T5913] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  584.584681][ T5796] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  584.594076][ T5796] Bluetooth: hci2: Injecting HCI hardware error event
[  584.604773][   T50] Bluetooth: hci2: hardware error 0x00
[  584.620809][ T5800] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  584.698511][ T5913] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  584.714446][ T5913] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  584.725150][ T5913] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  584.734171][ T5913] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  584.748678][ T5913] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  584.770517][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  584.804559][ T5913] usb 5-1: Product: syz
[  584.818217][ T5913] usb 5-1: Manufacturer: syz
[  584.866338][ T5913] cdc_wdm 5-1:1.0: skipping garbage
[  584.871611][ T5913] cdc_wdm 5-1:1.0: skipping garbage
[  584.935430][ T5913] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  584.945071][ T5913] cdc_wdm 5-1:1.0: Unknown control protocol
[  584.981174][ T9401] loop0: detected capacity change from 0 to 32768
[  585.038341][ T9401] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[  585.200601][ T9401] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  585.634666][ T5843] usb 5-1: USB disconnect, device number 6
[  585.899144][ T5790] ocfs2: Unmounting device (7,0) on (node local)
[  586.084506][ T9423] loop2: detected capacity change from 0 to 64
[  586.667969][   T50] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  586.860855][ T9428] Trying to free block not in datazone
[  586.992849][ T9430] loop4: detected capacity change from 0 to 64
[  587.823027][ T9442] loop2: detected capacity change from 0 to 256
[  587.844156][ T9442] exfat: Deprecated parameter 'utf8'
[  587.850282][ T9442] exfat: Deprecated parameter 'utf8'
[  587.907651][ T9442] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x23a77120, utbl_chksum : 0xe619d30d)
[  588.444356][ T5843] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  588.505865][ T9444] loop4: detected capacity change from 0 to 32768
[  588.542442][ T9444] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz.4.728 (9444)
[  588.660584][ T5843] usb 2-1: Using ep0 maxpacket: 8
[  588.767117][ T5843] usb 2-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb
[  588.954004][ T5843] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  589.123477][ T9433] loop0: detected capacity change from 0 to 32768
[  589.131798][ T5843] usb 2-1: Product: syz
[  589.150346][ T5843] usb 2-1: Manufacturer: syz
[  589.166177][ T5843] usb 2-1: SerialNumber: syz
[  589.369471][ T9444] BTRFS info (device loop4): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  589.434346][ T9433] read_mapping_page failed!
[  589.454313][ T9433] ERROR: (device loop0): txCommit: 
[  589.454313][ T9433] 
[  589.474340][ T9444] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm
[  589.494341][ T9433] ERROR: (device loop0): remounting filesystem as read-only
[  589.504343][ T9444] BTRFS info (device loop4): force zlib compression, level 3
[  589.515808][ T9454] loop2: detected capacity change from 0 to 256
[  589.533108][ T9444] BTRFS info (device loop4): force clearing of disk cache
[  589.570008][ T9444] BTRFS info (device loop4): setting nodatasum
[  589.594332][ T9444] BTRFS info (device loop4): doing ref verification
[  589.600993][ T9444] BTRFS info (device loop4): allowing degraded mounts
[  589.644814][ T9444] BTRFS info (device loop4): enabling disk space caching
[  589.651924][ T9444] BTRFS info (device loop4): disk space caching is enabled
[  589.681335][ T5843] mxuport 2-1:254.0: mxuport_recv_ctrl_urb - short read (0 / 4)
[  589.701263][ T5843] mxuport: probe of 2-1:254.0 failed with error -5
[  589.890353][ T9444] BTRFS info (device loop4): enabling ssd optimizations
[  589.914913][ T5913] usb 2-1: USB disconnect, device number 4
[  589.929888][ T9444] BTRFS info (device loop4): auto enabling async discard
[  589.956713][ T9444] BTRFS info (device loop4): rebuilding free space tree
[  590.541287][ T9444] BTRFS info (device loop4): disabling free space tree
[  590.550161][ T9444] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  590.572523][ T9444] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  590.843832][ T9444] BTRFS info (device loop4): balance: start -s
[  590.879080][ T9485] loop0: detected capacity change from 0 to 128
[  590.920736][ T9485] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  590.984441][ T9485] ext4 filesystem being mounted at /181/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  591.060889][ T9444] BTRFS info (device loop4): relocating block group 1048576 flags system
[  591.082287][ T9485] EXT4-fs warning (device loop0): verify_group_input:151: Cannot add at group 12829 (only 1 groups)
[  591.104272][ T9492] netlink: 'syz.1.736': attribute type 3 has an invalid length.
[  591.119101][ T9492] netlink: 'syz.1.736': attribute type 3 has an invalid length.
[  591.150406][ T9492] netlink: 'syz.1.736': attribute type 3 has an invalid length.
[  591.184609][ T9492] netlink: 'syz.1.736': attribute type 3 has an invalid length.
[  591.212748][ T9492] netlink: 'syz.1.736': attribute type 3 has an invalid length.
[  591.231379][ T9492] netlink: 'syz.1.736': attribute type 3 has an invalid length.
[  591.231752][ T5790] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  591.258249][ T9492] netlink: 'syz.1.736': attribute type 3 has an invalid length.
[  591.305551][ T9492] netlink: 'syz.1.736': attribute type 3 has an invalid length.
[  591.319415][ T9444] BTRFS info (device loop4): balance: ended with status: 0
[  591.363927][ T9492] netlink: 'syz.1.736': attribute type 3 has an invalid length.
[  591.389008][ T9492] netlink: 'syz.1.736': attribute type 3 has an invalid length.
[  591.655220][ T7369] BTRFS info (device loop4): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  592.248962][ T9500] loop1: detected capacity change from 0 to 256
[  592.461888][ T9487] loop2: detected capacity change from 0 to 40427
[  592.489261][ T9487] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  592.502071][ T9487] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  593.205652][ T9487] F2FS-fs (loop2): invalid crc value
[  593.279738][ T9514] loop1: detected capacity change from 0 to 512
[  593.301095][ T9487] F2FS-fs (loop2): Found nat_bits in checkpoint
[  593.396056][ T9514] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.742: Invalid inode bitmap blk 4 in block_group 0
[  593.420776][ T9514] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  593.474451][ T9514] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters
[  593.577039][ T9514] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.742: Invalid inode bitmap blk 4 in block_group 0
[  593.711028][ T9514] EXT4-fs error (device loop1) in ext4_free_inode:363: Corrupt filesystem
[  594.366310][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  595.088156][ T9511] loop4: detected capacity change from 0 to 32768
[  596.314599][   T55] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  596.868091][   T55] usb 3-1: config 0 has an invalid interface number: 11 but max is 0
[  596.914729][   T55] usb 3-1: config 0 has no interface number 0
[  596.921120][   T55] usb 3-1: config 0 interface 11 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 8
[  596.931482][   T55] usb 3-1: config 0 interface 11 altsetting 0 endpoint 0xE has invalid maxpacket 1023, setting to 64
[  596.953051][   T55] usb 3-1: config 0 interface 11 altsetting 0 bulk endpoint 0x87 has invalid maxpacket 1024
[  596.991291][   T55] usb 3-1: New USB device found, idVendor=0f3d, idProduct=68aa, bcdDevice=b4.ca
[  597.011457][   T55] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  597.021837][   T55] usb 3-1: Product: syz
[  597.033253][   T55] usb 3-1: Manufacturer: syz
[  597.038393][   T55] usb 3-1: SerialNumber: syz
[  597.054582][   T55] usb 3-1: config 0 descriptor??
[  597.134098][ T9540] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  597.144836][ T9540] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  597.410585][ T9540] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  597.418430][ T9540] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  597.455843][ T9529] loop0: detected capacity change from 0 to 32768
[  597.515042][ T9529] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/loop0": -EINTR
[  597.658571][   T55] usb 3-1: Incompatible driver and firmware versions
[  597.868700][   T55] usb 3-1: USB disconnect, device number 2
[  597.998055][ T9550] loop1: detected capacity change from 0 to 40427
[  598.039008][ T9550] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  598.058167][ T9552] loop4: detected capacity change from 0 to 32768
[  598.065070][ T9550] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  598.135601][ T9550] F2FS-fs (loop1): invalid crc value
[  598.165061][ T9550] F2FS-fs (loop1): Found nat_bits in checkpoint
[  598.328497][ T9550] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  598.354743][ T9550] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  598.595208][ T9558] loop0: detected capacity change from 0 to 32768
[  599.257792][ T9558] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  599.479773][ T7857] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  599.569937][ T9575] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  599.639053][ T5790] ocfs2: Unmounting device (7,0) on (node local)
[  599.714659][ T7857] usb 5-1: Using ep0 maxpacket: 32
[  600.145883][ T7857] usb 5-1: config 1 has an invalid interface number: 3 but max is 0
[  600.265290][ T7857] usb 5-1: config 1 has no interface number 0
[  600.271465][ T7857] usb 5-1: config 1 interface 3 has no altsetting 0
[  600.284521][ T7857] usb 5-1: New USB device found, idVendor=d084, idProduct=c487, bcdDevice=f4.ce
[  600.304310][ T7857] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  600.313868][ T7857] usb 5-1: Product: syz
[  600.328664][ T7857] usb 5-1: Manufacturer: syz
[  600.333358][ T7857] usb 5-1: SerialNumber: syz
[  600.594690][ T7857] usb 5-1: USB disconnect, device number 7
[  601.245210][ T9593] loop2: detected capacity change from 0 to 256
[  601.896924][ T9593] FAT-fs (loop2): error, clusters badly computed (0 != 128)
[  601.919465][   T28] audit: type=1800 audit(1752891761.805:153): pid=9593 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.760" name="file1" dev="loop2" ino=1048668 res=0 errno=0
[  601.957818][ T9593] FAT-fs (loop2): Filesystem has been set read-only
[  601.977690][ T9593] FAT-fs (loop2): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  602.292324][ T9612] loop1: detected capacity change from 0 to 512
[  602.326992][ T9612] EXT4-fs: Ignoring removed orlov option
[  602.907347][ T9612] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  602.982220][ T9612] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002]
[  603.027261][ T9612] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.767: corrupted in-inode xattr: e_value size too large
[  603.055351][ T9612] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.767: couldn't read orphan inode 15 (err -117)
[  603.111795][ T9612] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  603.297242][ T9606] loop0: detected capacity change from 0 to 32768
[  603.324484][ T9606] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.764 (9606)
[  603.402434][ T9606] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  603.430615][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  603.434347][ T9606] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  603.494984][ T9606] BTRFS info (device loop0): using free space tree
[  604.166926][ T9642] loop1: detected capacity change from 0 to 512
[  604.192594][ T9642] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  604.230238][ T9606] BTRFS info (device loop0): enabling ssd optimizations
[  604.239649][ T9606] BTRFS info (device loop0): auto enabling async discard
[  604.366276][ T9642] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  604.416617][ T9642] ext4 filesystem being mounted at /202/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  605.058497][ T5790] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  605.140277][ T9608] loop4: detected capacity change from 0 to 32768
[  605.456402][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  605.745950][    T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  606.394744][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  606.432877][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  606.456111][    T9] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  606.485009][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  606.525331][    T9] usb 5-1: config 0 descriptor??
[  606.906468][ T9654] loop2: detected capacity change from 0 to 32768
[  606.957959][ T9654] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.773 (9654)
[  607.007606][    T9] pyra 0003:1E7D:2CF6.0002: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.4-1/input0
[  607.028229][ T9654] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  607.043843][ T9654] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  607.052996][ T9654] BTRFS info (device loop2): turning on sync discard
[  607.073764][ T9654] BTRFS info (device loop2): use zlib compression, level 3
[  607.088727][ T9654] BTRFS info (device loop2): turning off barriers
[  607.114753][ T9654] BTRFS warning (device loop2): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  607.147468][    T9] pyra 0003:1E7D:2CF6.0002: couldn't init struct pyra_device
[  607.164290][ T9654] BTRFS info (device loop2): trying to use backup root at mount time
[  607.172585][    T9] pyra 0003:1E7D:2CF6.0002: couldn't install mouse
[  607.181727][ T9654] BTRFS info (device loop2): enabling auto defrag
[  607.191544][    T9] pyra: probe of 0003:1E7D:2CF6.0002 failed with error -71
[  607.200765][ T9654] BTRFS info (device loop2): max_inline at 0
[  607.211148][ T9654] BTRFS info (device loop2): using free space tree
[  607.217915][    T9] usb 5-1: USB disconnect, device number 8
[  607.316028][ T9669] fido_id[9669]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  607.356139][ T9660] loop1: detected capacity change from 0 to 32768
[  607.367253][ T3432] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  607.432510][ T9668] loop0: detected capacity change from 0 to 32768
[  607.455235][ T9654] BTRFS error (device loop2): failed to load root extent
[  607.464519][ T9654] BTRFS warning (device loop2): try to load backup roots slot 1
[  607.474365][ T3432] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  607.501957][ T9660] read_mapping_page failed!
[  607.516851][ T9654] BTRFS warning (device loop2): couldn't read tree root
[  607.523975][ T9654] BTRFS warning (device loop2): try to load backup roots slot 2
[  607.532311][ T9660] ERROR: (device loop1): txCommit: 
[  607.532311][ T9660] 
[  607.532624][ T9668] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  607.562525][ T3432] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  607.595807][ T9660] ERROR: (device loop1): remounting filesystem as read-only
[  607.621024][ T9654] BTRFS warning (device loop2): couldn't read tree root
[  607.629586][ T9654] BTRFS warning (device loop2): try to load backup roots slot 3
[  607.670951][ T9654] BTRFS info (device loop2): enabling ssd optimizations
[  607.710907][ T9654] BTRFS info (device loop2): rebuilding free space tree
[  607.804957][ T9654] BTRFS info (device loop2): checking UUID tree
[  607.899832][ T9668] XFS (loop0): Ending clean mount
[  607.961678][ T9668] XFS (loop0): Quotacheck needed: Please wait.
[  608.035603][ T5800] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  608.078021][   T55] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  608.160366][ T9668] XFS (loop0): Quotacheck: Done.
[  608.160872][ T9699] loop1: detected capacity change from 0 to 1024
[  608.219649][ T9699] hfsplus: bad catalog entry type
[  608.287490][   T55] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  608.326828][ T3432] hfsplus: b-tree write err: -5, ino 4
[  608.332650][   T55] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  608.335774][   T28] audit: type=1800 audit(1752891768.245:154): pid=9668 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.777" name="file1" dev="loop0" ino=9286 res=0 errno=0
[  608.373482][   T55] usb 5-1: New USB device found, idVendor=06cb, idProduct=2968, bcdDevice= 0.00
[  608.414284][   T55] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.466971][   T55] usb 5-1: config 0 descriptor??
[  608.591543][ T5790] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  608.652392][ T9705] loop1: detected capacity change from 0 to 65
[  608.684840][ T9705] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway
[  608.958568][   T55] itetech 0003:06CB:2968.0003: hidraw0: USB HID v0.00 Device [HID 06cb:2968] on usb-dummy_hcd.4-1/input0
[  609.215921][   T55] usb 5-1: USB disconnect, device number 9
[  610.269740][ T9725] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  610.288550][ T9725] syzkaller0: entered promiscuous mode
[  610.294072][ T9725] syzkaller0: entered allmulticast mode
[  610.345000][ T9725] tipc: Resetting bearer <eth:syzkaller0>
[  610.376215][ T9723] tipc: Resetting bearer <eth:syzkaller0>
[  610.435348][ T9723] tipc: Disabling bearer <eth:syzkaller0>
[  610.488524][ T9721] loop1: detected capacity change from 0 to 32768
[  610.532081][ T9721] (syz.1.786,9721,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  610.575968][ T9721] (syz.1.786,9721,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  610.648070][ T9721] (syz.1.786,9721,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC.
[  610.681939][ T9721] JBD2: Ignoring recovery information on journal
[  610.939002][ T9721] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  611.509566][ T9727] loop4: detected capacity change from 0 to 32768
[  611.660460][ T9724] loop2: detected capacity change from 0 to 32768
[  611.707048][ T9727] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  611.728560][ T9724] read_mapping_page failed!
[  611.741018][ T9724] ERROR: (device loop2): txCommit: 
[  611.741018][ T9724] 
[  611.776030][ T9724] ERROR: (device loop2): remounting filesystem as read-only
[  611.811705][ T5797] ocfs2: Unmounting device (7,1) on (node local)
[  612.064462][   T55] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  612.093762][ T7369] ocfs2: Unmounting device (7,4) on (node local)
[  612.188425][ T9743] loop1: detected capacity change from 0 to 256
[  612.240533][ T9743] FAT-fs (loop1): Directory bread(block 64) failed
[  612.261323][ T9743] FAT-fs (loop1): Directory bread(block 65) failed
[  612.273391][   T55] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  612.274760][ T9743] FAT-fs (loop1): Directory bread(block 66) failed
[  612.299076][ T9743] FAT-fs (loop1): Directory bread(block 67) failed
[  612.304403][ T5913] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  612.309479][ T9743] FAT-fs (loop1): Directory bread(block 68) failed
[  612.313364][   T55] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  612.322907][ T9743] FAT-fs (loop1): Directory bread(block 69) failed
[  612.340709][ T9743] FAT-fs (loop1): Directory bread(block 70) failed
[  612.354290][   T55] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  612.355410][ T9743] FAT-fs (loop1): Directory bread(block 71) failed
[  612.363366][   T55] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  612.405165][   T55] usb 1-1: config 0 descriptor??
[  612.415388][ T9743] FAT-fs (loop1): Directory bread(block 72) failed
[  612.425162][ T9743] FAT-fs (loop1): Directory bread(block 73) failed
[  612.528925][ T5913] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  612.548695][ T5913] usb 3-1: New USB device found, idVendor=056a, idProduct=00d4, bcdDevice= 0.00
[  612.559095][ T5913] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  612.573266][ T9745] loop4: detected capacity change from 0 to 64
[  612.585895][ T5913] usb 3-1: config 0 descriptor??
[  612.656831][ T9739] validate_nla: 42 callbacks suppressed
[  612.656849][ T9739] netlink: 'syz.0.790': attribute type 1 has an invalid length.
[  612.673160][ T9739] netlink: 220 bytes leftover after parsing attributes in process `syz.0.790'.
[  612.689632][ T7857] usb 1-1: USB disconnect, device number 6
[  613.142627][ T9756] loop4: detected capacity change from 0 to 512
[  613.612547][ T5913] wacom 0003:056A:00D4.0004: Unknown device_type for 'HID 056a:00d4'. Assuming pen.
[  613.615049][ T9756] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  613.636355][ T9756] ext4 filesystem being mounted at /125/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  613.657856][ T9756] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #2: comm syz.4.798: corrupted inode contents
[  613.681751][ T9756] EXT4-fs error (device loop4): ext4_dirty_inode:6106: inode #2: comm syz.4.798: mark_inode_dirty error
[  613.698491][ T9756] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #2: comm syz.4.798: corrupted inode contents
[  613.726798][ T9756] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #2: comm syz.4.798: corrupted inode contents
[  613.731943][ T5913] wacom 0003:056A:00D4.0004: hidraw0: USB HID vff.fe Device [HID 056a:00d4] on usb-dummy_hcd.2-1/input0
[  613.745440][ T9756] EXT4-fs error (device loop4): ext4_dirty_inode:6106: inode #2: comm syz.4.798: mark_inode_dirty error
[  613.781734][ T9756] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #2: comm syz.4.798: corrupted inode contents
[  613.814663][ T9756] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.798: mark_inode_dirty error
[  613.877440][ T5913] input: Wacom Bamboo Pen Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:00D4.0004/input/input11
[  613.910573][ T9756] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #2: comm syz.4.798: corrupted inode contents
[  613.973188][ T9756] EXT4-fs error (device loop4): ext4_dirty_inode:6106: inode #2: comm syz.4.798: mark_inode_dirty error
[  614.569147][ T9762] loop0: detected capacity change from 0 to 4096
[  614.631980][ T5913] usb 3-1: USB disconnect, device number 3
[  614.663775][ T7369] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  614.917651][ T9772] loop2: detected capacity change from 0 to 64
[  614.970573][ T9772] hfs: unable to locate alternate MDB
[  614.988689][ T9772] hfs: continuing without an alternate MDB
[  615.429960][ T9783] loop2: detected capacity change from 0 to 512
[  615.603913][ T9774] loop4: detected capacity change from 0 to 32768
[  615.629105][ T9774] (syz.4.801,9774,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  615.668222][ T9774] (syz.4.801,9774,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  615.720301][ T9774] (syz.4.801,9774,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC.
[  615.760385][ T9776] loop1: detected capacity change from 0 to 32768
[  615.779406][ T9786] loop2: detected capacity change from 0 to 64
[  615.783150][ T9774] JBD2: Ignoring recovery information on journal
[  615.954753][ T9774] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  616.699979][ T5843] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  616.866149][ T7369] ocfs2: Unmounting device (7,4) on (node local)
[  616.984973][ T5843] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  617.004245][ T5843] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  617.014764][ T5843] usb 1-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00
[  617.041927][ T5843] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  617.071277][ T5843] usb 1-1: config 0 descriptor??
[  617.358279][ T5828] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  618.096073][ T5828] usb 3-1: Using ep0 maxpacket: 16
[  618.105062][ T5843] samsung 0003:0419:0001.0005: unbalanced collection at end of report description
[  618.116348][ T5843] samsung 0003:0419:0001.0005: parse failed
[  618.122659][ T5843] samsung: probe of 0003:0419:0001.0005 failed with error -22
[  618.153412][ T5828] usb 3-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  618.234484][ T5828] usb 3-1: config 0 interface 0 has no altsetting 0
[  618.242099][ T5828] usb 3-1: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice= 0.00
[  618.284994][ T5828] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  618.312082][ T5828] usb 3-1: config 0 descriptor??
[  618.322315][ T5913] usb 1-1: USB disconnect, device number 7
[  618.380083][ T9820] tipc: Started in network mode
[  618.394365][ T9820] tipc: Node identity 080211000001, cluster identity 4711
[  618.414475][ T9820] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  618.794630][ T9818] loop1: detected capacity change from 0 to 32768
[  618.840593][ T9828] loop4: detected capacity change from 0 to 512
[  618.918140][ T9818] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[  618.968046][ T9828] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  619.096284][ T9828] ext4 filesystem being mounted at /131/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  619.600138][   T55] tipc: Node number set to 134418688
[  619.612460][ T5828] usb 3-1: USB disconnect, device number 4
[  619.703652][ T5797] ocfs2: Unmounting device (7,1) on (node local)
[  619.740000][ T9828] EXT4-fs warning (device loop4): verify_group_input:169: Last group not full
[  619.866085][ T7369] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  620.797578][ T9854] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  620.809519][ T9854] syzkaller0: entered promiscuous mode
[  621.197835][ T9854] syzkaller0: entered allmulticast mode
[  621.528985][ T9854] tipc: Resetting bearer <eth:syzkaller0>
[  621.576278][ T9853] tipc: Resetting bearer <eth:syzkaller0>
[  621.729692][ T9853] tipc: Disabling bearer <eth:syzkaller0>
[  621.960925][ T9842] loop0: detected capacity change from 0 to 32768
[  622.004508][ T9842] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz.0.821 (9842)
[  622.614847][ T9842] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  622.629153][ T9842] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[  622.640270][ T9842] BTRFS info (device loop0): force zlib compression, level 3
[  622.652135][ T9842] BTRFS info (device loop0): force clearing of disk cache
[  622.659711][ T9842] BTRFS info (device loop0): setting nodatasum
[  622.690105][ T9842] BTRFS info (device loop0): doing ref verification
[  622.698997][ T9842] BTRFS info (device loop0): allowing degraded mounts
[  622.707307][ T9842] BTRFS info (device loop0): enabling disk space caching
[  622.722001][ T9842] BTRFS info (device loop0): disk space caching is enabled
[  623.148653][ T9842] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  623.153592][ T9842] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  623.370488][ T9842] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  623.404691][ T9842] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  623.528790][ T9842] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  623.544608][ T9842] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  623.573523][ T9842] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  623.584761][ T9842] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  623.595872][ T9842] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  623.608952][ T9842] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  623.673190][ T9842] BTRFS error (device loop0): open_ctree failed: -12
[  624.007513][ T9860] loop1: detected capacity change from 0 to 32768
[  624.428788][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  624.438159][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  624.964735][ T9911] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  624.986003][ T9911] syzkaller0: entered promiscuous mode
[  624.991556][ T9911] syzkaller0: entered allmulticast mode
[  625.056763][ T9911] tipc: Resetting bearer <eth:syzkaller0>
[  625.132166][ T9909] tipc: Resetting bearer <eth:syzkaller0>
[  625.250815][ T9909] tipc: Disabling bearer <eth:syzkaller0>
[  626.241882][ T9934] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  626.330348][ T9918] loop4: detected capacity change from 0 to 32768
[  626.338701][ T9918] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.840 (9918)
[  626.387723][ T9918] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  626.429787][ T9918] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  626.462125][ T9918] BTRFS info (device loop4): using free space tree
[  627.190467][ T9918] BTRFS info (device loop4): enabling ssd optimizations
[  627.199205][ T9918] BTRFS info (device loop4): auto enabling async discard
[  627.564285][ T9970] netlink: 112 bytes leftover after parsing attributes in process `syz.1.851'.
[  627.598359][ T9969] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  627.632136][ T7369] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  627.643520][ T9969] syzkaller0: entered promiscuous mode
[  627.667091][ T9969] syzkaller0: entered allmulticast mode
[  627.713499][ T9969] tipc: Resetting bearer <eth:syzkaller0>
[  627.758143][ T9966] tipc: Resetting bearer <eth:syzkaller0>
[  627.853276][ T9966] tipc: Disabling bearer <eth:syzkaller0>
[  630.154028][T10013] loop2: detected capacity change from 0 to 512
[  630.182262][T10014] loop1: detected capacity change from 0 to 1024
[  630.215151][T10014] EXT4-fs: Ignoring removed nomblk_io_submit option
[  630.261163][T10014] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  630.288393][T10013] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  630.364426][T10013] ext4 filesystem being mounted at /232/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  630.459761][T10013] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  630.470827][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  630.485551][T10013] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  630.574854][T10013] EXT4-fs (loop2): This should not happen!! Data will be lost
[  630.574854][T10013] 
[  630.604318][T10013] EXT4-fs (loop2): Total free blocks count 0
[  630.618217][T10013] EXT4-fs (loop2): Free/Dirty block details
[  630.636557][T10013] EXT4-fs (loop2): free_blocks=65280
[  630.654525][T10013] EXT4-fs (loop2): dirty_blocks=33
[  630.674522][T10013] EXT4-fs (loop2): Block reservation details
[  630.684509][T10013] EXT4-fs (loop2): i_reserved_data_blocks=33
[  631.375636][ T5800] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  631.382207][T10008] loop0: detected capacity change from 0 to 32768
[  631.498271][T10008] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  632.380634][T10008] XFS (loop0): Ending clean mount
[  632.533227][T10026] loop1: detected capacity change from 0 to 40427
[  632.578761][T10026] F2FS-fs (loop1): invalid crc value
[  632.601147][T10026] F2FS-fs (loop1): Found nat_bits in checkpoint
[  632.727439][ T5790] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  632.764757][T10026] F2FS-fs (loop1): Start checkpoint disabled!
[  632.837180][T10026] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  633.198810][T10042] loop2: detected capacity change from 0 to 32768
[  633.234035][T10042] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.869 (10042)
[  633.327592][T10042] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  633.339779][ T3417] kworker/u4:8: attempt to access beyond end of device
[  633.339779][ T3417] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  633.374469][T10042] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  633.397066][T10042] BTRFS info (device loop2): setting nodatacow, compression disabled
[  633.422425][ T3417] kworker/u4:8: attempt to access beyond end of device
[  633.422425][ T3417] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  633.427989][T10042] BTRFS info (device loop2): max_inline at 0
[  633.455864][T10063] loop0: detected capacity change from 0 to 1024
[  633.463983][T10042] BTRFS info (device loop2): enabling disk space caching
[  633.471476][T10042] BTRFS info (device loop2): turning off barriers
[  633.478103][T10042] BTRFS info (device loop2): turning on flush-on-commit
[  633.487229][T10063] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  633.498665][T10042] BTRFS info (device loop2): doing ref verification
[  633.506148][T10042] BTRFS info (device loop2): force clearing of disk cache
[  633.519348][ T3417] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  633.521909][T10042] BTRFS info (device loop2): enabling ssd optimizations
[  633.533989][T10042] BTRFS info (device loop2): max_inline at 4096
[  633.541436][T10042] BTRFS info (device loop2): disk space caching is enabled
[  633.550146][ T3417] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  633.553553][T10063] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  633.574864][T10063] EXT4-fs (loop0): orphan cleanup on readonly fs
[  633.611562][T10063] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.872: bg 0: block 10: padding at end of block bitmap is not set
[  633.640779][T10063] Quota error (device loop0): write_blk: dquota write failed
[  633.657735][T10063] Quota error (device loop0): find_free_dqentry: Can't write quota data block 3
[  633.671799][T10063] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota
[  633.733441][T10063] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.872: Failed to acquire dquot type 0
[  633.806374][T10063] Quota error (device loop0): write_blk: dquota write failed
[  633.813847][T10063] Quota error (device loop0): find_free_dqentry: Can't write quota data block 3
[  633.863594][T10042] BTRFS info (device loop2): auto enabling async discard
[  633.884444][T10063] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota
[  633.890175][T10042] BTRFS info (device loop2): rebuilding free space tree
[  633.904342][T10063] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.872: Failed to acquire dquot type 0
[  633.930048][T10042] BTRFS info (device loop2): disabling free space tree
[  633.931616][T10063] EXT4-fs error (device loop0): ext4_free_blocks:6681: comm syz.0.872: Freeing blocks not in datazone - block = 0, count = 4096
[  633.951590][T10042] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  633.951678][T10042] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  634.028547][T10063] Quota error (device loop0): write_blk: dquota write failed
[  634.054262][T10063] Quota error (device loop0): find_free_dqentry: Can't write quota data block 3
[  634.073795][T10063] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota
[  634.108081][T10063] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.872: Failed to acquire dquot type 0
[  634.165793][T10063] EXT4-fs (loop0): 1 orphan inode deleted
[  634.199792][T10063] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  634.867310][ T5800] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  635.089321][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  637.494581][ T5843] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  637.584445][   T55] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  637.715695][ T5843] usb 3-1: Using ep0 maxpacket: 16
[  637.725860][ T5843] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  637.739435][ T5843] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  637.749774][ T5843] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  637.774235][ T5843] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.782384][   T55] usb 5-1: Using ep0 maxpacket: 32
[  637.796517][   T55] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  637.800952][ T5843] usb 3-1: config 0 descriptor??
[  637.816709][   T55] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.857078][   T55] usb 5-1: config 0 descriptor??
[  638.164354][ T5828] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  638.246346][   T55] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  638.263041][ T5843] hid-multitouch 0003:1FD2:6007.0007: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0
[  638.290524][   T55] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  638.441628][ T5828] usb 2-1: config 0 has an invalid interface number: 133 but max is 0
[  638.578687][ T5828] usb 2-1: config 0 has no interface number 0
[  638.701729][ T5828] usb 2-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  638.816483][ T5828] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  638.897430][ T5828] usb 2-1: Product: syz
[  638.901667][ T5828] usb 2-1: Manufacturer: syz
[  638.937366][ T5828] usb 2-1: SerialNumber: syz
[  638.952297][ T5836] usb 3-1: USB disconnect, device number 5
[  638.981697][ T5828] usb 2-1: config 0 descriptor??
[  639.018354][T10146] fido_id[10146]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  639.041787][ T5828] keyspan 2-1:0.133: Keyspan 1 port adapter converter detected
[  639.050756][   T55] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  639.059092][   T55] usb 5-1: media controller created
[  639.091340][   T55] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  639.101769][ T5828] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 82
[  639.132687][ T5828] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 81
[  639.180967][ T5828] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 1
[  639.193525][   T55] az6027: usb out operation failed. (-71)
[  639.201840][   T55] az6027: usb out operation failed. (-71)
[  639.208081][   T55] stb0899_attach: Driver disabled by Kconfig
[  639.214253][   T55] az6027: no front-end attached
[  639.214253][   T55] 
[  639.222911][   T55] az6027: usb out operation failed. (-71)
[  639.230429][ T5828] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 2
[  639.230736][   T55] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  639.269613][   T55] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input14
[  639.276708][ T5828] usb 2-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  639.918509][ T5828] usb 2-1: USB disconnect, device number 5
[  639.951165][   T55] dvb-usb: schedule remote query interval to 400 msecs.
[  639.955717][ T5828] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  639.982461][   T55] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  639.997426][ T5828] keyspan 2-1:0.133: device disconnected
[  640.075344][   T55] usb 5-1: USB disconnect, device number 10
[  640.208485][T10161] netlink: 4 bytes leftover after parsing attributes in process `syz.2.900'.
[  640.902169][   T55] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  640.960453][T10172] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  640.983663][T10172] syzkaller0: entered promiscuous mode
[  641.002725][T10172] syzkaller0: entered allmulticast mode
[  641.161767][T10176] tipc: Resetting bearer <eth:syzkaller0>
[  641.202389][T10167] tipc: Resetting bearer <eth:syzkaller0>
[  641.251792][T10167] tipc: Disabling bearer <eth:syzkaller0>
[  642.082240][T10185] loop2: detected capacity change from 0 to 256
[  642.298288][T10171] loop0: detected capacity change from 0 to 40427
[  642.314374][ T5913] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  642.332186][T10171] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  642.357445][T10171] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  642.379160][T10171] F2FS-fs (loop0): build fault injection attr: rate: 18446, type: 0x7ffff
[  642.402560][T10171] F2FS-fs (loop0): invalid crc value
[  642.426183][T10171] F2FS-fs (loop0): Found nat_bits in checkpoint
[  642.525381][T10171] F2FS-fs (loop0): Start checkpoint disabled!
[  643.019472][T10171] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  643.020725][ T5913] usb 2-1: Using ep0 maxpacket: 16
[  643.028107][T10171] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  643.039160][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  643.126301][ T5913] usb 2-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  643.148565][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  643.158145][ T5913] usb 2-1: Product: syz
[  643.162592][ T5913] usb 2-1: Manufacturer: syz
[  643.168627][ T5913] usb 2-1: SerialNumber: syz
[  643.187852][ T5913] usb 2-1: config 0 descriptor??
[  643.208562][ T5913] hub 2-1:0.0: bad descriptor, ignoring hub
[  643.221385][ T5913] hub: probe of 2-1:0.0 failed with error -5
[  643.253847][ T5913] usb 2-1: Quirk or no altest; falling back to MIDI 1.0
[  643.669239][   T12] kworker/u4:1: attempt to access beyond end of device
[  643.669239][   T12] loop0: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  643.729249][   T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  643.731051][T10210] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  643.744652][   T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  643.751638][   T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  643.847372][ T5913] usb 2-1: USB disconnect, device number 6
[  645.697982][T10246] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  646.377094][T10254] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  647.871887][T10284] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.935'.
[  648.194492][T10290] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  648.206026][T10295] loop4: detected capacity change from 0 to 128
[  648.213559][T10290] syzkaller0: entered promiscuous mode
[  648.222874][T10290] syzkaller0: entered allmulticast mode
[  648.380439][T10298] tipc: Resetting bearer <eth:syzkaller0>
[  648.416408][T10289] tipc: Resetting bearer <eth:syzkaller0>
[  648.515008][T10289] tipc: Disabling bearer <eth:syzkaller0>
[  651.622661][T10339] netlink: 12 bytes leftover after parsing attributes in process `syz.4.950'.
[  651.755112][T10339] netlink: 'syz.4.950': attribute type 14 has an invalid length.
[  653.013401][T10351] lo speed is unknown, defaulting to 1000
[  653.205281][T10351] lo speed is unknown, defaulting to 1000
[  653.213966][T10351] ip6_vti0 speed is unknown, defaulting to 1000
[  653.538804][T10352] loop4: detected capacity change from 0 to 4096
[  653.566556][T10352] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  654.587191][T10352] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  654.663422][T10382] loop2: detected capacity change from 0 to 256
[  654.686030][T10352] netlink: 32 bytes leftover after parsing attributes in process `syz.4.953'.
[  654.708831][T10382] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  654.726143][T10383] loop1: detected capacity change from 0 to 128
[  654.746795][   T28] audit: type=1800 audit(1752891814.665:155): pid=10382 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.960" name="file1" dev="loop2" ino=1048671 res=0 errno=0
[  654.955765][T10387] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  655.154536][T10392] loop0: detected capacity change from 0 to 128
[  655.162311][T10392] EXT4-fs: Ignoring removed nobh option
[  655.237130][T10392] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  655.274797][T10392] ext4 filesystem being mounted at /237/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  655.396742][ T5790] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  657.814995][ T7369] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  658.793238][T10441] netlink: 72 bytes leftover after parsing attributes in process `syz.0.979'.
[  659.544411][ T5796] Bluetooth: hci0: command 0x0406 tx timeout
[  660.408416][T10466] bridge0: port 3(vlan2) entered blocking state
[  660.422003][T10466] bridge0: port 3(vlan2) entered disabled state
[  660.433538][T10466] vlan2: entered allmulticast mode
[  660.441767][T10466] vlan2: entered promiscuous mode
[  660.450865][T10466] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  663.527909][T10512] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  663.545233][T10512] syzkaller0: entered promiscuous mode
[  663.550761][T10512] syzkaller0: entered allmulticast mode
[  663.639896][T10512] tipc: Resetting bearer <eth:syzkaller0>
[  663.662720][T10511] tipc: Resetting bearer <eth:syzkaller0>
[  663.858588][T10511] tipc: Disabling bearer <eth:syzkaller0>
[  663.865249][T10520] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1003'.
[  664.579892][T10529] vlan2: entered allmulticast mode
[  664.579919][T10529] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  664.660732][T10530] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1005'.
[  666.776384][T10568] lo speed is unknown, defaulting to 1000
[  666.790255][T10568] lo speed is unknown, defaulting to 1000
[  666.841125][T10568] ip6_vti0 speed is unknown, defaulting to 1000
[  666.991293][T10580] loop1: detected capacity change from 0 to 512
[  667.089163][T10580] EXT4-fs error (device loop1): ext4_orphan_get:1425: comm syz.1.1022: bad orphan inode 11862016
[  667.149460][T10580] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  667.153744][T10588] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1024'.
[  667.207190][T10580] ext4 filesystem being mounted at /256/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  667.415252][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  668.961614][T10623] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  669.009733][T10623] syzkaller0: entered promiscuous mode
[  669.027991][T10623] syzkaller0: entered allmulticast mode
[  669.155191][T10621] tipc: Resetting bearer <eth:syzkaller0>
[  669.213848][T10621] tipc: Disabling bearer <eth:syzkaller0>
[  674.319641][T10687] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1056'.
[  674.545196][ T9719] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  675.167917][ T9719] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  675.203867][ T9719] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  675.215844][ T9719] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  675.244490][ T9719] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  675.256896][ T9719] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  675.281090][ T9719] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  675.296682][ T9719] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  675.320224][ T9719] usb 1-1: Product: syz
[  675.334445][ T9719] usb 1-1: Manufacturer: syz
[  675.350275][ T9719] cdc_wdm 1-1:1.0: skipping garbage
[  675.366737][ T9719] cdc_wdm 1-1:1.0: skipping garbage
[  675.425954][ T9719] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  675.458716][ T9719] cdc_wdm 1-1:1.0: Unknown control protocol
[  677.752617][ T5843] usb 1-1: USB disconnect, device number 8
[  677.949944][T10726] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1070'.
[  677.967553][T10726] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1070'.
[  678.754017][   T55] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  679.028372][   T55] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  679.051374][   T55] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  679.071119][   T55] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  679.124718][   T55] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  679.180910][T10746] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1078'.
[  679.358347][   T55] usb 3-1: GET_CAPABILITIES returned 0
[  679.366638][   T55] usbtmc 3-1:16.0: can't read capabilities
[  679.606584][   T55] usb 3-1: USB disconnect, device number 6
[  682.143008][T10789] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  682.150761][T10789] syzkaller0: entered promiscuous mode
[  682.157019][T10789] syzkaller0: entered allmulticast mode
[  682.234902][T10789] tipc: Resetting bearer <eth:syzkaller0>
[  682.288418][T10788] tipc: Resetting bearer <eth:syzkaller0>
[  682.375174][T10788] tipc: Disabling bearer <eth:syzkaller0>
[  684.595384][T10802] loop4: detected capacity change from 0 to 32768
[  684.610530][T10802] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.1098 (10802)
[  684.660406][T10802] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  684.744974][T10802] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  684.753807][T10802] BTRFS info (device loop4): force clearing of disk cache
[  684.766346][T10802] BTRFS info (device loop4): enabling auto defrag
[  684.773044][T10802] BTRFS info (device loop4): max_inline at 0
[  684.779722][T10802] BTRFS info (device loop4): enabling disk space caching
[  684.787248][T10802] BTRFS info (device loop4): disk space caching is enabled
[  684.957596][T10802] BTRFS info (device loop4): enabling ssd optimizations
[  685.012608][T10802] BTRFS info (device loop4): rebuilding free space tree
[  685.039799][T10839] program syz.0.1103 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  685.119264][T10802] BTRFS info (device loop4): disabling free space tree
[  685.164561][T10802] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  685.184242][T10802] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  685.208950][T10841] loop1: detected capacity change from 0 to 256
[  685.298530][T10841] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  685.565815][  T169] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared)
[  686.093367][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  686.161440][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  686.176429][ T7369] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  688.890111][T10890] loop4: detected capacity change from 0 to 1764
[  691.264524][ T5828] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  691.994457][ T5828] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  692.005628][ T5828] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  692.015038][ T5828] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  692.025985][ T5828] usb 1-1: config 0 descriptor??
[  692.484624][ T5828] keytouch 0003:0926:3333.0008: fixing up Keytouch IEC report descriptor
[  692.508466][ T5828] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0008/input/input15
[  692.663504][T10921] loop2: detected capacity change from 0 to 32768
[  692.669271][T10910] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  692.706034][T10910] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  692.706899][T10921] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.1126 (10921)
[  692.738090][ T5828] keytouch 0003:0926:3333.0008: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[  692.830665][    C1] keyboard: can't emulate rawmode for keycode 240
[  692.838224][    C1] keyboard: can't emulate rawmode for keycode 240
[  692.850159][T10921] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  692.900709][T10921] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  692.910303][T10921] BTRFS info (device loop2): turning off barriers
[  692.917616][T10921] BTRFS info (device loop2): setting nodatasum
[  692.923983][T10921] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  692.933582][T10921] BTRFS info (device loop2): use zstd compression, level 3
[  692.940992][T10921] BTRFS info (device loop2): using free space tree
[  693.270356][ T5828] usb 1-1: USB disconnect, device number 9
[  693.586632][ T5800] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  694.952150][T10971] loop1: detected capacity change from 0 to 32768
[  694.987795][T10971] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.1137 (10971)
[  695.073006][T10971] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  695.102896][T10971] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  695.132371][T10971] BTRFS info (device loop1): turning off barriers
[  695.167207][T10971] BTRFS info (device loop1): setting nodatasum
[  695.196557][T10971] BTRFS info (device loop1): use zlib compression, level 3
[  695.203835][T10971] BTRFS info (device loop1): using free space tree
[  695.498905][T10980] loop2: detected capacity change from 0 to 40427
[  696.031836][T10980] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  696.064477][T10980] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  696.134956][T10980] F2FS-fs (loop2): Found nat_bits in checkpoint
[  696.384885][T10980] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  696.392365][T10980] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  696.618781][ T5797] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  696.647788][T10984] loop4: detected capacity change from 0 to 40427
[  696.774555][T10984] F2FS-fs (loop4): Found nat_bits in checkpoint
[  696.941148][T10984] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  697.180819][ T7369] F2FS-fs (loop4): access invalid blkaddr:2048
[  697.198875][ T7369] CPU: 0 PID: 7369 Comm: syz-executor Not tainted 6.6.99-syzkaller #0
[  697.207200][ T7369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  697.217285][ T7369] Call Trace:
[  697.220589][ T7369]  <TASK>
[  697.223546][ T7369]  dump_stack_lvl+0x16c/0x230
[  697.228270][ T7369]  ? show_regs_print_info+0x20/0x20
[  697.233587][ T7369]  ? f2fs_get_next_page_offset+0x690/0x690
[  697.239459][ T7369]  f2fs_is_valid_blkaddr+0xef8/0x1580
[  697.244882][ T7369]  f2fs_map_blocks+0xcdd/0x3c00
[  697.249922][ T7369]  ? f2fs_get_block_locked+0xe0/0xe0
[  697.255255][ T7369]  ? __lock_acquire+0x7c80/0x7c80
[  697.260334][ T7369]  ? xas_descend+0x3a4/0x490
[  697.265079][ T7369]  ? xa_load+0x2c0/0x2e0
[  697.269379][ T7369]  ? xa_load+0x64/0x2e0
[  697.273571][ T7369]  ? page_index+0xe7/0x470
[  697.278052][ T7369]  f2fs_mpage_readpages+0x9f5/0x1ec0
[  697.283441][ T7369]  ? detach_page_private+0x4c0/0x4c0
[  697.288771][ T7369]  ? __mod_lruvec_page_state+0xa5/0x420
[  697.294376][ T7369]  ? f2fs_readahead+0x167/0x300
[  697.299268][ T7369]  ? f2fs_dirty_data_folio+0x810/0x810
[  697.304767][ T7369]  read_pages+0x177/0x840
[  697.309162][ T7369]  ? folio_put+0xd0/0xd0
[  697.313457][ T7369]  ? page_cache_ra_unbounded+0x770/0x770
[  697.319150][ T7369]  ? filemap_add_folio+0x192/0x3c0
[  697.324319][ T7369]  page_cache_ra_unbounded+0x692/0x770
[  697.329860][ T7369]  f2fs_readdir+0x44c/0x8c0
[  697.334485][ T7369]  ? f2fs_fill_dentries+0xbb0/0xbb0
[  697.339752][ T7369]  ? mutex_lock_nested+0x20/0x20
[  697.344744][ T7369]  ? end_current_label_crit_section+0x149/0x170
[  697.351219][ T7369]  ? down_read_killable+0x1d0/0x340
[  697.356464][ T7369]  ? fsnotify_perm+0x271/0x5e0
[  697.361283][ T7369]  iterate_dir+0x1c2/0x580
[  697.365754][ T7369]  __se_sys_getdents64+0xe9/0x260
[  697.370931][ T7369]  ? __x64_sys_getdents64+0x80/0x80
[  697.376178][ T7369]  ? filldir+0x680/0x680
[  697.380463][ T7369]  ? lock_chain_count+0x20/0x20
[  697.385357][ T7369]  ? lockdep_hardirqs_on+0x98/0x150
[  697.390613][ T7369]  do_syscall_64+0x55/0xb0
[  697.395068][ T7369]  ? clear_bhb_loop+0x40/0x90
[  697.399843][ T7369]  ? clear_bhb_loop+0x40/0x90
[  697.404651][ T7369]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  697.410607][ T7369] RIP: 0033:0x7fe89f9c1313
[  697.415070][ T7369] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 62 3e f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[  697.434720][ T7369] RSP: 002b:00007fff3a9fab78 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  697.443179][ T7369] RAX: ffffffffffffffda RBX: 0000555576159600 RCX: 00007fe89f9c1313
[  697.451190][ T7369] RDX: 0000000000008000 RSI: 0000555576159600 RDI: 0000000000000005
[  697.459203][ T7369] RBP: 00005555761595d4 R08: 0000000000000000 R09: 0000000000000000
[  697.467215][ T7369] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[  697.475438][ T7369] R13: 0000000000000010 R14: 00005555761595d0 R15: 00007fff3a9fce30
[  697.483469][ T7369]  </TASK>
[  697.594287][ T7369] syz-executor: attempt to access beyond end of device
[  697.594287][ T7369] loop4: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  697.714317][ T7369] syz-executor: attempt to access beyond end of device
[  697.714317][ T7369] loop4: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  698.027234][T11037] loop1: detected capacity change from 0 to 4096
[  698.813222][   T28] audit: type=1800 audit(1752891858.725:156): pid=11037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1151" name="file1" dev="loop1" ino=30 res=0 errno=0
[  698.875438][ T9090] syz.4.624: attempt to access beyond end of device
[  698.875438][ T9090] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  698.914245][ T9090] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  699.036911][ T3432] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  699.064262][ T3432] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  699.191547][T11056] loop1: detected capacity change from 0 to 256
[  699.234984][ T3432] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  699.237467][T11056] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d)
[  699.245601][ T3432] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  699.334699][ T9719] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  699.405153][ T3432] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  699.430125][ T3432] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  699.527416][ T9719] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  699.554269][ T9719] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  699.584287][ T9719] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  699.601215][ T3432] vlan2 (unregistering): left allmulticast mode
[  699.604845][ T9719] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  699.617026][ T3432] vlan2 (unregistering): left promiscuous mode
[  699.623409][ T3432] netdevsim netdevsim4 netdevsim0 (unregistering): left promiscuous mode
[  699.636822][ T3432] bridge0: port 3(vlan2) entered disabled state
[  699.647175][ T9719] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.669421][ T3432] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  699.680647][ T3432] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  699.685725][ T9719] usb 1-1: config 0 descriptor??
[  700.043551][ T3432] tipc: Disabling bearer <eth:syzkaller0>
[  700.076336][ T3432] tipc: Left network mode
[  700.152923][ T9719] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  700.185753][ T9719] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  700.193234][ T9719] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  700.234312][ T9719] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  700.241797][ T9719] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  700.273841][ T9719] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  700.308051][ T9719] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  700.335197][ T9719] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  700.342698][ T9719] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  700.382632][ T9719] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  700.395324][T11071] loop1: detected capacity change from 0 to 256
[  700.404230][ T9719] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  700.434580][T11071] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  700.450624][ T9719] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving
[  700.496461][T11071] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  700.567487][ T9719] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  700.574956][T11071] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  700.634521][ T9719] usb 1-1: USB disconnect, device number 10
[  700.913127][T11076] fido_id[11076]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  701.385709][T10423] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  701.418912][T10423] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  701.436977][T10423] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  701.450074][T10423] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  701.475028][T10423] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  701.580283][T10423] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  702.087922][T11087] lo speed is unknown, defaulting to 1000
[  702.107995][T11087] lo speed is unknown, defaulting to 1000
[  702.123719][T11087] ip6_vti0 speed is unknown, defaulting to 1000
[  702.517882][ T3432] bond0: (slave wlan1): Releasing backup interface
[  703.189074][T11105] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1169'.
[  703.842159][ T3432] hsr_slave_0: left promiscuous mode
[  703.861410][ T3432] hsr_slave_1: left promiscuous mode
[  703.904359][ T3432] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  703.911954][ T3432] batman_adv: batadv0: Removing interface: batadv_slave_0
[  703.950866][ T3432] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  703.968862][ T3432] batman_adv: batadv0: Removing interface: batadv_slave_1
[  703.985202][ T3432] bridge_slave_1: left allmulticast mode
[  703.995534][ T3432] bridge_slave_1: left promiscuous mode
[  704.006992][ T3432] bridge0: port 2(bridge_slave_1) entered disabled state
[  704.041947][ T3432] bridge_slave_0: left allmulticast mode
[  704.054202][ T3432] bridge_slave_0: left promiscuous mode
[  704.060117][ T3432] bridge0: port 1(bridge_slave_0) entered disabled state
[  704.104523][ T5796] Bluetooth: hci1: command tx timeout
[  704.253161][T11115] loop2: detected capacity change from 0 to 32768
[  704.262928][ T3432] veth1_macvtap: left promiscuous mode
[  704.292394][ T3432] veth0_macvtap: left promiscuous mode
[  704.298187][T11115] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.1171 (11115)
[  704.322686][ T3432] veth1_vlan: left promiscuous mode
[  704.341746][ T3432] veth0_vlan: left promiscuous mode
[  704.377642][T11115] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  704.411971][T11115] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  704.454465][T11115] BTRFS info (device loop2): turning on sync discard
[  704.484349][T11115] BTRFS info (device loop2): use zlib compression, level 3
[  704.512153][T11115] BTRFS info (device loop2): turning off barriers
[  704.542901][T11115] BTRFS warning (device loop2): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  704.589054][T11115] BTRFS info (device loop2): trying to use backup root at mount time
[  704.620930][T11115] BTRFS info (device loop2): enabling auto defrag
[  704.644958][T11115] BTRFS info (device loop2): max_inline at 0
[  704.668547][T11115] BTRFS info (device loop2): using free space tree
[  704.697539][T11118] loop1: detected capacity change from 0 to 40427
[  704.735635][T11118] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x7ffff
[  704.768927][T11118] F2FS-fs (loop1): invalid crc value
[  704.805334][T11118] F2FS-fs (loop1): Found nat_bits in checkpoint
[  704.862130][ T1310] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  704.921494][T11115] BTRFS error (device loop2): failed to load root extent
[  704.940704][T11115] BTRFS warning (device loop2): try to load backup roots slot 1
[  704.993543][ T3504] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  705.068910][T11115] BTRFS warning (device loop2): couldn't read tree root
[  705.102908][T11115] BTRFS warning (device loop2): try to load backup roots slot 2
[  705.124721][ T3417] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  705.136213][T11118] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  705.147059][T11115] BTRFS warning (device loop2): couldn't read tree root
[  705.154063][T11115] BTRFS warning (device loop2): try to load backup roots slot 3
[  705.181709][T11115] BTRFS info (device loop2): enabling ssd optimizations
[  705.208815][T11115] BTRFS info (device loop2): rebuilding free space tree
[  705.223576][   T28] audit: type=1800 audit(1752891865.135:157): pid=11118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1172" name="file1" dev="loop1" ino=10 res=0 errno=0
[  705.270774][T11115] BTRFS info (device loop2): checking UUID tree
[  705.301805][T11118] F2FS-fs (loop1): inject checkpoint error in f2fs_balance_fs of f2fs_write_single_data_page+0x1012/0x19e0
[  705.318898][T11118] syz.1.1172: attempt to access beyond end of device
[  705.318898][T11118] loop1: rw=2049, sector=77824, nr_sectors = 8 limit=40427
[  705.346930][T11118] F2FS-fs (loop1): Stopped filesystem due to reason: 1
[  705.605050][ T5800] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  706.264963][ T5796] Bluetooth: hci1: command tx timeout
[  708.048848][T11169] loop2: detected capacity change from 0 to 40427
[  708.077526][T11169] F2FS-fs (loop2): invalid crc value
[  708.143932][T11169] F2FS-fs (loop2): Found nat_bits in checkpoint
[  708.150773][ T5857] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  708.212929][ T3432] team0 (unregistering): Port device team_slave_1 removed
[  708.266242][T11169] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  708.345082][ T5857] usb 1-1: Using ep0 maxpacket: 32
[  708.347974][ T5796] Bluetooth: hci1: command tx timeout
[  708.351333][ T3432] team0 (unregistering): Port device team_slave_0 removed
[  708.374315][   T28] audit: type=1800 audit(1752891868.285:158): pid=11169 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1177" name="file1" dev="loop2" ino=10 res=0 errno=0
[  708.400007][ T5857] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  708.412644][ T5857] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  708.432247][ T5857] usb 1-1: Product: syz
[  708.448280][ T5857] usb 1-1: Manufacturer: syz
[  708.452935][ T5857] usb 1-1: SerialNumber: syz
[  708.464707][ T3432] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  708.477160][ T5857] usb 1-1: config 0 descriptor??
[  708.509532][ T5857] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  708.542084][ T5800] syz-executor: attempt to access beyond end of device
[  708.542084][ T5800] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  708.572572][ T5800] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  708.583762][ T3432] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  709.115301][T11196] loop2: detected capacity change from 0 to 256
[  709.147897][T11196] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d)
[  709.356974][ T5800] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000008)
[  709.551237][ T5857] gspca_stk1135: reg_w 0x7 err -71
[  709.563633][ T5857] gspca_stk1135: serial bus timeout: status=0x00
[  709.582935][ T5857] gspca_stk1135: Sensor write failed
[  709.589058][ T5857] gspca_stk1135: serial bus timeout: status=0x00
[  709.748969][ T5857] gspca_stk1135: Sensor write failed
[  709.802180][ T5857] gspca_stk1135: serial bus timeout: status=0x00
[  710.209852][ T5857] gspca_stk1135: Sensor read failed
[  710.215393][ T5857] gspca_stk1135: serial bus timeout: status=0x00
[  710.221773][ T5857] gspca_stk1135: Sensor read failed
[  710.228541][ T5857] gspca_stk1135: Detected sensor type unknown (0x0)
[  710.235411][ T5857] gspca_stk1135: serial bus timeout: status=0x00
[  710.241773][ T5857] gspca_stk1135: Sensor read failed
[  710.247353][ T5857] gspca_stk1135: serial bus timeout: status=0x00
[  710.253797][ T5857] gspca_stk1135: Sensor read failed
[  710.259480][ T5857] gspca_stk1135: serial bus timeout: status=0x00
[  710.266140][ T5857] gspca_stk1135: Sensor write failed
[  710.271683][ T5857] gspca_stk1135: serial bus timeout: status=0x00
[  710.278217][ T5857] gspca_stk1135: Sensor write failed
[  710.283621][ T5857] stk1135: probe of 1-1:0.0 failed with error -71
[  710.308982][ T5857] usb 1-1: USB disconnect, device number 11
[  710.454583][ T5796] Bluetooth: hci1: command tx timeout
[  710.553488][T11211] overlay: filesystem on ./bus not supported as upperdir
[  710.576027][ T3432] bond0 (unregistering): Released all slaves
[  711.575543][ T5828] lo speed is unknown, defaulting to 1000
[  711.776026][T11087] chnl_net:caif_netlink_parms(): no params data found
[  712.084726][T11087] bridge0: port 1(bridge_slave_0) entered blocking state
[  712.091926][T11087] bridge0: port 1(bridge_slave_0) entered disabled state
[  712.134570][T11087] bridge_slave_0: entered allmulticast mode
[  712.142039][T11087] bridge_slave_0: entered promiscuous mode
[  712.157362][T11087] bridge0: port 2(bridge_slave_1) entered blocking state
[  712.188560][T11087] bridge0: port 2(bridge_slave_1) entered disabled state
[  712.196345][T11087] bridge_slave_1: entered allmulticast mode
[  712.220987][T11087] bridge_slave_1: entered promiscuous mode
[  712.333769][T11087] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  712.375401][T11087] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  712.461390][T11087] team0: Port device team_slave_0 added
[  712.492825][T11087] team0: Port device team_slave_1 added
[  712.552162][T11087] batman_adv: batadv0: Adding interface: batadv_slave_0
[  712.561384][T11087] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  712.596436][T11087] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  712.627341][T11087] batman_adv: batadv0: Adding interface: batadv_slave_1
[  712.643516][T11087] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  712.709761][T11087] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  713.409315][T11087] hsr_slave_0: entered promiscuous mode
[  713.423848][T11087] hsr_slave_1: entered promiscuous mode
[  713.440877][T11087] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  713.452632][T11087] Cannot create hsr debugfs directory
[  713.878963][T11262] xt_CT: No such helper "pptp"
[  714.093156][T11087] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  714.120337][T11087] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  714.140471][T11087] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  714.725137][T11087] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  715.041314][T11087] 8021q: adding VLAN 0 to HW filter on device bond0
[  715.119278][T11290] loop1: detected capacity change from 0 to 512
[  715.662664][T11087] 8021q: adding VLAN 0 to HW filter on device team0
[  715.693407][T11290] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  715.717290][ T1310] bridge0: port 1(bridge_slave_0) entered blocking state
[  715.724571][ T1310] bridge0: port 1(bridge_slave_0) entered forwarding state
[  715.734869][T11290] ext4 filesystem being mounted at /311/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  715.794671][ T1310] bridge0: port 2(bridge_slave_1) entered blocking state
[  715.801877][ T1310] bridge0: port 2(bridge_slave_1) entered forwarding state
[  715.968344][T11290] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000.
[  716.147008][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  717.401283][T11087] 8021q: adding VLAN 0 to HW filter on device batadv0
[  718.009067][T11311] loop1: detected capacity change from 0 to 40427
[  718.070117][T11311] F2FS-fs (loop1): invalid crc value
[  718.097461][T11311] F2FS-fs (loop1): Found nat_bits in checkpoint
[  718.227735][T11087] veth0_vlan: entered promiscuous mode
[  718.234789][T11311] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  718.279472][T11087] veth1_vlan: entered promiscuous mode
[  718.396191][   T28] audit: type=1804 audit(1752891878.305:159): pid=11311 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1204" name="/newroot/312/file0/bus" dev="loop1" ino=10 res=1 errno=0
[  718.446810][T11087] veth0_macvtap: entered promiscuous mode
[  718.471163][T11087] veth1_macvtap: entered promiscuous mode
[  718.561476][T11087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  718.586212][T11087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  718.604337][T11087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  718.615507][T11087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  718.652669][T11087] batman_adv: batadv0: Interface activated: batadv_slave_0
[  718.672794][T11087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  718.695170][T11087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  718.707155][T11087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  718.718507][T11087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  718.736328][T11087] batman_adv: batadv0: Interface activated: batadv_slave_1
[  718.747586][ T5797] syz-executor: attempt to access beyond end of device
[  718.747586][ T5797] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  718.765592][T11087] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  718.784219][T11087] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  718.798902][ T5797] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  718.814190][T11087] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  718.822948][T11087] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  718.874345][    T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  719.075650][    T9] usb 3-1: Using ep0 maxpacket: 16
[  719.080976][  T169] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  719.095804][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  719.117146][  T169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  719.146012][    T9] usb 3-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  719.160090][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  719.194042][    T9] usb 3-1: Product: syz
[  719.320295][    T9] usb 3-1: Manufacturer: syz
[  719.352428][ T3417] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  719.358233][    T9] usb 3-1: SerialNumber: syz
[  719.799225][    T9] usb 3-1: config 0 descriptor??
[  719.829146][    T9] hub 3-1:0.0: bad descriptor, ignoring hub
[  719.840465][ T3417] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  719.856451][    T9] hub: probe of 3-1:0.0 failed with error -5
[  719.897388][    T9] usb 3-1: Quirk or no altest; falling back to MIDI 1.0
[  720.554681][    T9] usb 3-1: USB disconnect, device number 7
[  722.858255][ T5796] Bluetooth: hci1: Unknown advertising packet type: 0x60
[  722.858350][ T5796] Bluetooth: hci1: Malformed LE Event: 0x0d
[  725.828316][T11448] Driver unsupported XDP return value 0 on prog  (id 321) dev N/A, expect packet loss!
[  728.476223][T11494] sctp: failed to load transform for md5: -2
[  730.537837][T11545] loop5: detected capacity change from 0 to 4096
[  730.709565][T11545] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  731.746981][   T12] ntfs3: loop5: ino=9, ntfs3_write_inode failed, -22.
[  731.771438][T11087] ntfs3: loop5: ino=9, ntfs_sync_fs failed, -22.
[  734.237531][T11608] input: syz1 as /devices/virtual/input/input16
[  737.294249][T11645] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1269'.
[  739.926754][T11686] batadv_slave_1: entered promiscuous mode
[  739.943502][T11682] batadv_slave_1: left promiscuous mode
[  747.408764][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  747.415434][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  748.423322][T11833] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1306'.
[  751.149299][T11884] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1319'.
[  751.813357][T11890] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1320'.
[  751.914957][T11890] sch_tbf: burst 0 is lower than device bridge1 mtu (1514) !
[  751.933692][T11895] loop2: detected capacity change from 0 to 64
[  752.657013][   T28] audit: type=1800 audit(1752891912.555:160): pid=11895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1321" name="file1" dev="loop2" ino=21 res=0 errno=0
[  759.041170][T11984] lo speed is unknown, defaulting to 1000
[  759.065390][T11984] ip6_vti0 speed is unknown, defaulting to 1000
[  759.809016][T11989] loop5: detected capacity change from 0 to 4096
[  759.912624][T11989] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  759.975970][T12004] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1341'.
[  760.078049][T11989] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  760.335343][T11989] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1337'.
[  761.545628][T11087] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  764.546488][T12073] input: syz1 as /devices/virtual/input/input17
[  766.502880][T12094] loop5: detected capacity change from 0 to 32768
[  766.560413][T12094] ocfs2: Mounting device (7,5) on (node local, slot 0) with writeback data mode.
[  767.215835][T12094] 
[  767.218222][T12094] ======================================================
[  767.225268][T12094] WARNING: possible circular locking dependency detected
[  767.232318][T12094] 6.6.99-syzkaller #0 Not tainted
[  767.237368][T12094] ------------------------------------------------------
[  767.244419][T12094] syz.5.1359/12094 is trying to acquire lock:
[  767.250505][T12094] ffff88805e3ddc78 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_init_acl+0x2fa/0x720
[  767.259873][T12094] 
[  767.259873][T12094] but task is already holding lock:
[  767.267279][T12094] ffff8880231d8990 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1e7d/0x20c0
[  767.276560][T12094] 
[  767.276560][T12094] which lock already depends on the new lock.
[  767.276560][T12094] 
[  767.286990][T12094] 
[  767.286990][T12094] the existing dependency chain (in reverse order) is:
[  767.296023][T12094] 
[  767.296023][T12094] -> #5 (jbd2_handle){++++}-{0:0}:
[  767.303363][T12094]        start_this_handle+0x1e9d/0x20c0
[  767.309051][T12094]        jbd2__journal_start+0x2bb/0x5b0
[  767.314724][T12094]        jbd2_journal_start+0x2a/0x40
[  767.320130][T12094]        ocfs2_start_trans+0x376/0x6c0
[  767.325634][T12094]        ocfs2_shutdown_local_alloc+0x201/0xa10
[  767.331918][T12094]        ocfs2_dismount_volume+0x1e2/0x890
[  767.337770][T12094]        generic_shutdown_super+0x134/0x2b0
[  767.343713][T12094]        kill_block_super+0x44/0x90
[  767.348950][T12094]        deactivate_locked_super+0x97/0x100
[  767.354890][T12094]        cleanup_mnt+0x429/0x4c0
[  767.359865][T12094]        task_work_run+0x1ce/0x250
[  767.365016][T12094]        exit_to_user_mode_loop+0xe6/0x110
[  767.370863][T12094]        exit_to_user_mode_prepare+0xb1/0x140
[  767.376973][T12094]        syscall_exit_to_user_mode+0x1a/0x50
[  767.382996][T12094]        do_syscall_64+0x61/0xb0
[  767.387965][T12094]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  767.394438][T12094] 
[  767.394438][T12094] -> #4 (&journal->j_trans_barrier){.+.+}-{3:3}:
[  767.403035][T12094]        down_read+0x46/0x2e0
[  767.407758][T12094]        ocfs2_start_trans+0x36a/0x6c0
[  767.413269][T12094]        ocfs2_shutdown_local_alloc+0x201/0xa10
[  767.419551][T12094]        ocfs2_dismount_volume+0x1e2/0x890
[  767.425385][T12094]        generic_shutdown_super+0x134/0x2b0
[  767.431325][T12094]        kill_block_super+0x44/0x90
[  767.436554][T12094]        deactivate_locked_super+0x97/0x100
[  767.442488][T12094]        cleanup_mnt+0x429/0x4c0
[  767.447455][T12094]        task_work_run+0x1ce/0x250
[  767.452601][T12094]        exit_to_user_mode_loop+0xe6/0x110
[  767.458450][T12094]        exit_to_user_mode_prepare+0xb1/0x140
[  767.464567][T12094]        syscall_exit_to_user_mode+0x1a/0x50
[  767.470611][T12094]        do_syscall_64+0x61/0xb0
[  767.475588][T12094]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  767.482047][T12094] 
[  767.482047][T12094] -> #3 (sb_internal#4){.+.+}-{0:0}:
[  767.489575][T12094]        ocfs2_start_trans+0x26b/0x6c0
[  767.495082][T12094]        ocfs2_mknod+0xe47/0x20f0
[  767.500156][T12094]        ocfs2_create+0x196/0x410
[  767.505220][T12094]        path_openat+0x1277/0x3190
[  767.510377][T12094]        do_filp_open+0x1c5/0x3d0
[  767.515457][T12094]        do_sys_openat2+0x12c/0x1c0
[  767.520692][T12094]        __x64_sys_openat+0x139/0x160
[  767.526100][T12094]        do_syscall_64+0x55/0xb0
[  767.531082][T12094]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  767.537544][T12094] 
[  767.537544][T12094] -> #2 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{3:3}:
[  767.548112][T12094]        down_write+0x97/0x1f0
[  767.552932][T12094]        ocfs2_reserve_local_alloc_bits+0x126/0x24b0
[  767.559646][T12094]        ocfs2_reserve_clusters_with_limit+0x1bf/0xba0
[  767.566539][T12094]        ocfs2_mknod+0xdee/0x20f0
[  767.571605][T12094]        ocfs2_create+0x196/0x410
[  767.576676][T12094]        path_openat+0x1277/0x3190
[  767.581852][T12094]        do_filp_open+0x1c5/0x3d0
[  767.586933][T12094]        do_sys_openat2+0x12c/0x1c0
[  767.592194][T12094]        __x64_sys_openat+0x139/0x160
[  767.597788][T12094]        do_syscall_64+0x55/0xb0
[  767.602768][T12094]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  767.609233][T12094] 
[  767.609233][T12094] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}:
[  767.619887][T12094]        down_write+0x97/0x1f0
[  767.624698][T12094]        ocfs2_reserve_suballoc_bits+0x165/0x4360
[  767.631152][T12094]        ocfs2_reserve_new_metadata_blocks+0x404/0x940
[  767.638047][T12094]        ocfs2_init_xattr_set_ctxt+0x2f8/0x6e0
[  767.644242][T12094]        ocfs2_xattr_set+0xb6d/0x11f0
[  767.649650][T12094]        __vfs_setxattr+0x431/0x470
[  767.654888][T12094]        __vfs_setxattr_noperm+0x12d/0x5e0
[  767.660747][T12094]        vfs_setxattr+0x16c/0x2f0
[  767.665895][T12094]        path_setxattr+0x362/0x550
[  767.671052][T12094]        __x64_sys_setxattr+0xbb/0xd0
[  767.676552][T12094]        do_syscall_64+0x55/0xb0
[  767.681526][T12094]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  767.687988][T12094] 
[  767.687988][T12094] -> #0 (&oi->ip_xattr_sem){++++}-{3:3}:
[  767.695885][T12094]        __lock_acquire+0x2ddb/0x7c80
[  767.701307][T12094]        lock_acquire+0x197/0x410
[  767.706373][T12094]        down_read+0x46/0x2e0
[  767.711096][T12094]        ocfs2_init_acl+0x2fa/0x720
[  767.716362][T12094]        ocfs2_mknod+0x12e5/0x20f0
[  767.721512][T12094]        ocfs2_create+0x196/0x410
[  767.726590][T12094]        path_openat+0x1277/0x3190
[  767.731751][T12094]        do_filp_open+0x1c5/0x3d0
[  767.736827][T12094]        do_sys_openat2+0x12c/0x1c0
[  767.742069][T12094]        __x64_sys_openat+0x139/0x160
[  767.747493][T12094]        do_syscall_64+0x55/0xb0
[  767.752470][T12094]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  767.758945][T12094] 
[  767.758945][T12094] other info that might help us debug this:
[  767.758945][T12094] 
[  767.769198][T12094] Chain exists of:
[  767.769198][T12094]   &oi->ip_xattr_sem --> &journal->j_trans_barrier --> jbd2_handle
[  767.769198][T12094] 
[  767.782996][T12094]  Possible unsafe locking scenario:
[  767.782996][T12094] 
[  767.790477][T12094]        CPU0                    CPU1
[  767.795870][T12094]        ----                    ----
[  767.801283][T12094]   rlock(jbd2_handle);
[  767.805487][T12094]                                lock(&journal->j_trans_barrier);
[  767.813329][T12094]                                lock(jbd2_handle);
[  767.819985][T12094]   rlock(&oi->ip_xattr_sem);
[  767.824696][T12094] 
[  767.824696][T12094]  *** DEADLOCK ***
[  767.824696][T12094] 
[  767.832869][T12094] 8 locks held by syz.5.1359/12094:
[  767.838110][T12094]  #0: ffff888023e3e418 (sb_writers#32){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  767.847411][T12094]  #1: ffff88805e3ddf58 (&type->i_mutex_dir_key#23){+.+.}-{3:3}, at: path_openat+0x7c6/0x3190
[  767.857847][T12094]  #2: ffff88805e11b498 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#4){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x165/0x4360
[  767.871591][T12094]  #3: ffff88805e3d89d8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x165/0x4360
[  767.885331][T12094]  #4: ffff88805e11df58 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{3:3}, at: ocfs2_reserve_local_alloc_bits+0x126/0x24b0
[  767.899327][T12094]  #5: ffff888023e3e608 (sb_internal#4){.+.+}-{0:0}, at: ocfs2_mknod+0xe47/0x20f0
[  767.908626][T12094]  #6: ffff8880232978e8 (&journal->j_trans_barrier){.+.+}-{3:3}, at: ocfs2_start_trans+0x36a/0x6c0
[  767.919403][T12094]  #7: ffff8880231d8990 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1e7d/0x20c0
[  767.929209][T12094] 
[  767.929209][T12094] stack backtrace:
[  767.935120][T12094] CPU: 0 PID: 12094 Comm: syz.5.1359 Not tainted 6.6.99-syzkaller #0
[  767.943255][T12094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  767.953346][T12094] Call Trace:
[  767.956656][T12094]  <TASK>
[  767.959621][T12094]  dump_stack_lvl+0x16c/0x230
[  767.964344][T12094]  ? load_image+0x3b0/0x3b0
[  767.968905][T12094]  ? show_regs_print_info+0x20/0x20
[  767.974153][T12094]  ? print_circular_bug+0x12b/0x1a0
[  767.979490][T12094]  check_noncircular+0x2bd/0x3c0
[  767.984480][T12094]  ? print_deadlock_bug+0x5d0/0x5d0
[  767.989721][T12094]  ? lockdep_lock+0xe0/0x220
[  767.994354][T12094]  ? _find_first_zero_bit+0xd3/0x100
[  767.999692][T12094]  __lock_acquire+0x2ddb/0x7c80
[  768.004599][T12094]  ? verify_lock_unused+0x140/0x140
[  768.009846][T12094]  ? __ocfs2_mknod_locked+0xbd2/0x1440
[  768.015355][T12094]  ? __lock_acquire+0x7c80/0x7c80
[  768.020504][T12094]  ? do_raw_spin_lock+0x121/0x2c0
[  768.025597][T12094]  ? __rwlock_init+0x150/0x150
[  768.030420][T12094]  lock_acquire+0x197/0x410
[  768.034975][T12094]  ? ocfs2_init_acl+0x2fa/0x720
[  768.039902][T12094]  ? __might_sleep+0xe0/0xe0
[  768.044537][T12094]  ? read_lock_is_recursive+0x20/0x20
[  768.049957][T12094]  ? trace_ocfs2_claim_new_inode_at_loc+0x1c0/0x1c0
[  768.056780][T12094]  ? mark_lock+0x94/0x320
[  768.061151][T12094]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  768.067178][T12094]  down_read+0x46/0x2e0
[  768.071379][T12094]  ? ocfs2_init_acl+0x2fa/0x720
[  768.076282][T12094]  ocfs2_init_acl+0x2fa/0x720
[  768.081010][T12094]  ? ocfs2_mknod_locked+0x149/0x250
[  768.086253][T12094]  ? ocfs2_acl_chmod+0x320/0x320
[  768.091241][T12094]  ? dquot_alloc_inode+0x211/0xa40
[  768.096401][T12094]  ? ocfs2_block_signals+0x95/0xd0
[  768.101558][T12094]  ? ocfs2_free_mem_caches+0x50/0x50
[  768.106980][T12094]  ? ocfs2_init_security_get+0x139/0x1a0
[  768.112676][T12094]  ocfs2_mknod+0x12e5/0x20f0
[  768.117325][T12094]  ? ocfs2_mkdir+0x410/0x410
[  768.121969][T12094]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  768.127926][T12094]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  768.133920][T12094]  ? ocfs2_inode_unlock+0xa5/0x140
[  768.139331][T12094]  ? __lock_acquire+0x7c80/0x7c80
[  768.144401][T12094]  ? __rwlock_init+0x150/0x150
[  768.149204][T12094]  ? do_raw_spin_unlock+0x121/0x230
[  768.154445][T12094]  ? rcu_is_watching+0x15/0xb0
[  768.159273][T12094]  ? ocfs2_lookup+0x495/0x940
[  768.163995][T12094]  ocfs2_create+0x196/0x410
[  768.168537][T12094]  ? ocfs2_update_inode_fsync_trans+0x240/0x240
[  768.174909][T12094]  ? from_kgid+0x15d/0x680
[  768.179369][T12094]  ? ocfs2_lookup+0x940/0x940
[  768.184086][T12094]  ? HAS_UNMAPPED_ID+0x11a/0x180
[  768.189078][T12094]  ? inode_permission+0xf3/0x480
[  768.194070][T12094]  ? bpf_lsm_inode_create+0x9/0x10
[  768.199220][T12094]  ? security_inode_create+0xb7/0x100
[  768.204637][T12094]  ? ocfs2_lookup+0x940/0x940
[  768.209354][T12094]  path_openat+0x1277/0x3190
[  768.214012][T12094]  ? do_filp_open+0x3d0/0x3d0
[  768.218754][T12094]  do_filp_open+0x1c5/0x3d0
[  768.223312][T12094]  ? vfs_tmpfile+0x490/0x490
[  768.227962][T12094]  ? _raw_spin_unlock+0x28/0x40
[  768.232864][T12094]  ? alloc_fd+0x58f/0x630
[  768.237250][T12094]  do_sys_openat2+0x12c/0x1c0
[  768.241976][T12094]  ? do_sys_open+0xe0/0xe0
[  768.246434][T12094]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  768.252467][T12094]  ? lock_chain_count+0x20/0x20
[  768.257360][T12094]  __x64_sys_openat+0x139/0x160
[  768.262345][T12094]  do_syscall_64+0x55/0xb0
[  768.268210][T12094]  ? clear_bhb_loop+0x40/0x90
[  768.273115][T12094]  ? clear_bhb_loop+0x40/0x90
[  768.277943][T12094]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  768.284074][T12094] RIP: 0033:0x7f8d0278e9a9
[  768.288889][T12094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  768.308548][T12094] RSP: 002b:00007f8d036d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  768.317029][T12094] RAX: ffffffffffffffda RBX: 00007f8d029b5fa0 RCX: 00007f8d0278e9a9
[  768.325043][T12094] RDX: 0000000000105042 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  768.333062][T12094] RBP: 00007f8d02810d69 R08: 0000000000000000 R09: 0000000000000000
[  768.341187][T12094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  768.349208][T12094] R13: 0000000000000000 R14: 00007f8d029b5fa0 R15: 00007ffc0e5c2c28
[  768.357235][T12094]  </TASK>
[  768.424824][   T28] audit: type=1800 audit(1752891928.335:161): pid=12094 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1359" name="file1" dev="loop5" ino=17058 res=0 errno=0
[  768.508389][   T28] audit: type=1800 audit(1752891928.395:162): pid=12155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1359" name="file1" dev="loop5" ino=17058 res=0 errno=0
[  768.950157][T11087] (syz-executor,11087,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 76
[  768.971758][T11087] ocfs2: Unmounting device (7,5) on (node local)