last executing test programs:

4m47.141489043s ago: executing program 0 (id=244):
syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x1, &(0x7f0000000000)=ANY=[], 0x1, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==")
r0 = socket$nl_generic(0x10, 0x3, 0x10)
lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000079db8540da0b77010b7d000000010902120001000000000904", @ANYRES32, @ANYRES8=r0], 0x0)
ioctl$F2FS_IOC_SET_COMPRESS_OPTION(0xffffffffffffffff, 0x4002f516, 0x0)

4m43.829506185s ago: executing program 0 (id=261):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000040)={@val, @void, @eth={@random="fab2fe28d228", @remote, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x1, 0x3c, 0x14, 0xe4, 0x0, 0x1, 0x6, 0x0, @dev={0xac, 0x14, 0x14, 0x2a}, @rand_addr=0x64010100}}}}}}, 0x26)

4m42.373233187s ago: executing program 0 (id=266):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x5, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
name_to_handle_at(r1, &(0x7f0000000840)='./file0\x00', &(0x7f0000000880)=@fuse_with_parent={0x18, 0x82, {{0x5923, 0x1, 0x3}, {0x7, 0xffffffff, 0x4}}}, &(0x7f00000008c0), 0x1200)

4m42.039370163s ago: executing program 0 (id=272):
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f00000000c0), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0")
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef9cc093fce47d85272036dc78388e3dc177e9b496", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001"})

4m40.690768927s ago: executing program 0 (id=285):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x50}, {0x6}]}, 0x10)
r1 = socket$inet6(0xa, 0x3, 0x2)
sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)

4m39.345344115s ago: executing program 0 (id=293):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000240)={0x44, r1, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x71e}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_OPMODE_NOTIF={0x5}]}, 0x44}}, 0x0)

4m39.146337583s ago: executing program 32 (id=293):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000240)={0x44, r1, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x71e}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_OPMODE_NOTIF={0x5}]}, 0x44}}, 0x0)

4m35.390228321s ago: executing program 2 (id=305):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$sysctl(0xffffffffffffffff, &(0x7f0000000000)='0\x00', 0x2)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

4m34.92965056s ago: executing program 2 (id=309):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400)
ioctl$TUNSETOFFLOAD(r0, 0x80047456, 0x20000000)

4m33.953133868s ago: executing program 2 (id=313):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x4c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x2d, 0x33, @beacon={{{}, {}, @broadcast}, 0x0, @random=0x3632, 0x0, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0xc2, 0x5c, 0x1}}, @void, @void, @void, @void, @void, @void, @void}}]}, 0x4c}}, 0x0)

4m32.13145394s ago: executing program 2 (id=321):
syz_mount_image$minix(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRES8=0x0], 0x1, 0x189, &(0x7f00000027c0)="$eJzs279u2lAUx/GfjflT6B9a+keqOnSquhQDlWi70UdB4CJUk6CQBRQpyXtkyZanyhOEIVumEOHYTnCYELYJfD8L5/jo6h6Gyz1CIAA7q6WvMmQoN0++FMrHFSPtlgAkZOa/3s58pRmAnZG5SbsDAOmY/pWGkq6ujzrK5IKx4FMQzOutoG7mn8wP01NTny2/bhT0IjpfnEvfgvVGccl6qRjWS94zK1L/rrK//0u90mu9UVlv9U4Vv94N139cw0QEAMD2M1SN5gsPTP3ru04tzLNeXlfRv6RzXt4I6/f5zzDPe3m1s+92Y3wXAFZhqnrxOI+e/0zk/Fv++Qfw/I3Gk/9t13UOEgqC7wcS3XQ9gU42oo21BFltRBsESwJLCW96ubSU8gcTgNjZh4OhPRpPfvQH7Z7Tc/aajWbzT+33r7rtDf724vgPYIs8XPppdwIAAAAAAAAAAAAAAFb1Xh/SbgEAAABAQmL7X5Eh6Uz8shgAAAAAAAAAAAAAAAAAgBjcBQAA//+4NBng")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000100)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40000, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0)

4m31.919065053s ago: executing program 2 (id=324):
getrusage(0xffffffffffffffff, &(0x7f0000000180))
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x84, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x34, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8}, @TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0x71}, @TCA_FQ_TIMER_SLACK={0x8, 0xd, 0x3}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8}, @TCA_FQ_FLOW_DEFAULT_RATE={0x8}, @TCA_FQ_QUANTUM={0x8, 0x3, 0x2}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x9, 0xa, 0x9, 0x0, 0x6}}, {0x4}}]}]}, 0x84}}, 0x0)

4m30.105598778s ago: executing program 2 (id=331):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000580)='./file2\x00', 0x2000000, &(0x7f00000008c0)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYRESHEX], 0x1, 0x22a, &(0x7f00000005c0)="$eJzsmDGLE0EUx/8z2ewlIqLNFTYKHniil1z2UK4Jp4JgZXMnaqXBW48zuYvkVvACgsHGRjsLwcbCL2BxRSoLO7+AoIUKgoUpLGxsRt7O7GbiJCau6Xy/YvjPvDcz773NvCJgGOa/5fOnHx8fn19eOwVgP+YwY9a/5gAhtJaW/4dnd08+rV54/ur9yzfbB+53fz+Ptig1uFD4w/0egNfncojSm9LdP0nMmckaZKovQ+KE0VcgUDL6BmQ+OTeEwDWjb1u6Sf6l0q3NRli62Wysk1ikoUJDQMNAvhRfryOwbuZKKSUs+85uu15rNMKWJTxjG2LKJNLL6rNO/fLw0esAVSs+iv/qo4cdmie1WbTqV4FExSSxBIFVs76MmaQ2uiRW/oe9/vk5J/+h2ZIrGcYlWdCi+n0qxbLFoYVs2+cpnbOu6SCyhIH+rhWErTz6JqrkoPPR6RYBiIVnfR0Md14xHzTDXZecLEaIJ0UAU//KrsiURSJme923runLuO1KjL9CTP77KUwac/IQ/ybT5AHrlSLadfkvFRsV2Ls93T/UC4HjVn/yrP5RjrbulHd22wubW7WNcCPcDoKlMwJ4cDoox41Ij07f6/fnYtyf9lnn50f4+tLHvVoUtSp69IWPIqKoFcTzwHo2q3vNb9fNtggXARzTE2qbfnpizrlD+NpHxr6k5l0nhmEYhmEYhmEYhmEYhmGYSRn4w/MIRPwv6BgC7f0rAAD//xgsXjc=")
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

4m29.636286531s ago: executing program 33 (id=331):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000580)='./file2\x00', 0x2000000, &(0x7f00000008c0)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYRESHEX], 0x1, 0x22a, &(0x7f00000005c0)="$eJzsmDGLE0EUx/8z2ewlIqLNFTYKHniil1z2UK4Jp4JgZXMnaqXBW48zuYvkVvACgsHGRjsLwcbCL2BxRSoLO7+AoIUKgoUpLGxsRt7O7GbiJCau6Xy/YvjPvDcz773NvCJgGOa/5fOnHx8fn19eOwVgP+YwY9a/5gAhtJaW/4dnd08+rV54/ur9yzfbB+53fz+Ptig1uFD4w/0egNfncojSm9LdP0nMmckaZKovQ+KE0VcgUDL6BmQ+OTeEwDWjb1u6Sf6l0q3NRli62Wysk1ikoUJDQMNAvhRfryOwbuZKKSUs+85uu15rNMKWJTxjG2LKJNLL6rNO/fLw0esAVSs+iv/qo4cdmie1WbTqV4FExSSxBIFVs76MmaQ2uiRW/oe9/vk5J/+h2ZIrGcYlWdCi+n0qxbLFoYVs2+cpnbOu6SCyhIH+rhWErTz6JqrkoPPR6RYBiIVnfR0Md14xHzTDXZecLEaIJ0UAU//KrsiURSJme923runLuO1KjL9CTP77KUwac/IQ/ybT5AHrlSLadfkvFRsV2Ls93T/UC4HjVn/yrP5RjrbulHd22wubW7WNcCPcDoKlMwJ4cDoox41Ij07f6/fnYtyf9lnn50f4+tLHvVoUtSp69IWPIqKoFcTzwHo2q3vNb9fNtggXARzTE2qbfnpizrlD+NpHxr6k5l0nhmEYhmEYhmEYhmEYhmGYSRn4w/MIRPwv6BgC7f0rAAD//xgsXjc=")
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

1m0.200390857s ago: executing program 4 (id=1036):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x0, 0x40000333}, &(0x7f00000006c0)=<r5=>0x0, 0x0)
syz_io_uring_submit(r5, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x169802, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r7=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f00000001c0)={r7, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, 0x0, 0x14)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r6, 0xc01064c8, &(0x7f0000000280)={0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r6, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000300)=[0x0, 0x0, <r9=>0x0], &(0x7f0000000040), 0x3, r8})
ioctl$DRM_IOCTL_MODE_ATOMIC(r6, 0xc03864bc, &(0x7f0000000380)={0x201, 0x1, &(0x7f0000000440)=[r8], &(0x7f0000000200), &(0x7f00000000c0)=[r9], &(0x7f0000000340)})

57.795002829s ago: executing program 4 (id=1040):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(0xffffffffffffffff)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'pimreg1\x00'})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000780), 0xffffffffffffffff)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000080)={0x19})
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000200)={0x15, 0x0, <r5=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r5, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r5, 0x0, <r6=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r6, 0x0, 0x1, 0x0, 0x10000, 0x0, 0x32bf91})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ee222})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f00000002c0)={0x48, 0x6, r6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff7b})
r7 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x602, 0x0)
writev(r7, &(0x7f0000000440)=[{0x0}], 0x1)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r8, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)=ANY=[@ANYBLOB], 0x30}}, 0x0)

56.454080463s ago: executing program 4 (id=1044):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(0xffffffffffffffff)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'pimreg1\x00'})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000780), 0xffffffffffffffff)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000080)={0x19})
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000200)={0x15, 0x0, <r5=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r5, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r5, 0x0, <r6=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r6, 0x0, 0x1, 0x0, 0x10000, 0x0, 0x32bf91})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ee222})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f00000002c0)={0x48, 0x6, r6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff7b})
r7 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x602, 0x0)
writev(r7, &(0x7f0000000440)=[{0x0}], 0x1)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r8, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x0)

54.320224696s ago: executing program 4 (id=1047):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x2000002, &(0x7f0000000280)={[{@iocharset={'iocharset', 0x3d, 'cp932'}}, {@gid}, {@dmode={'dmode', 0x3d, 0x4}}, {@rootdir={'rootdir', 0x3d, 0x4}}, {@uid}, {}, {@gid_ignore}, {@anchor={'anchor', 0x3d, 0x100}}, {@umask={'umask', 0x3d, 0x70ed}}]}, 0x1, 0xc32, &(0x7f0000000e00)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mount$overlay(0x20000000, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir, 0x5c}], [], 0x2e})
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r0, 0xfffffffffffffffe, 0x29)

51.218676569s ago: executing program 4 (id=1054):
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mp'])
chdir(0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x23d)
add_key(&(0x7f0000000000)='big_key\x00', 0x0, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe)
syz_open_procfs$namespace(0x0, &(0x7f0000000a40)='ns/uts\x00')
prctl$PR_SET_PTRACER(0x59616d61, r0)
r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0x8, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r3}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r4, 0x58, &(0x7f00000003c0)}, 0x10)

49.26559524s ago: executing program 4 (id=1058):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={<r1=>0x0, 0x10, &(0x7f0000000440)=[@in={0x2, 0x0, @loopback}]}, &(0x7f00000001c0)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000480)={r1, @in={{0x2, 0x4e21, @empty}}}, &(0x7f0000000180)=0x84)

48.900704996s ago: executing program 34 (id=1058):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={<r1=>0x0, 0x10, &(0x7f0000000440)=[@in={0x2, 0x0, @loopback}]}, &(0x7f00000001c0)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000480)={r1, @in={{0x2, 0x4e21, @empty}}}, &(0x7f0000000180)=0x84)

38.290883335s ago: executing program 1 (id=1092):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
munlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
read$nci(r4, &(0x7f00000019c0)=""/97, 0x61)
syz_genetlink_get_family_id$nfc(&(0x7f0000000240), r6)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[], 0x1c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r7 = openat$sysctl(0xffffff9c, &(0x7f00000000c0)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
pipe(&(0x7f0000000000)={<r8=>0xffffffffffffffff})
splice(r0, 0x0, r7, 0x0, 0x3, 0x1)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3400000002060500000000211b0000361300000000000c000300686173a4bd60820005000400000000000400078005000500020000bc"], 0x34}}, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f00000001c0)=0x2f)
connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x8000, @remote, 0x4}, 0x1c)
ioctl$SG_GET_LOW_DMA(r8, 0x227a, &(0x7f0000000100))
socket(0x2b, 0x1, 0x1)
r9 = socket(0x840000000002, 0x3, 0xfa)
sendmmsg$inet(r9, &(0x7f0000000d00)=[{{&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=ANY=[], 0x24}}], 0x1, 0x0)
socket(0x2b, 0x1, 0x1)
r10 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x14, 0x601, 0x0, 0x0, {0x2b}}, 0x14}}, 0x0)

37.025884236s ago: executing program 1 (id=1102):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
munlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
read$nci(r4, &(0x7f00000019c0)=""/97, 0x61)
syz_genetlink_get_family_id$nfc(&(0x7f0000000240), r6)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="0100000000000000000002000000080001"], 0x1c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r7 = openat$sysctl(0xffffff9c, &(0x7f00000000c0)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
pipe(&(0x7f0000000000)={<r8=>0xffffffffffffffff})
splice(r0, 0x0, r7, 0x0, 0x3, 0x1)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3400000002060500000000211b0000361300000000000c000300686173a4bd60820005000400000000000400078005000500020000bc"], 0x34}}, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f00000001c0)=0x2f)
connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x8000, @remote, 0x4}, 0x1c)
close(r0)
ioctl$SG_GET_LOW_DMA(r8, 0x227a, &(0x7f0000000100))
socket(0x2b, 0x1, 0x1)
r9 = socket(0x840000000002, 0x3, 0xfa)
sendmmsg$inet(r9, &(0x7f0000000d00)=[{{&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=ANY=[], 0x24}}], 0x1, 0x0)
socket(0x2b, 0x1, 0x1)
r10 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x14, 0x601, 0x0, 0x0, {0x2b}}, 0x14}}, 0x0)

35.459382683s ago: executing program 1 (id=1111):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_RADAR_DETECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x40000)

35.169663584s ago: executing program 1 (id=1116):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x48c0, &(0x7f0000000340)={[{@acl}, {@heartbeat_none}, {@nouser_xattr}, {@coherency_full}, {@data_writeback}, {@localalloc={'localalloc', 0x3d, 0x1}}, {@acl}, {@noacl}, {@localalloc}]}, 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0epK2A1qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//+UFHyA=")
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000780)='./bus\x00', 0x20008c0, &(0x7f0000000140)={[{@fat=@allow_utime={'allow_utime', 0x3d, 0x2}}, {@fat=@errors_continue}, {@shortname_winnt}, {@shortname_lower}, {@fat=@check_strict}, {@uni_xlateno}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@rodir}, {@uni_xlateno}, {@shortname_winnt}, {@uni_xlateno}, {@uni_xlateno}, {@shortname_mixed}, {@uni_xlate}]}, 0x80, 0x364, &(0x7f0000000400)="$eJzs3U1oHOUbAPBnO5vdtNB/cvhDUbCM3gQNbcWDnhJKCsW9qCx+HMTFpiq7UcjiYnLINl7Eo+BRT9486MFDzyIo4s2DVytIVTxoD0LB4sh+z2Z306QYa/D3OyxPnvd95n0nM+xMJtk3Ly5H/dJcXL5x43rMzxeiuHx+OW4WYjGSGLgSk0pTcgDA0XAzy+K3rGefJYVDnhIAcMi61/+XT+Yyb32xV//M1R8Ajrz+z//Hh4kp1/f5WcWvH9q0AIBDNPH8/4Gx5tL4r/qLub8KAACOqqefe/6JlUrEU2k6H7H+dqvaqsbjo/aVy/FqNGItzsRC3Iro3Sh0Xgrd1wsXK6tn0jRtx4+LUe1UtKoR6+1WtXensJJ068txNhZisV/fv9vIsiy58Gll9WzaFRFX2t3xY73Qqs7Fif74352ItTgXafx/oj7iYmX1XNrfQHV9UN+O2Bk9t+jMfykW4puX4nREXIpO7eC2prK6fTZNz2eVsfpWtdzt1zPzCQgAAAAAAAAAAAAAAAAAAAAAANyRpXRocbj+TTZav2dpaUp7d32cXn1/faCd3vpAWTmLLPv1zYer7yQxtj7Q7vV5WtViHLu7uw4AAAAAAAAAAAAAAAAAAAD/Gs3NUtQajbWN5uZWPR+0N5qbxyKik3ntq48/Px6TfW4TFPtj5JrSfmqrXsuSQecs6fc5FrnypDP4YIMfXR3OOD9EebgXU6dRnt3UaJy8/4f3R5n7ksGW/xz1SWL6Dia7ppEP1v/Xm9JBvlHD4Nxt+lzLsmxW+fYLk1VRiCge/MDtHWSd4Mvrr9zzSPPUo93MZ1nPgw8tPHPtvQ9/rtcanZGjewRLG81bWb3W/3r6yTY7SHLnTyF6QSF/JhRnlZe26rWd8aZa8u0vz9777tf7Gz3LZ96Y0ifp7c4nu5tKvaAzzV1Nx6eNNRcHPQStOzlwpz5Yrl3d/v6n/Vbl3iSmLdTx++m/8V0IAAAAAAAAAAAAAAAAAACIsY/HDzL9D/vO7VX12JOHPzMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+OeM/v9/LtiZyOwn+KMdk03ltY1mROlu7yYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP9xfwUAAP//oHptow==")
creat(&(0x7f0000000100)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000001900)='./bus\x00', 0x0, 0x21002, 0x0)
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x4c02, &(0x7f0000000140))
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x2042030, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000))

33.455244962s ago: executing program 1 (id=1123):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = syz_clone(0x800c000, 0x0, 0x0, 0x0, 0x0, 0x0)
kcmp(r0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000079e02200850000006d00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000680)={0x1, &(0x7f0000000240)=[{0xb00, 0x9, 0x82}]})
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
io_setup(0x1, &(0x7f0000000b80)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
timer_create(0x2, &(0x7f0000000040)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x1, &(0x7f0000000300)={{0x77359400}, {0x0, 0x989680}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0, r2, 0x0, 0x1}, 0xffffff88)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a200", 0x12)
r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
write$char_usb(r7, &(0x7f00000008c0)='-0', 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc044560f, &(0x7f00000001c0)=@mmap={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "2063569a"}, 0x401})

32.090270025s ago: executing program 1 (id=1131):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
munlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
read$nci(r4, &(0x7f00000019c0)=""/97, 0x61)
syz_genetlink_get_family_id$nfc(&(0x7f0000000240), r6)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[], 0x1c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r7 = openat$sysctl(0xffffff9c, &(0x7f00000000c0)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
pipe(&(0x7f0000000000)={<r8=>0xffffffffffffffff})
splice(r0, 0x0, r7, 0x0, 0x3, 0x1)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3400000002060500000000211b0000361300000000000c000300686173a4bd60820005000400000000000400078005000500020000bc"], 0x34}}, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f00000001c0)=0x2f)
connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x8000, @remote, 0x4}, 0x1c)
ioctl$SG_GET_LOW_DMA(r8, 0x227a, &(0x7f0000000100))
socket(0x2b, 0x1, 0x1)
r9 = socket(0x840000000002, 0x3, 0xfa)
sendmmsg$inet(r9, &(0x7f0000000d00)=[{{&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=ANY=[], 0x24}}], 0x1, 0x0)
socket(0x2b, 0x1, 0x1)
r10 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x14, 0x601, 0x0, 0x0, {0x2b}}, 0x14}}, 0x0)

31.398081641s ago: executing program 35 (id=1131):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
munlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
read$nci(r4, &(0x7f00000019c0)=""/97, 0x61)
syz_genetlink_get_family_id$nfc(&(0x7f0000000240), r6)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[], 0x1c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r7 = openat$sysctl(0xffffff9c, &(0x7f00000000c0)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
pipe(&(0x7f0000000000)={<r8=>0xffffffffffffffff})
splice(r0, 0x0, r7, 0x0, 0x3, 0x1)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3400000002060500000000211b0000361300000000000c000300686173a4bd60820005000400000000000400078005000500020000bc"], 0x34}}, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f00000001c0)=0x2f)
connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x8000, @remote, 0x4}, 0x1c)
ioctl$SG_GET_LOW_DMA(r8, 0x227a, &(0x7f0000000100))
socket(0x2b, 0x1, 0x1)
r9 = socket(0x840000000002, 0x3, 0xfa)
sendmmsg$inet(r9, &(0x7f0000000d00)=[{{&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=ANY=[], 0x24}}], 0x1, 0x0)
socket(0x2b, 0x1, 0x1)
r10 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x14, 0x601, 0x0, 0x0, {0x2b}}, 0x14}}, 0x0)

9.944132641s ago: executing program 5 (id=1244):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x11, "00000000000000000000279600"})
r1 = syz_open_pts(r0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1ff, 0x2, "050000000f7ba55603a6a12e3f0a7f64c64c56"})
r2 = dup(r1)
read$FUSE(r2, 0x0, 0x0)

9.36049455s ago: executing program 5 (id=1246):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r0, &(0x7f0000000040)="c0", 0x1, 0xc000, &(0x7f0000000080)={0xa, 0x2000, 0x0, @dev, 0x15}, 0x1c)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x2)
r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00')
pread64(r4, &(0x7f0000000600)=""/4091, 0xffb, 0x1010000)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
r6 = accept$alg(r5, 0x0, 0x0)
r7 = dup(r6)
r8 = open(&(0x7f0000000000)='./file1\x00', 0x10f0c2, 0x0)
ftruncate(r8, 0x200004)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x4}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x4}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x10, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_KEY_TYPE={0x8}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "f0a86d07464aec9f7fa12e4ca0"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DEFAULT={0x4}]}, 0x60}}, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
read$FUSE(r7, &(0x7f00000023c0)={0x2020}, 0xfffffe9f)
getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f00000001c0), &(0x7f0000000280)=0x4)
sendfile(r7, r8, 0x0, 0x80001d00c0d1)

8.209473913s ago: executing program 6 (id=1249):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001980)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x5}, {0xa, 0xffe0}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x24004010}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {}, {0x1c}}, [@filter_kind_options=@f_flower={{0xb}, {0x59, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x34, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}]}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x24, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x7ff}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x7}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID={0x5, 0x4, 0x8}]}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x40040}, 0x20000000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

7.722331474s ago: executing program 5 (id=1250):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r2, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000038c0)={&(0x7f0000000240)={0x1c, r1, 0x1, 0x70bd07, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000a0}, 0x0)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002bbd7000fedbdf2555000000080001005c00000008000300", @ANYRES32=r3], 0x30}, 0x1, 0x0, 0x0, 0x40895}, 0x4044840)
syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff)

7.158427575s ago: executing program 6 (id=1252):
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r3, @ANYBLOB="000024000000000024001200140001006272696467655f736c617665800000000c0005"], 0x3}}, 0x0)
splice(r0, 0x0, r2, 0x0, 0x10d00, 0x0)

7.086040834s ago: executing program 5 (id=1255):
prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000ff9000/0x4000)=nil)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f)
r2 = socket$kcm(0xa, 0x1, 0x106)
r3 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1008002, &(0x7f0000000200)={[{@grpquota}, {@delalloc}, {@dioread_lock}, {@init_itable}, {@dioread_nolock}, {@data_journal}, {@nombcache}, {@data_err_abort}]}, 0x1, 0x5e9, &(0x7f0000000bc0)="$eJzs3c1vFVUfB/DfuX2hpTxPCzEqLqSJMZAoLS1giHEBW0MafIkbN1ZaECnQ0BotmlAS3JgYN8aYuHIh/hdKZMtKVy7cuDIYooalidfc25nSl7ktLW2nMp9PcunMnDs9Z7j9duaenjM3gMrqb/xTi9gbEZMpojfNzpe1R1bYP/e8e399dLrxSFGvv/ZHipRty5+fsq892c5d8fvhH39Isadteb1TM1fOj05MjF/O1genL0wOTs1cOXjuwujZ8bPjF4dfGD529MjRY0OH1nVcVwu2nbz+7vu9n4y8+c1Xf6ehb38ZSXE8Xs6euPA4Nkp/9Df/T9Lyop5jG11ZSdqyn5OFL3FqL7FBrEn++nVExBPRG21x/8XrjY9fKbVxwKaqp4g6UFFJ/qGi8uuA/L390vfBtVKuSoCtcPfEXAfA8vy3z/UNRlezb2DnvRQLu3VSRKyvZ26xXRFx+9bI9TO3Rq7HJvXDAcVmr0XEk0X5T83890VX9DXzX1uU/8Z1wansa2P7q+usf2lXsfzD1pnLf9eK+Y8W+X9rQf7fXmf9/fcX3+lelP/u9R4SAAAAAAAAVNbNExHxfNHf/2vz43+iYPxPT0Qc34D6+5esL//7f+3OBlQDFLh7IuKlwvG/tXz0b19btvS/5niAjnTm3MT4oYj4f0QciI4djfWhFeo4+OmeL1uV9Wfj//JHo/7b2VjArB132ncs3mdsdHr0YY8biLh7LeKpwvG/af78nwrO/43fB5MPWMeeZ2+calW2ev6BzVL/OmJ/4fn//l0r0sr35xhsXg8M5lcFyz394Wfftap/vfl3iwl4eI3z/86V89+XFt6vZ2rtdRyeaa+3KivKf/3q6tf/nen15i1nOrNtH4xOT18eiuhMJ9saWxdtH157m+FRlOchz0sj/weeWbn/r+j6vzsiZpd87/Tn4jnFucf/6fm1VXtc/0N5GvkfW9P5f+0Lwzf6vm9V/4P1/x1pnusPZFv0/8GcL/KYdi7eXhDH9qKirW4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK1JtYH65VhsYiOiJiMdiZ23i0tT0c2cuvXdxrFHW/Pz/Wv5Jv71z6yn//P++BevDS9YPR8TuiPi8rbu5PnD60sRY2QcPAAAAAAAAAAAAAAAAAAAA20RPi/n/Db+1ld06YNO1l90AoDQF+f+pjHYAW8/5H6pL/qG65B+qS/6huuQfqkv+obrkH6pL/gEAAAAA4JGye9/Nn1NEzL7Y3Xw0dGZlHaW2DNhstbIbAJTGLX6gugz9geryHh9Iq5R3tdxptT1XMnn6IXYGAAAAAAAAAAAAgMrZv9f8f6gq8/+husz/h+rK5//vK7kdwNbzHh+IVWbyF87/X3UvAAAAAAAAAAAAAGAjTc1cOT86MTF+eQ0LOyJiSVE+jWhN32ebLbyxPZqxlQv1ev1q42XbLu35jy+k7Z2CPKQPtlc5v48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDl/g0AAP//QFsgng==")
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000200), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000180)=0x9499, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r3)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$netlink(0x10, 0x3, 0x15)
writev(r6, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
close_range(r5, 0xffffffffffffffff, 0x0)
sendmsg$kcm(r2, &(0x7f00000019c0)={&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @dev, 0x5}, 0x80, 0x0}, 0x24004059)
close(r2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/4\x00')
mount$9p_fd(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r7}})
mmap(&(0x7f00001ff000/0x2000)=nil, 0x2000, 0x0, 0x4008032, r8, 0xc856b000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r9 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x13, r9, 0x0)
msync(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4)
getcwd(&(0x7f0000000000)=""/4096, 0x1000)

6.403265669s ago: executing program 6 (id=1257):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000005a40)={[{@space_cache}, {}, {@compress_force}, {@nodiscard}, {@compress_algo={'compress', 0x3d, 'zstd'}}, {@clear_cache}, {@user_subvol_rm}, {@max_inline={'max_inline', 0x3d, [0x67, 0x2d, 0x33, 0x74, 0x65, 0x36]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = openat(0xffffffffffffff9c, &(0x7f00000008c0)='.\x00', 0x40000, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000080), 0x10010)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r0, 0x50009417, &(0x7f0000003480)={{r0}, 0x0, 0x2, @inherit={0x0, 0x0}, @subvolid=0x5})
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x400, &(0x7f00000000c0)=ANY=[], 0x1, 0x695, &(0x7f0000000240)="$eJzs3U1sHFcdAPD/rHfX3oBSp03SgCphNVJBWCT+kFPMpQYhZIkKVeWAOK4Sp7GycSt7i5wIQfg+cOHQO0XCNy4gcQ8qZ+DUq4+VkLjkFEBi0Hysvbt27F3H8drq7xfNznvzPua9/8zs7M4qcgCfWsvTUX0USSxPv7mZ5be35lvbW/P3OumIGI+ISkS1WEWyFpF8FLEUxRKfyzaW3SVP288Hq4tvf/x4+5MiVy2XvH7loHZ73Kjss/FhucRURIyV62fQ09/Nvv7qQ3eX7MwwC9jVTuBg1GoRkfb4/uXdkkMNft0Cp1ZS3Df3XNCTEeciYqL8HFDcFYt79pn2cNQDAAAAgBPwwq/zr/DnRz0OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOEvKv/+flEulk56KpPP3/+vltijTZ9qjUQ8AAAAAAAAAAIb37c/2bfjCk3gSm3G+k0+T/Df/V/PMxfz1M/F+bMRKrMe12IxmtKMd6zEbEZN5eS1/rW822+312QFazu20jK6WcwPOoHH0yQMAAAAAAADAWVEdvslPY3n3938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgNkoixYpUvFzvpyahUI2IiIupZvYcRf++kT6Xf/qU7l/43ze2p9ugkxwQAAAAj8sKTeBKbcb6TT5P8O//l/Hv/RLwfa9GO1WhHK1biVv4soPjWX9nemm9tb83fy5a9/X79X0MNI+8ximcP++/5Sl6jEbdjNd9yLW7Gu9GKW1HJW2audMaz/7h+ko0peaM04Mhulets5r+J2lCzOopk4JqTeUSyERURmSnbZtG4cHAkhjw6nT11Yj8blZ0nPxePM+abxer13xfrbD6/HComz1t/JOa6zr7LB0ci4ot//sP37rTW7o7f3pg+PVMawnjXE7T+SMx3ReLlQSNx56xGottMHolLO/nl+FZ8N6ZjKt6K9ViNH0Qz2rESU/HNaMZYNMvzOXudPDhSSz25tw4bST0/LrXyXXTwMbWjGa/mbc/Hanwn3o1bsRI38n9zMRuvx0IsxGLXEb40wFVfOfCqb/RvuPqlrofJv9qvxshkA7uwc3fqPutn8uvgQs+W3Si9ePz3o+rny0S2j5+V69OhPxKzXZF46eBI/C5/W9lord1dv9N8b8D9vVaus+voF6fqLpGdLy9mByvP9Z4dWdlL/WUTRbzq5S8uRVnvHTcru7RTdtiVWi8/w+3taS4ve3nfsvm87EpXWc/nraXi8xYAp965L5+rN/7Z+Fvjw8bPG3cab058Y/yr46/Uo/bX2teqM2OvVV5J/hQfxo92v/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABHt3H/wd1mq7Wy3pdI0/THTyl6jolGRHS2RBzWqhaH1zk80ThCq3pE5IlqJzHcTscHqlzfPTpv/PFZwlsbtlXEsRzTanmS3X9w999pmj5bhzFzHOdY7YBzfjeRpmlaS9N0T1E6UPORJf6THl+HI35jAp676+17713fuP/gK6v3mu+svLOytriwsDizuHDjH9dvr7ZWZorXUY8SeB52b/qjHgkAAAAAAAAAAAAwqJP4bwlP2fX/TniqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBm1PD1epq7NZK/bW/OtbOmkdyrm1SoRkfwwIvkoYimKJSa7ukuetp8PVhff/vjx9idFrlouef1KT7vaUWbxsFxiKiLGynW3iWfo72a5PtLIcsnODJcialc7gYNR+38AAAD///bgD6M=")
truncate(&(0x7f00000003c0)='./file2\x00', 0x1bfc)

5.036767828s ago: executing program 8 (id=1269):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x88, 0x1f, 0x1, 0x0, 0x0, "", [@nested={0x78, 0x0, 0x0, 0x1, [@typed={0x14, 0x3, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d"]}]}, 0x88}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000006c0), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246)
write$binfmt_aout(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="c02102"], 0xfce1)

4.885487625s ago: executing program 5 (id=1270):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xe, 0x4, 0x4, 0x1a, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x43}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)

4.651431311s ago: executing program 8 (id=1271):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r0, &(0x7f0000000280)={&(0x7f0000000040), 0x10, 0x0}, 0x0)
sendmsg$tipc(r0, &(0x7f00000000c0)={&(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x1, 0x3}, 0x4}}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000140)="ccf243a0518214", 0x7}], 0x1, 0x0, 0x0, 0x80}, 0x20000080)

4.555032748s ago: executing program 6 (id=1272):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000340)=[{0x0, 0x1, 0xa, 0xb}, {0x2, 0x2, 0xf, 0x7}, {0x4, 0x2, 0x13, 0x2}], 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0)
kcmp(r0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000079e02200850000006d00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000680)={0x1, &(0x7f0000000240)=[{0xb00, 0x9, 0x82}]})
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
io_setup(0x1, &(0x7f0000000b80)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
timer_create(0x2, &(0x7f0000000040)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x1, &(0x7f0000000300)={{0x77359400}, {0x0, 0x989680}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0, r2, 0x0, 0x1}, 0xffffff88)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a200", 0x12)
openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)

4.470095991s ago: executing program 8 (id=1274):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="c21504239e1dc595f0766418b856f059", 0xfffffe99}], 0x2, &(0x7f0000001a00)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmmsg(r1, &(0x7f0000009500)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001a40)=""/4096}], 0x56}, 0x80001}], 0x1, 0x2100, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[], 0xa8}, 0x1, 0x0, 0x0, 0x20000010}, 0x0)

4.291127771s ago: executing program 3 (id=1276):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000014c0)=@newtfilter={0x87c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x8}, {}, {0x5}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x84c, 0x2, [@TCA_CGROUP_ACT={0x804, 0x1, [@m_tunnel_key={0x48, 0x1b, 0x0, 0x0, {{0xf}, {0x4}, {0x16, 0x6, "c1aa7ae2363330a726c4fe6b90d06da9dddd"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_connmark={0x734, 0xb, 0x0, 0x0, {{0xd}, {0x4}, {0x704, 0x6, "37310ada3c13ecc1947dcdac5cae02bbf610eb98f597689021e6bbefaada551474ecb618574923888c486fe4296fab5c7ea37c90568a62dd68600222f6f44ea8f9fc7470890321bd823ab1494e6d497a4a209ed565f10ec64d2ff862f2fe7c2d3d313f886549aab96876d061ecbff437c8aa118e3876e58f976d82b786be590ed7240d9e0a1ffce97f779d74e579857986d2f3df94e22a12d486fcbb6fb0120e6b0c05aedd51c5f4c6c202bea54968d3af42e183471642912391958d0766e361c873f9a796882026cb02f0877ac7eeeea1be0b276242c75fdc9edfc15ce15601b515a2a274c863b85807b34fad6f7b4bb2943fd16c84d7cf86b50b13ea45286682eb9315bf37460a21bb6faf98129d8530d8a25346521348ff1921b7c98dac61517b155647e6295670c1aec942ad5e7dad7b38dc49ac568e27762d7a66e2f461666418b50adc11a5e9d1ba9c87479e454c5e17ce65485b884f266338c2c706db5d68f54acbe68c32d4382886570abf27a8206873b80d706fb8d307a0cf969dd258468b25ab9f44ce3167a56ef4b660488891bdcfd1fc48bea68e376f218849eb092c1dbf7dd7e8cca318950eb078ae37ff50cac1c532f03f031195e0ab8fa8c106e2aa423f3657c6d686c89a1868236c349290bc283b5272317146129f74e7ed8cd61e416860a568eefef434e5feb308c1e577ec0b599204110d17a9190f602a580ccd61b55b8238933cdaef2bc363074971e3e165909bc16a89f4009649ef9174bcbf0dfb2084fd46efbe4a51ea952713baf81ed6468ac39df9ca4a1d8b07f07241a6c1d67a1720cf1e5ff5ac2561f26e98e18ff959baf48dd6bad72d62d4d676573954e15109f0061cd2bfe7c582fcec4901eae23377ad198f27d260ac1f34135f39c0bcdb95fcb828b830107bf21b75d4d7e1af0e7dac2e348a9c63435e5a44fc0146d2f2bacbf958d786dc6a02930ca80283b08b9e36fb9b7a870c2da6ec693ed82f0b70ec58b6d47382a0a0c7716c1871e3b824c6ef34593e4e587277fb9042319adb2524d2eacee52b8b25ed6dc07fb5b22493727aefeab964e4f70c1e15c693543ed14e58c614ccbcf382e3106c3a901477f8eda6c928cae2560e252c7a4318796a86b667c45a116fc88438914f7fe32250c380619b26b01b2ba7eb4a3cb65c6de63affe3cb514877b998d6ba84b2131245ad4a9ed6da314a3bd58be3dd02aea1c74063dcb0fd8552e9cbe805af18ab7fa7f499080927d49c4d9326d477019f48d10b89e86fc7586a7fbe29ccaf4c3c826c126abc72e5a21f1304dd587f8e8ae1bec1b4667de9d011e30288abb85ccb668e2d7b09f15c909a4de3455ffc01f3cd693cbe726e2321d192cc544e0dd1b1913d7bdfa42cbd7443183d721fb7f73d1c83fcf3f856d9c83205b8baff8c4d11039724e3cb60213e07b4d410f79add3e328a0c5f169284f969dc922f0b6edf8859862e10516a5cf4774c9b44e9f2177ccf4bcfbfc42d91c3e24a7a7a5abf0aff40b4bdf9e8d80a6cb0e3b072c5686dc14c83f62c6f5f905a9519deb0ad30b3a367c6793e10f1e3fa62871ac22ec75113c96ec8e5dedab0ca5c0e9fdcd455c1e314316201cd65a5fe1c9cd85c5cc16f26a7a02cf2e0f8c8722586e2ba398e701f758f5ccf27e23a1176f687ae9c0e550d12fd833239dbd2db4e4475f64cf1611e843a79b6413c37c0fd73b7d8fe02f1b1adb7981d8125c41c775fcfdf31a8fdecd501e1ead70296f6817eb10068ae46916e6dd27798cce5ed84be0b59e8f48ed9ed2b00a9212ce0752b756312fffc8d93e3f651efdc2338a71a71b6681ca09c60efbe28435bb20c0b0596827f984a460f93ca7287c625ddde9518130cb00163fb35f411bef31d6be01b55c1750b9df1a5db65d98fe3b7be36f8d5d11d32441d1fe5dff5701b5a19f43e8d26fcc573c408e13915d10424bd9fede56a2a2f6957668bc15b6faf07a592216b34cb56176d3a4e9ae8cac5287614c6a0d46aacdca491776b218d8e06a8e39dcc722df6f0ebdd06af8e3f9a782bb1cb0ecc41324e216753bf482108140d1d1624d059d44ea002e5c49e55673ec289a9c95bbd8817ae7158a151a127a9f961690a86a457334745bde18bca5a9f5b017640a77dafb4eac9fd80d78fea7d6e0501899b64d9767e7098aedf66260afcf2592efd0fcb5bc8f32211715ae138b3d2f5feb716641e946aca2c7c9bb27fd4de9dd1ebd18d6afcd84c0ea917b3849a20f7d28b33c4a83e807e32e70a15cce69de5d40fc10159aef43c0049a4f005f5c5eacde5c9b8108350a9f23f0c02a05383d1d1bd326ba4fb1d8f104a673b611935ec8929531d47e527b15a801f9c40ca88dd9ce68e8a6117aeef0b94d0a2d09527f8761299d2199df1146e9790ec1e603efc7c7c205daa9352a47fee9e317e738d38e5d1fb088461ebd51ba527fcb9df6a2cb500a4ae9531b43348c56cbb0c3cde268225b87ef73e551284943199ef1b1ee84bc5c032c752bdd419b0b3ac94b0d1f7fdee438b"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_nat={0x54, 0x12, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x6, 0x3, 0x6, 0x4, 0x1}, @rand_addr=0x64010100, @multicast2, 0xff000000}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_ctinfo={0x30, 0x1c, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}, @TCA_CGROUP_ACT={0x30, 0x1, [@m_xt={0x2c, 0x10, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}, @TCA_CGROUP_EMATCHES={0x4}, @TCA_CGROUP_EMATCHES={0x10, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x4}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x800}}]}]}}]}, 0x87c}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

4.262826956s ago: executing program 7 (id=1278):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x30}, 0xc)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000400)={0x0, 0x2}, 0x8)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000940)="6cecd7f4", 0x4, 0x4009040, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000040)="93", 0x34000, 0x0, 0x0, 0x44)

4.16030822s ago: executing program 3 (id=1280):
prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000ff9000/0x4000)=nil)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f)
r2 = socket$kcm(0xa, 0x1, 0x106)
r3 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1008002, &(0x7f0000000200)={[{@grpquota}, {@delalloc}, {@dioread_lock}, {@init_itable}, {@dioread_nolock}, {@data_journal}, {@nombcache}, {@data_err_abort}]}, 0x1, 0x5e9, &(0x7f0000000bc0)="$eJzs3c1vFVUfB/DfuX2hpTxPCzEqLqSJMZAoLS1giHEBW0MafIkbN1ZaECnQ0BotmlAS3JgYN8aYuHIh/hdKZMtKVy7cuDIYooalidfc25nSl7ktLW2nMp9PcunMnDs9Z7j9duaenjM3gMrqb/xTi9gbEZMpojfNzpe1R1bYP/e8e399dLrxSFGvv/ZHipRty5+fsq892c5d8fvhH39Isadteb1TM1fOj05MjF/O1genL0wOTs1cOXjuwujZ8bPjF4dfGD529MjRY0OH1nVcVwu2nbz+7vu9n4y8+c1Xf6ehb38ZSXE8Xs6euPA4Nkp/9Df/T9Lyop5jG11ZSdqyn5OFL3FqL7FBrEn++nVExBPRG21x/8XrjY9fKbVxwKaqp4g6UFFJ/qGi8uuA/L390vfBtVKuSoCtcPfEXAfA8vy3z/UNRlezb2DnvRQLu3VSRKyvZ26xXRFx+9bI9TO3Rq7HJvXDAcVmr0XEk0X5T83890VX9DXzX1uU/8Z1wansa2P7q+usf2lXsfzD1pnLf9eK+Y8W+X9rQf7fXmf9/fcX3+lelP/u9R4SAAAAAAAAVNbNExHxfNHf/2vz43+iYPxPT0Qc34D6+5esL//7f+3OBlQDFLh7IuKlwvG/tXz0b19btvS/5niAjnTm3MT4oYj4f0QciI4djfWhFeo4+OmeL1uV9Wfj//JHo/7b2VjArB132ncs3mdsdHr0YY8biLh7LeKpwvG/af78nwrO/43fB5MPWMeeZ2+calW2ev6BzVL/OmJ/4fn//l0r0sr35xhsXg8M5lcFyz394Wfftap/vfl3iwl4eI3z/86V89+XFt6vZ2rtdRyeaa+3KivKf/3q6tf/nen15i1nOrNtH4xOT18eiuhMJ9saWxdtH157m+FRlOchz0sj/weeWbn/r+j6vzsiZpd87/Tn4jnFucf/6fm1VXtc/0N5GvkfW9P5f+0Lwzf6vm9V/4P1/x1pnusPZFv0/8GcL/KYdi7eXhDH9qKirW4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKahGxK1JtYH65VhsYiOiJiMdiZ23i0tT0c2cuvXdxrFHW/Pz/Wv5Jv71z6yn//P++BevDS9YPR8TuiPi8rbu5PnD60sRY2QcPAAAAAAAAAAAAAAAAAAAA20RPi/n/Db+1ld06YNO1l90AoDQF+f+pjHYAW8/5H6pL/qG65B+qS/6huuQfqkv+obrkH6pL/gEAAAAA4JGye9/Nn1NEzL7Y3Xw0dGZlHaW2DNhstbIbAJTGLX6gugz9geryHh9Iq5R3tdxptT1XMnn6IXYGAAAAAAAAAAAAgMrZv9f8f6gq8/+husz/h+rK5//vK7kdwNbzHh+IVWbyF87/X3UvAAAAAAAAAAAAAGAjTc1cOT86MTF+eQ0LOyJiSVE+jWhN32ebLbyxPZqxlQv1ev1q42XbLu35jy+k7Z2CPKQPtlc5v48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDl/g0AAP//QFsgng==")
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000200), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000180)=0x9499, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r3)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$netlink(0x10, 0x3, 0x15)
writev(r6, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
close_range(r5, 0xffffffffffffffff, 0x0)
sendmsg$kcm(r2, &(0x7f00000019c0)={&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @dev, 0x5}, 0x80, 0x0}, 0x24004059)
close(r2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/4\x00')
mount$9p_fd(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r7}})
mmap(&(0x7f00001ff000/0x2000)=nil, 0x2000, 0x0, 0x4008032, r8, 0xc856b000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r9 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x13, r9, 0x0)
msync(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4)
getcwd(&(0x7f0000000000)=""/4096, 0x1000)

4.08136954s ago: executing program 7 (id=1281):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x0, 0x40000333}, &(0x7f00000006c0)=<r5=>0x0, 0x0)
syz_io_uring_submit(r5, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x169802, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r7=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f00000001c0)={r7, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x1c, 0x0, 0x803, 0x70bd25, 0x2, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20041802}, 0x14)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r6, 0xc01064c8, &(0x7f0000000280)={0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r6, 0xc02064b9, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r6, 0xc03864bc, &(0x7f0000000380)={0x201, 0x1, &(0x7f0000000440)=[r8], &(0x7f0000000200), &(0x7f00000000c0)=[0x0], &(0x7f0000000340)})

3.742997886s ago: executing program 9 (id=1282):
r0 = epoll_create1(0x80000)
unshare(0x20400)
r1 = syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0x2)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)={0x20000004})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
poll(&(0x7f0000000100)=[{r0, 0x9000}, {r2, 0x10201}], 0x2, 0xfffffffa)

3.383144941s ago: executing program 3 (id=1283):
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mp'])
chdir(0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x23d)
add_key(&(0x7f0000000000)='big_key\x00', 0x0, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe)
syz_open_procfs$namespace(0x0, &(0x7f0000000a40)='ns/uts\x00')
prctl$PR_SET_PTRACER(0x59616d61, r0)
r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0x8, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@map_fd={0x18, 0x0, 0x1, 0x0, r3}, @generic={0x1c}, @initr0, @exit]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r4, 0x0, 0x0}, 0x10)

3.382694296s ago: executing program 8 (id=1284):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000b00)=ANY=[], 0x1e0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)

2.171524661s ago: executing program 7 (id=1285):
sched_setscheduler(0x0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008108040f809d3af1ed2a674fa5000f000000e8bd6efb250314000e000100240248ff", 0x28}], 0x1}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0b010510"], 0xe)

2.17005084s ago: executing program 5 (id=1286):
syz_usb_connect(0x0, 0x24, &(0x7f0000000540)={{0x12, 0x1, 0x0, 0xe4, 0x7a, 0x8a, 0x40, 0x547, 0x2727, 0xb697, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xa6, 0x0, 0x0, 0xa9, 0xab, 0x23}}]}}]}}, 0x0)
creat(&(0x7f0000000140)='./bus\x00', 0x0)
r0 = open(&(0x7f0000000380)='./bus\x00', 0x0, 0x0)
r1 = creat(&(0x7f0000000200)='./bus\x00', 0x7e4e0984ef4e24df)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000540)=ANY=[@ANYBLOB='+\x00'], 0x2b)
sendfile(r2, r0, 0x0, 0x4000000053d2)

1.877396951s ago: executing program 9 (id=1287):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(0xffffffffffffffff)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'pimreg1\x00'})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000780), 0xffffffffffffffff)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000080)={0x19})
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000200)={0x15, 0x0, <r5=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r5, 0x0, <r6=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r6, 0x0, 0x1, 0x0, 0x10000, 0x0, 0x32bf91})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f00000002c0)={0x48, 0x6, r6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff7b})
r7 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x602, 0x0)
writev(r7, &(0x7f0000000440)=[{0x0}], 0x1)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r8, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)=ANY=[@ANYBLOB='0\x00\x00', @ANYBLOB], 0x30}}, 0x0)

1.811631761s ago: executing program 3 (id=1288):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0)
kcmp(r0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000079e02200850000006d00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000680)={0x1, &(0x7f0000000240)=[{0xb00, 0x9, 0x82}]})
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
io_submit(0x0, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
timer_create(0x2, &(0x7f0000000040)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0, r2, 0x0, 0x1}, 0xffffff88)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a200", 0x12)
r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
write$char_usb(r6, &(0x7f00000008c0)='-0', 0x2)
r7 = syz_open_dev$vim2m(&(0x7f0000000380), 0x8000a, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r7, 0xc044560f, &(0x7f00000001c0)=@mmap={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "2063569a"}, 0x401})

1.418423772s ago: executing program 6 (id=1289):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
munlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
read$nci(r4, &(0x7f00000019c0)=""/97, 0x61)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000240), r6)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES16=r7, @ANYBLOB="0100000000000000000002000000080001"], 0x1c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r8 = openat$sysctl(0xffffff9c, &(0x7f00000000c0)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
pipe(&(0x7f0000000000)={<r9=>0xffffffffffffffff})
splice(r0, 0x0, r8, 0x0, 0x3, 0x1)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3400000002060500000000211b0000361300000000000c000300686173a4bd60820005000400000000000400078005000500020000bc"], 0x34}}, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f00000001c0)=0x2f)
connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x8000, @remote, 0x4}, 0x1c)
close(r0)
ioctl$SG_GET_LOW_DMA(r9, 0x227a, &(0x7f0000000100))
socket(0x2b, 0x1, 0x1)
r10 = socket(0x840000000002, 0x3, 0xfa)
sendmmsg$inet(r10, &(0x7f0000000d00)=[{{&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=ANY=[], 0x24}}], 0x1, 0x0)
socket(0x2b, 0x1, 0x1)
r11 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x14, 0x601, 0x0, 0x0, {0x2b}}, 0x14}}, 0x0)

1.417708659s ago: executing program 7 (id=1290):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000060000000800000001"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f0000000000), &(0x7f0000000380)=r1}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)

1.371886473s ago: executing program 8 (id=1291):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$phonet_pipe(0x23, 0x5, 0x2)
close(0x4)
socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})

816.243303ms ago: executing program 3 (id=1292):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0xf0b, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0xf, 0xe}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x3, 0x3}}]}}]}, 0x48}}, 0x8011)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_matchall={{0xd}, {0x14, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0x4, 0x10}}]}}]}, 0x48}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

756.192397ms ago: executing program 7 (id=1293):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x882)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000180))
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, 0x0)

663.481461ms ago: executing program 9 (id=1294):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @multicast2}, 0x2}}, 0x2e)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @remote}, 0x2, 0xfffffffd}}, 0x2e)
setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r2, 0x111, 0x5, 0x20000000, 0x4)

554.370256ms ago: executing program 8 (id=1295):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000005140)='./file0\x00', 0x404, &(0x7f0000005180), 0x1, 0x50e7, &(0x7f00000051c0)="$eJzs3U+IVVUcB/DzZpxxUpl5gcbUbGwrgeIiSDEHI2jC4JWrCnR0EYSQgxTUQhBdSLRoQAl0pYRCITE7Ny6kwBBCaRdUECFCiCC1kP4sYt6958595/rue45jY/r5xMy95/7uOfe8x13M9+W5LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAI4dxTe07V1bdMbVh3fmrnjRO7r945d+zylRAa7eONvL5nxytvvLNrz2sjscP069m22ew2ZNb1l6wx3HFwvl/nz94QwlAywGC+fXmwMmp592B1wFpH1p6cGL+14+KZibNrth9qHKi+dOaNLPcElkt+X11fuJcm278HkjOKdunWa3Tcoln/9Ib7T14EAHBPNrXam+LP0fxP3KJ9OK0n7cmkPZu0418Is+XGYmTjDneb5/q0vkzznMyiwsqu80zq+ftftFtp/6SdRI17mGfnqXmkGek2z5mkvlzzBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHiYjG597om6+papDevOT+28cWL31Tvnjl2+EkKzfbyRlRvbhv9565mPXlr76apr+xtv35gZzPvF7YrSyeGHuPPCWAj7SpXrcdjfRkNodRbazXCyWni3vTMVCwAAADxKnm7/HijaWRwc6mg32mmy0f4vysLikbUnJ8Zv7bh4ZuLsmu2HGgcWP16ry3iTdx2vaDcXfhqlYBzjbzreQj2eerAyTr10xDTPN78c/6mufyX/N+vzf3zn5H8AAADuh/yfjlOvV/7/869fh+v6V/L/+o5LVvJ/nHHM/wNhcfkfAAAAHmYPOv9PVsap1yv//33zwvG6/pX8v6m//L+iPO148Ls44f1jIWzqNXUAAACgi/j/3Rc+Woh5PfvkIM3r33z9wXTdeJX8P9lf/h9a0lcFAAAA3I/dM5+fqqtX8n+rv/y/8oHOGgAAALgXH+/9/fm6eiX/T/eX/1fl23zlQ9bpcvxXCMfHQhiZ35nJCt+G2e1FAQAAAFgiMad/uObVXXXnVfL/TP3z/+OTDuL6/47n/1XW/5cK2VP/tnowAAAAAI+j6nr++Hj87JsLun3/fr/r/7/fuO3FuutX8v/h/vL/YHm7lN//BwAAAIvwf/v+vzcr49Tr9fz/m/uOvl/Xv5L/Z/vL/3G7uvzyLsX35+hYCOPzO/nTBL+Il9ufFOaGSoW2VtJjV+yRF+ZWlgptM0mPzWMhPDu/czgpPBkLs0nh9mheOJ0UrsVCfj8Uha+SwqV4p302mk83LVyIhXyBxVxcQbG6WBKR9PijW4/5wl17/FhcHAAA4LESw3OeZYc6myGNsnONXies6nXCQK8TBnudsCI5IT2x2/Ew3VmIx9/b/PPGUKOS/0/3l//jWzGcbbqt/w9x/X/+vYbF+v/pWGgmhblYaKVPDGjFa2Rh95N4jWYr73F7vCgAAADAIy1+LjC4zPMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf9m7Gxi7qjoB4OfN1+tMpzODYsBKdJRIqUmn01bRuBimdncVNeuwYbNEora0U5ztYGtbEkvMZqBmGwNEiE3W3WxiiaurQaWRbJCNG7oklpAlQiBrdDcQiYoxWbbLuoFtMMvmvXvPm/vOnfdROlM67O+XdN55738+7/voO/fedy4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/w/v2vlRtF3//1e9603eu/thzRz/145e+eeTkoyFM1x+vZOHKBwZ+94m1h7Zd+OWhx/dUrn9u30BeLo+H1bU/PfmdL8Zaf7kmhAcqIfSlgQ3DWaA/vz8c67tkOIQLwkKgUWJmKCuRNhx+NBjCsbAQaFT14GAIw4XAtU8+/NCdtcTRwRDeGUKopm08Xc3aGEwDlw1kgaE0sLcvC7z0SqYR+EFPFoCzFt8MjRf98enmDGOLl2vx+utfso69ttLh9cbEWOt8z29d5k4VDKQPTJ/V01aqjmVRenuc8G5bAe+20na+y9NW/CKVf0N5ZSFUDT27ZnbvuHnuYHykJ0xM9LaqaZme55+98IWdZ5JeMa/D2IGxJXkdzk4cPrXt3q333zF13f77KmuvOttu/rSwSYvp5VYN+WtuxTyP0ZTPkxXw9it9Sxr3pSuE8NX5Z15oFy/N/8faz//jyzne9jTljrW+PJLNzeMjwzFxaiSbmwMAAMCKsRL2mt598kN/0a6+0vx/vLvj//GQfz6Zz0Z7IoSpeuLwaAgX1x/PAt+Ozd0wGsLb66np5sDWJHAihDfXE+sbVSUlVsUS40ng1yN5YCoJnIyB6STwjRi4Kwl8MQaOJ4GdMXAiCXwwBsJs8zjeNZKPo+vAYAxszzbi8XgWwm9HYmvJtvq3RlUAAABLJJ8d9jffLZzrcLYZ4vTy+GCnDPEM7JYZqkkN6Qy2Ma1qWUNfpxp6OtXQGPd8++GXaq50qrl0GkalOcPOS+54PrRRmv9Ptp//VxfpSKV0/D+Ea+p/Y+6ePDLXiG+fbsoAAAAAnIW/Wr/7jnbx0vx/qrvz/+M+kd5C5vBY3A2xZzSEyeZAVu3vlQPZUe/VeQAAAABWgsbx+Max8Nn8NjtFO51Pl/NPn2H+eOB/atH8/3P5Hz7Trr+l+f90d+f/DzXfZp04GXvxldEQVhUCj8Re1gJ14zHw86uaA/n4T8YNcHusKj8xoVHV7bHE9hiYTALHWpV4olHi4uZA/mQ1Gj/cGMdsXqIQAAAAgHMu7g6Ix+Xj+f/fHZ3703blSvP/7Wd2/n99Hlw6vX9udQgb+0LoTX8Y8NhQtjBgDAxX8sQ/DmV19aZV3ToUwpW1gaVVPZuv/9+XrjH45GBWVQxc/I5vvXBZLfH1wRA2FgM/uf6e99QSB5NAo/E/GQzhbbXRpo3//aqs8f608b9cFcJbC4FGVTesCqHW2EBa1cPV/DoGaVX3VUN4YyHQqOqKagiHAgArVPyvdFfxwQOHbtmzY25uZv8yJuI+/MGwe3ZuZmLn3rld1RZ92pX0uWkZo1vLY+r2yjdxiaKnjpxe10268TvByWJb+X780omD+f34Xai/Ps7N/U13t6RDvvzSchOh8E2q1ZB7lnnIQ8VKFp7EUv0x/0BYHVbdfGBm/8Tndxw8uH9T9rfb7Juzv/EwU7atNqXbamixvnXx8uh2Ve1Xu63WFSvZePCmfRsPHLplw+xNO26cuXHms5ve/b7Nk5u3bHnvFRtro5rM/nYY6rrFqk6G+so95SEs98tibV+hknPxqSEhIbHSEnf/4umH2n38lOb/+9rP/+OnTvzkz9dnaHX8fywe5s8eXzjMvz0GjnV7/H+s1dH8xokB40lgPgbmHeYHAADg9SHujox7M+Pux4v+6ePXtStXmv/Pd/f7/yVa/7+xdP1HWi3zvz6WmGy1/n+6zH9j/f/5Vuv/p8v8N9b/P/YarP9/cyOQbJLfWv8fAAB4PTh36/93XN4/vUBAKUPH5f3TCwSUMnRcxr/bCwSc8fr/lw59PS4osKjS/P+u7ub/Fu4HAACA88f83955b7t4af5/rLv5/7lf/y+0Ov9/vFVgutXCgNb/AwAAYIVqtf7ff+z9z2fblSvN/493N/+Pp130NOWOtb48kq1pF9I17U6NNH4yAAAAACtDT5iY6O8yb9PKqFtffZtxKdB26aIrP333yXb1leb/J7qb/zf9LmN24vCpbfduvf/lO6au239fZe1VC8f/AQAAgOXT7X4JAAAAAAAAAAAAAADgtff2B7/wtXbx0u//wzX1x1v9/j9e9y/+vuDCptyx1s7r/+X3r/3o9w7Vlyx8bCSES4uBPbftuSDk1+ZfVww89Mn1F9USt6UlfvjMB39VS3w6DXx4wxterCWuTALb4yKJb04D8aqKL65JAnF5xafSQNwex9PAQB740ppsHJV0W/1mONtWlXRb/etwCKOFQGNbPTCctVFJB3g0CTQG+Lk0EAf4R3mgJ+3V91ZnvYqB4Vj0a6uzXgEAcN6K3wL7w+7ZuZnJ+BU+3q7ta76NmpYsu7V1tZ3EpcmeOnJ6XTfp3vS76MK1xvtDtTaETaWvq8Uslfool6aWDpvuwhZD7rTa23JtuoHWIxrMRjSxc+/crv6OA9/SOcvmvo5ZNpUmO8UsPfVN2kUtXfSlixF1uW266HK83xMmJnqTXO+PwbHQpNMrotvf6y+25l+rV0TNXcOHrm5XX2n+P9bd/L9aHNeL+cUA5uOV9b48apl/AAAAWF5f2nr6q/Hfd/du+Uy7vKX5/3h38/+4Bys/FJzt7TgRr/9/eDSE+qX1x7LAt2NzN4yG8PZ6ajqWyC6o/5FYYjILfDvuMFkfS2yfbq5qVQwcTwK/HskDJ5LAyRjI91J8K+S7cu4eCeE99dQ1zSX2xRJjSeDjMTCeBCZiYDIJrImBqSTw72vywHQS+OcYCLPN2+r+Nfm2AgAAOBP5PKu/+W5I53nH+zplqHTKMNQpQ0+nDNVOGVqNIt7/fszQXzwen2eID/WntQ4mtZQyxIvhn3G/ShnCE80504KlpuP5B43zDSrNGf7gif99MLRRmv9Pdjf/H2q+zVo/Gef/C9f/ywKPxO59JZ46Ph4DP7+qOZDvGDgZJ7u3N6qazkvkk/bbY4mpGBhPAvtiYCoJbL8mDxy7qDmQz7QbjR9uND6blygEAAAA4JyLOwjibprG8flNj2xrV640/5/qbv4f21tdbOyLsdZfrgnhgcpCbxqBDcNZIO7HGI4/j79kOIQLCjs4GiVmhrISA0nD4UeD2S/UB9KqHhzMfnwQ71/75MMP3VlLHB0M4Z2FvS+NNp6uZm0MpoHLBrLAUBrY25cF4p6fRuAHPVkAzlpjr2B8QeWnujSMLV6uxevv9XJN0HR4pX2gi+Rb7DdXy6WaPpDvU204s6etVB3LovT2OOHdthLfbWPebcUvUvk3lFcWQtXQs2tm946b5w7GR4q/ZC1Zpud5sV+ytksvwetw/tX3trNq2oHJ5ONjcvFyi78OK7G62YnDp7bdu/X+O6au239fZe1VXXejhbhJZzcfufynhc273Kohf82tuM+TaZ8nK/G/gXFPWwjhvWtOn9n5/9Pdzf/7ktu603FjHhgN4fLCxn0sbv5to9nnYCGQfUq+sRzIDrn/YqTlJycAAAAstcbujsb+gtn8NjshPJ0nl/NPn2H+uL9iatH83fb7ry95203t4qX5//b28/9VSTcd/3f8n2Xi+P+izvdd0avSB+bPald0qTqWheP/izrf322O/y/K8X/H/xfj+H8Hjv8v6nx/2krfkvb50hVCuPhfPrSrXbw0/9/X3fzf+n+LL9rXWP9ve6v1//a1Wv9v3vp/AADAsmqx0Fw6zyut3lfKkK7eV8rQcYHAjksMWv/vjNf/e8t/rfv90EZp/j/f3fw/vhxWF1tfKev/jV/Toqq7YmCfhQEBAAA4H7XaQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBr6zc3XHFRu/j7r37Xm75z9ceeO/qpH7/0zSMnHw1htv54JQtXPjDwu0+sPbTtwi8PPb6ncv1z+6p5uf789i1NuWOtL4+EcKzwyHBMnBqp3VkIXPvR7x3qqyUeGwnh0mJgz217LqglvjESwrpi4KFPrq+P6La0xA+f+eCvaolPp4EPb3jDi7XElXmgknb3b9Zk3a2k3b1zTQijhUCju3+2prmqRhsfygM9aRt/N5y1EQPDsehXh7M2YmAulphdFcLGvhB606oerWZV9aZV/UM1q6o3rerPqyFcGULoS6t6ZiCrqi8d+eMDWVUxcPE7vvXCZbXEsYEQNhYDP7n+nvfUEp9LAo3G/3gghLfVXjJp49/vzxrvTxs/2h/CW0MIA2mJ/+7LSgykJZ7tC+GNhUCj8c/0hXAo8LoQP3x2FR88cOiWPTvm5mb2L2NiIG9rMOyenZuZ2Ll3blc16VMrlUL6lVtf/dh/9sIXdtZunzpyel036b68XH+9y5v7m+5uOd97H/s1VKxk4fko1R/zD4TVYdXNB2b2T3x+x8GD+zdlf7vNvjn725tHs221aam2VW+H8tGr3VbripVsPHjTvo0HDt2yYfamHTfO3Djz2U3vft/myc1btrz3io21UU1mf5diqPeU4z3LPNS1fYVKzsUHgISExEpL9DR9uk0u1Qd5ZZk+3Upf9Bc62h+q9Q/o0rSimKVSH+VSDHprlyNcxBl/T+k4ok2liUMpy+bOWbaUJhMLWQazLPXvdaXJYbGmnvomjfd7wsREy//Ux5rvFjfv80uwebtNAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8HztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCwAAAAAI87cOo2cDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgUAAD//2McwRk=")
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file2\x00', 0x105042, 0x150)
socket$packet(0x11, 0x3, 0x300)
openat$bsg(0xffffffffffffff9c, 0x0, 0x20800, 0x0)
r0 = syz_io_uring_setup(0x416f, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000001240)=<r1=>0x0, &(0x7f0000001340)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r0, 0x567, 0x0, 0x0, 0x0, 0x0)

530.979396ms ago: executing program 9 (id=1296):
socket$nl_generic(0x10, 0x3, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='freezer.parent_freezing\x00', 0x275a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
r1 = socket$inet6(0xa, 0x802, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001600010a00000000000000000c0000000c0000800800", @ANYRES16=r1], 0x20}}, 0x40816)

525.650857ms ago: executing program 3 (id=1297):
dup(0xffffffffffffffff)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x4}, @IFLA_BOND_USE_CARRIER={0x5}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004040}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

365.494339ms ago: executing program 7 (id=1298):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x0, 0x40000333}, &(0x7f00000006c0)=<r5=>0x0, 0x0)
syz_io_uring_submit(r5, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x169802, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r7=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f00000001c0)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x1c, 0x0, 0x803, 0x70bd25, 0x2, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20041802}, 0x14)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r6, 0xc01064c8, &(0x7f0000000280)={0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r6, 0xc02064b9, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r6, 0xc03864bc, 0x0)

255.844595ms ago: executing program 9 (id=1299):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x1b3a, 0x4)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000140)=0x6, 0x4)
sendto$inet(r0, &(0x7f0000000080)='m', 0x1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=""/117, 0x75}, 0x6}], 0x1, 0x40002011, 0x0)

149.513153ms ago: executing program 6 (id=1300):
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mp'])
chdir(0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x23d)
add_key(&(0x7f0000000000)='big_key\x00', 0x0, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe)
syz_open_procfs$namespace(0x0, &(0x7f0000000a40)='ns/uts\x00')
prctl$PR_SET_PTRACER(0x59616d61, r0)
r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0x8, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@map_fd={0x18, 0x0, 0x1, 0x0, r3}, @generic={0x1c}, @initr0, @exit]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r4, 0x0, 0x0}, 0x10)

0s ago: executing program 9 (id=1301):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f0000000240)=0x9, 0x4)
setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f00000002c0)=0xffff, 0x4)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
syz_emit_ethernet(0xd2, &(0x7f0000000d00)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x9c, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x9c, 0x0, @wg=@initiation={0x1, 0x4000000, "9b92fc056f07d114fe3b41c776904545fb44d8e5dc0e57fdbba583dbc1bf026f", "ba38149afe78e80f44a98eddddbf2b6f237458668eb2461a95cd9a215310bae58679f26df35b2d9306a4a2e1dc85e86f", "6ba2c77aea3ef00f0ac8f0e3066b25082e39f5fb07fb432ca8f22890", {"e79710a9e57f1011496e538064796900", "f9d98c0072c691ce00"}}}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

ser memory!
[  186.090988][ T7996] syz.7.557[7996] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  186.497165][ T7993] loop6: detected capacity change from 0 to 1024
[  186.529132][ T7999] loop3: detected capacity change from 0 to 512
[  186.536347][ T7999] EXT4-fs: Ignoring removed oldalloc option
[  186.564294][ T7999] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  186.619337][ T7999] EXT4-fs (loop3): 1 truncate cleaned up
[  186.622130][ T7993] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  186.632297][ T7999] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  186.750315][ T8007] vlan3: entered promiscuous mode
[  186.769629][ T2142] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  186.798403][ T8007] hsr0: entered promiscuous mode
[  186.808781][ T8007] vlan3: entered allmulticast mode
[  186.839098][ T8007] hsr0: entered allmulticast mode
[  186.887379][ T8012] netlink: 12 bytes leftover after parsing attributes in process `syz.7.564'.
[  186.911823][ T8007] hsr_slave_0: entered allmulticast mode
[  186.972938][ T2142] usb 5-1: Using ep0 maxpacket: 8
[  186.986860][ T2142] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  186.994626][ T2142] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  186.995536][ T8007] hsr_slave_1: entered allmulticast mode
[  187.007784][ T2142] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  187.023955][ T2142] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  187.035579][ T2142] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  187.064683][ T2142] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  187.074680][ T2142] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  187.088582][ T2142] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  187.103017][ T2142] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  187.116808][ T2142] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  187.117638][ T6865] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.143914][ T8007] hsr0: left allmulticast mode
[  187.166323][ T2142] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  187.170142][ T8007] hsr_slave_0: left allmulticast mode
[  187.177760][ T2142] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  187.194885][ T2142] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  187.203134][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.210874][ T2142] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  187.221599][ T8007] hsr_slave_1: left allmulticast mode
[  187.231077][ T2142] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  187.256255][ T2142] usb 5-1: string descriptor 0 read error: -22
[  187.265879][ T2142] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  187.279904][ T2142] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.284231][ T8007] hsr0: left promiscuous mode
[  187.311017][ T2142] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  187.677257][ T5882] usb 5-1: USB disconnect, device number 6
[  188.188579][ T2142] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  188.398480][ T8036] loop5: detected capacity change from 0 to 32768
[  188.463034][ T2142] usb 8-1: Using ep0 maxpacket: 8
[  188.502801][ T8067] syz.3.576[8067] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  188.503523][ T8067] syz.3.576[8067] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  188.515818][ T8067] syz.3.576[8067] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  188.911371][ T8036] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  189.046671][ T8076] loop1: detected capacity change from 0 to 256
[  189.169165][ T8076] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  189.273224][ T8075] loop4: detected capacity change from 0 to 40427
[  189.289744][ T8075] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x1fffff
[  189.299659][ T8075] F2FS-fs (loop4): invalid crc value
[  189.354121][ T8075] F2FS-fs (loop4): Found nat_bits in checkpoint
[  189.357330][ T2142] usb 8-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  189.369645][ T2142] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.428640][ T2142] usb 8-1: Product: syz
[  189.433167][ T2142] usb 8-1: Manufacturer: syz
[  189.437798][ T2142] usb 8-1: SerialNumber: syz
[  189.455589][ T8075] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  189.459648][ T2142] usb 8-1: config 0 descriptor??
[  189.587607][ T8036] XFS (loop5): Ending clean mount
[  189.623689][   T47] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  189.680197][ T8036] XFS (loop5): syz.5.571 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported
[  189.690255][ T2142] usb 8-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  189.714116][ T8075] F2FS-fs (loop4): inject checkpoint error in f2fs_balance_fs of f2fs_write_single_data_page+0x12ed/0x1bd0
[  189.726980][ T8075] syz.4.580: attempt to access beyond end of device
[  189.726980][ T8075] loop4: rw=2049, sector=53248, nr_sectors = 88 limit=40427
[  189.740888][ T8075] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  189.747945][ T8075] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  189.754879][ T8075] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  189.761772][ T8075] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  189.768977][ T8075] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  189.775894][ T8075] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  189.782849][ T8075] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  189.785469][   T47] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  189.789713][ T8075] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  189.803534][   T47] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  189.806981][ T8075] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  189.819566][   T47] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  189.822652][ T8075] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  189.822683][ T8075] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  189.845662][ T8075] F2FS-fs (loop4): Stopped filesystem due to reason: 1
[  189.861205][ T8100] netlink: 32 bytes leftover after parsing attributes in process `syz.6.582'.
[  189.889024][   T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  189.908138][   T47] usb 4-1: SerialNumber: syz
[  189.916214][ T5829] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  190.002858][    T8] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  190.139165][   T47] usb 4-1: 0:2 : does not exist
[  190.148015][   T47] usb 4-1: unit 255 not found!
[  190.158316][   T47] usb 4-1: 5:0: cannot get min/max values for control 5 (id 5)
[  190.219860][   T47] usb 4-1: 5:0: cannot get min/max values for control 6 (id 5)
[  190.252923][    T8] usb 2-1: Using ep0 maxpacket: 32
[  190.262939][    T8] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  190.277679][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.289209][   T47] usb 4-1: USB disconnect, device number 4
[  190.299809][    T8] usb 2-1: Product: syz
[  190.314385][    T8] usb 2-1: Manufacturer: syz
[  190.330007][    T8] usb 2-1: SerialNumber: syz
[  190.425550][    T8] usb 2-1: config 0 descriptor??
[  190.435915][    T8] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  190.520971][ T8115] loop6: detected capacity change from 0 to 256
[  190.953311][ T2142] usb write operation failed. (-71)
[  190.969136][ T2142] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  190.990759][ T2142] dvbdev: DVB: registering new adapter (Terratec H7)
[  191.045701][ T2142] usb 8-1: media controller created
[  191.081777][ T2142] usb read operation failed. (-71)
[  191.111882][ T2142] usb write operation failed. (-71)
[  191.146924][ T2142] dvb_usb_az6007 8-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  191.189686][ T2142] usb 8-1: USB disconnect, device number 4
[  191.254218][    T8] gspca_stk1135: reg_w 0x5 err -71
[  191.260498][    T8] gspca_stk1135: serial bus timeout: status=0x00
[  191.273385][    T8] gspca_stk1135: Sensor write failed
[  191.280827][    T8] gspca_stk1135: serial bus timeout: status=0x00
[  191.295700][    T8] gspca_stk1135: Sensor write failed
[  191.312629][    T8] gspca_stk1135: serial bus timeout: status=0x00
[  191.344115][    T8] gspca_stk1135: Sensor read failed
[  191.367312][    T8] gspca_stk1135: serial bus timeout: status=0x00
[  191.392859][    T8] gspca_stk1135: Sensor read failed
[  191.411348][    T8] gspca_stk1135: Detected sensor type unknown (0x0)
[  191.431641][    T8] gspca_stk1135: serial bus timeout: status=0x00
[  191.451867][    T8] gspca_stk1135: Sensor read failed
[  191.473640][    T8] gspca_stk1135: serial bus timeout: status=0x00
[  191.587479][    T8] gspca_stk1135: Sensor read failed
[  191.594063][    T8] gspca_stk1135: serial bus timeout: status=0x00
[  191.600531][    T8] gspca_stk1135: Sensor write failed
[  191.606474][    T8] gspca_stk1135: serial bus timeout: status=0x00
[  191.632863][    T8] gspca_stk1135: Sensor write failed
[  191.648726][    T8] stk1135 2-1:0.0: probe with driver stk1135 failed with error -71
[  191.683610][ T2142] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  191.703192][    T8] usb 2-1: USB disconnect, device number 7
[  191.866127][ T2142] usb 6-1: config 0 has no interfaces?
[  191.892476][ T2142] usb 6-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  191.903078][ T2142] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.911125][ T2142] usb 6-1: Product: syz
[  191.916067][ T2142] usb 6-1: Manufacturer: syz
[  191.920684][ T2142] usb 6-1: SerialNumber: syz
[  191.972624][ T2142] r8152-cfgselector 6-1: Unknown version 0x0000
[  191.979086][ T2142] r8152-cfgselector 6-1: config 0 descriptor??
[  191.985787][ T8176] netlink: 32 bytes leftover after parsing attributes in process `syz.6.598'.
[  192.204643][ T8147] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  192.236713][ T8188] vlan2: entered promiscuous mode
[  192.245813][    T8] r8152-cfgselector 6-1: USB disconnect, device number 6
[  192.271908][ T8188] hsr0: entered promiscuous mode
[  192.287574][ T8188] vlan2: entered allmulticast mode
[  192.300645][ T8188] hsr0: entered allmulticast mode
[  192.311913][ T8188] hsr_slave_0: entered allmulticast mode
[  192.323248][ T8188] hsr_slave_1: entered allmulticast mode
[  192.350486][ T8188] hsr0: left allmulticast mode
[  192.359728][ T8188] hsr_slave_0: left allmulticast mode
[  192.379289][ T8188] hsr_slave_1: left allmulticast mode
[  192.400389][ T8188] hsr0: left promiscuous mode
[  192.883882][ T8209] hub 2-0:1.0: USB hub found
[  192.889751][ T8209] hub 2-0:1.0: 1 port detected
[  193.608361][ T8220] atomic_op ffff8880283d6998 conn xmit_atomic 0000000000000000
[  193.907048][ T8196] loop1: detected capacity change from 0 to 32768
[  193.939185][ T8196] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.604 (8196)
[  194.078839][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  194.085719][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  194.722877][ T8196] BTRFS info (device loop1): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  194.733225][ T8235] loop3: detected capacity change from 0 to 4096
[  194.771512][ T8196] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  194.809465][ T8196] BTRFS info (device loop1): using free-space-tree
[  194.821656][ T8249] loop6: detected capacity change from 0 to 1024
[  194.849006][ T8249] EXT4-fs: Ignoring removed oldalloc option
[  194.888769][ T8249] EXT4-fs: Ignoring removed oldalloc option
[  194.894979][ T8249] EXT4-fs: Ignoring removed nomblk_io_submit option
[  194.995904][ T8249] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  195.091704][ T8268] netlink: 32 bytes leftover after parsing attributes in process `syz.5.619'.
[  195.158874][ T6865] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.438417][ T5826] BTRFS info (device loop1): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  195.834846][ T8307] hub 2-0:1.0: USB hub found
[  195.840815][ T8307] hub 2-0:1.0: 1 port detected
[  197.375562][ T8302] loop4: detected capacity change from 0 to 40427
[  197.387932][ T8302] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1fffff
[  197.462141][ T8302] F2FS-fs (loop4): Image doesn't support compression
[  197.533437][ T8302] F2FS-fs (loop4): Image doesn't support compression
[  197.547920][ T8302] F2FS-fs (loop4): invalid crc value
[  197.576367][ T8302] F2FS-fs (loop4): Found nat_bits in checkpoint
[  197.793134][ T5882] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  198.476909][ T8302] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  198.510635][ T8353] netlink: 32 bytes leftover after parsing attributes in process `syz.5.633'.
[  198.543058][ T5882] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  198.553377][ T5882] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  198.563409][ T5882] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  198.572704][ T5882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  198.580820][ T5882] usb 4-1: SerialNumber: syz
[  198.649481][ T5823] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x501/0x1de0
[  198.662134][ T5879] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  198.695215][ T5823] F2FS-fs (loop4): invalid blkaddr: 1535, type: 10, run fsck to fix.
[  198.779477][ T8358] sp0: Synchronizing with TNC
[  198.819601][ T5882] usb 4-1: 0:2 : does not exist
[  198.861814][ T5882] usb 4-1: USB disconnect, device number 5
[  199.064439][ T5879] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  199.075764][ T5879] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  199.087075][ T5879] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  199.097043][ T5879] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  199.252946][ T5879] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  199.274812][ T5816] udevd[5816]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  199.282883][ T5879] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  199.325419][ T5879] usb 2-1: Manufacturer: syz
[  199.470427][ T8377] syz.5.638[8377] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  199.470518][ T8377] syz.5.638[8377] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  199.481974][ T8377] syz.5.638[8377] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  200.186463][ T5879] usb 2-1: config 0 descriptor??
[  200.229552][ T8368] netlink: 32 bytes leftover after parsing attributes in process `syz.6.639'.
[  200.467629][ T8388] capability: warning: `syz.3.641' uses 32-bit capabilities (legacy support in use)
[  200.572588][ T8390] loop6: detected capacity change from 0 to 1024
[  200.682100][ T8390] EXT4-fs (loop6): can't mount with both data=journal and delalloc
[  200.689502][ T8402] loop4: detected capacity change from 0 to 256
[  200.742191][ T5879] appleir 0003:05AC:8243.0008: unknown main item tag 0x0
[  200.751172][ T5879] appleir 0003:05AC:8243.0008: No inputs registered, leaving
[  200.784520][ T8390] 9pnet_fd: Insufficient options for proto=fd
[  200.793322][ T5879] appleir 0003:05AC:8243.0008: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  200.843540][ T8402] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe739d30d, utbl_chksum : 0xe619d30d)
[  200.953462][   T29] audit: type=1800 audit(1736557661.744:30): pid=8402 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.644" name="file1" dev="loop4" ino=1048626 res=0 errno=0
[  201.104007][   T29] audit: type=1804 audit(1736557661.744:31): pid=8402 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.644" name="/newroot/112/file0/file1" dev="loop4" ino=1048626 res=1 errno=0
[  201.283058][ T8392] loop5: detected capacity change from 0 to 32768
[  201.438526][ T8423] syz.7.648[8423] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  201.438854][ T8423] syz.7.648[8423] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  201.450469][ T8423] syz.7.648[8423] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  202.088212][ T8392] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  202.142461][ T8433] loop3: detected capacity change from 0 to 1024
[  202.244937][ T8435] netlink: 32 bytes leftover after parsing attributes in process `syz.6.650'.
[  202.326848][ T8433] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  202.341551][ T8392] XFS (loop5): Ending clean mount
[  202.366344][ T8443] loop7: detected capacity change from 0 to 256
[  202.376407][ T8392] XFS (loop5): Quotacheck needed: Please wait.
[  202.390341][ T8392] XFS (loop5): Quotacheck: Done.
[  202.422081][   T29] audit: type=1800 audit(1736557663.294:32): pid=8433 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.651" name="bus" dev="loop3" ino=18 res=0 errno=0
[  202.463600][ T8433] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  202.484717][ T8433] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  202.497067][ T8433] EXT4-fs (loop3): This should not happen!! Data will be lost
[  202.497067][ T8433] 
[  202.507036][ T8433] EXT4-fs (loop3): Total free blocks count 0
[  202.513622][ T8433] EXT4-fs (loop3): Free/Dirty block details
[  202.521417][ T8433] EXT4-fs (loop3): free_blocks=68451041280
[  202.534144][ T8433] EXT4-fs (loop3): dirty_blocks=64
[  202.583838][ T8433] EXT4-fs (loop3): Block reservation details
[  202.589914][ T8433] EXT4-fs (loop3): i_reserved_data_blocks=4
[  202.612884][ T5829] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  202.734432][ T8452] loop4: detected capacity change from 0 to 1024
[  202.743782][ T8433] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[  202.835558][ T8452] EXT4-fs (loop4): can't mount with both data=journal and delalloc
[  202.964420][ T5882] usb 2-1: USB disconnect, device number 8
[  203.142976][ T8479] syz.5.655[8479] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  203.143494][ T8479] syz.5.655[8479] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  203.155798][ T8479] syz.5.655[8479] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  204.196468][ T8500] hub 2-0:1.0: USB hub found
[  204.223137][ T8500] hub 2-0:1.0: 1 port detected
[  204.637299][ T8487] netlink: 12 bytes leftover after parsing attributes in process `syz.1.660'.
[  204.813573][ T8501] loop3: detected capacity change from 0 to 2048
[  204.903416][ T8480] loop6: detected capacity change from 0 to 32768
[  204.985480][ T8501] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  205.026550][ T8480] (syz.6.658,8480,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  205.090878][ T8480] (syz.6.658,8480,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  205.172654][ T8501] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  205.188715][ T8501] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28
[  205.202068][ T8501] EXT4-fs (loop3): This should not happen!! Data will be lost
[  205.202068][ T8501] 
[  205.212252][ T8501] EXT4-fs (loop3): Total free blocks count 0
[  205.219094][ T8501] EXT4-fs (loop3): Free/Dirty block details
[  205.225248][ T8501] EXT4-fs (loop3): free_blocks=2415919104
[  205.231002][ T8501] EXT4-fs (loop3): dirty_blocks=64
[  205.236924][ T8501] EXT4-fs (loop3): Block reservation details
[  205.239236][ T8480] JBD2: Ignoring recovery information on journal
[  205.243251][ T8501] EXT4-fs (loop3): i_reserved_data_blocks=4
[  205.282993][ T8501] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  205.425435][ T8480] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  205.544572][ T8534] loop7: detected capacity change from 0 to 512
[  205.712253][ T8531] loop1: detected capacity change from 0 to 32768
[  205.733151][ T8531] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.681 (8531)
[  205.780291][ T8545] netlink: 32 bytes leftover after parsing attributes in process `syz.3.670'.
[  205.789989][ T8531] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  205.812052][ T8534] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  205.819771][ T8538] loop4: detected capacity change from 0 to 8192
[  205.850259][ T8531] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  205.854307][ T8534] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  205.891707][ T8531] BTRFS info (device loop1): using free-space-tree
[  205.892222][ T6865] ocfs2: Unmounting device (7,6) on (node local)
[  205.966735][ T8534] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  206.054724][ T8553] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  206.372693][ T5826] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  206.449810][ T7020] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.592579][ T8574] hub 2-0:1.0: USB hub found
[  206.598375][ T8574] hub 2-0:1.0: 1 port detected
[  207.249091][ T8582] netlink: 12 bytes leftover after parsing attributes in process `syz.6.678'.
[  207.322883][    T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  207.484392][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  207.521887][ T8584] loop5: detected capacity change from 0 to 4096
[  207.575314][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  207.666298][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  207.716134][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  207.759092][    T9] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  207.778573][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.819831][    T9] usb 5-1: Product: syz
[  207.832381][ T8578] loop7: detected capacity change from 0 to 40427
[  207.837160][    T9] usb 5-1: Manufacturer: syz
[  207.866157][    T9] usb 5-1: SerialNumber: syz
[  207.871395][ T8578] F2FS-fs (loop7): build fault injection attr: rate: 691, type: 0x1fffff
[  207.882697][ T8578] F2FS-fs (loop7): heap/no_heap options were deprecated
[  207.902299][ T8578] F2FS-fs (loop7): Image doesn't support compression
[  207.919369][ T8578] F2FS-fs (loop7): build fault injection attr: rate: 0, type: 0x4
[  207.922675][    T9] usb 5-1: config 0 descriptor??
[  207.947032][ T8578] F2FS-fs (loop7): invalid crc value
[  207.965086][   T29] audit: type=1800 audit(1736557668.844:33): pid=8584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.680" name="file1" dev="loop5" ino=30 res=0 errno=0
[  207.996225][ T8578] F2FS-fs (loop7): Found nat_bits in checkpoint
[  208.196556][ T8610] syz.1.676[8610] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  208.196711][ T8610] syz.1.676[8610] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  208.208248][ T8610] syz.1.676[8610] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  208.351047][    T9] adutux 5-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  208.370705][ T8578] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  208.560334][ T8578] F2FS-fs (loop7): Unexpected flush for atomic writes: ino=10, npages=1
[  208.573000][ T8578] syz.7.675: attempt to access beyond end of device
[  208.573000][ T8578] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  208.587361][    T9] usb 5-1: USB disconnect, device number 7
[  208.635646][ T7020] syz-executor: attempt to access beyond end of device
[  208.635646][ T7020] loop7: rw=2049, sector=45104, nr_sectors = 16 limit=40427
[  208.650065][ T7020] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  208.657170][ T7020] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  209.136519][ T8640] hub 2-0:1.0: USB hub found
[  209.142221][ T8640] hub 2-0:1.0: 1 port detected
[  209.557335][ T8643] loop3: detected capacity change from 0 to 128
[  209.791798][ T8643] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  209.842501][ T8650] netlink: 32 bytes leftover after parsing attributes in process `syz.1.694'.
[  209.929943][ T8652] loop6: detected capacity change from 0 to 256
[  209.937465][ T8652] vfat: Bad value for 'shortname'
[  210.004855][ T8659] netlink: 12 bytes leftover after parsing attributes in process `syz.5.696'.
[  210.175690][ T8643] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  210.261863][ T8643] ext2 filesystem being mounted at /134/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  210.887189][ T5839] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  211.786725][ T8718] input: syz0 as /devices/virtual/input/input13
[  211.898452][ T8719] syz.1.701[8719] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  211.898562][ T8719] syz.1.701[8719] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  211.910960][ T8719] syz.1.701[8719] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  211.943544][ T8703] loop6: detected capacity change from 0 to 32768
[  212.051535][ T8703] XFS (loop6): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  212.305298][ T8740] loop7: detected capacity change from 0 to 1024
[  212.323158][ T8703] XFS (loop6): Ending clean mount
[  212.363044][ T8740] EXT4-fs (loop7): can't mount with both data=journal and delalloc
[  212.389767][ T8740] 9pnet_fd: Insufficient options for proto=fd
[  212.437069][ T8741] netlink: 12 bytes leftover after parsing attributes in process `syz.3.715'.
[  212.757158][ T8730] loop5: detected capacity change from 0 to 32768
[  212.765289][ T8744] loop7: detected capacity change from 0 to 1024
[  212.841053][ T8744] EXT4-fs (loop7): can't mount with both data=journal and delalloc
[  212.952294][ T8730] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[  213.144307][ T8744] 9pnet_fd: Insufficient options for proto=fd
[  213.213329][ T8730] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  213.297627][ T8730] Process accounting resumed
[  213.375436][ T6865] XFS (loop6): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  213.432490][ T8760] loop3: detected capacity change from 0 to 512
[  213.467850][ T5829] ocfs2: Unmounting device (7,5) on (node local)
[  214.202617][ T8760] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  214.446117][ T8760] ext4 filesystem being mounted at /139/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  215.020187][ T8760] EXT4-fs error (device loop3): ext4_do_update_inode:5153: inode #2: comm syz.3.719: corrupted inode contents
[  215.049930][ T8760] EXT4-fs error (device loop3): ext4_dirty_inode:6041: inode #2: comm syz.3.719: mark_inode_dirty error
[  215.137548][ T8753] loop1: detected capacity change from 0 to 32768
[  215.165433][ T8785] loop4: detected capacity change from 0 to 512
[  215.239834][ T8760] EXT4-fs error (device loop3): ext4_do_update_inode:5153: inode #2: comm syz.3.719: corrupted inode contents
[  215.310980][ T8785] EXT4-fs warning (device loop4): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  215.335770][ T8785] EXT4-fs warning (device loop4): dx_probe:881: Enable large directory feature to access it
[  215.352992][ T8785] EXT4-fs warning (device loop4): dx_probe:966: inode #2: comm syz.4.725: Corrupt directory, running e2fsck is recommended
[  215.377252][ T8794] loop6: detected capacity change from 0 to 256
[  215.398564][ T8760] EXT4-fs error (device loop3): __ext4_ext_dirty:207: inode #2: comm syz.3.719: mark_inode_dirty error
[  215.489724][ T8785] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117
[  215.498294][ T8785] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.725: corrupted in-inode xattr: invalid ea_ino
[  215.564369][ T8785] EXT4-fs (loop4): Remounting filesystem read-only
[  215.571868][ T8785] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  215.599720][ T8785] EXT4-fs warning (device loop4): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  215.611578][ T8785] EXT4-fs warning (device loop4): dx_probe:881: Enable large directory feature to access it
[  215.622593][ T8785] EXT4-fs warning (device loop4): dx_probe:966: inode #2: comm syz.4.725: Corrupt directory, running e2fsck is recommended
[  215.642021][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.646359][ T8785] EXT4-fs warning (device loop4): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  215.687504][ T8775] loop5: detected capacity change from 0 to 65536
[  215.688899][ T8785] EXT4-fs warning (device loop4): dx_probe:881: Enable large directory feature to access it
[  215.714120][ T8785] EXT4-fs warning (device loop4): dx_probe:966: inode #2: comm syz.4.725: Corrupt directory, running e2fsck is recommended
[  215.737877][ T8805] EXT4-fs warning (device loop4): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  215.753345][ T8805] EXT4-fs warning (device loop4): dx_probe:881: Enable large directory feature to access it
[  215.769951][ T8805] EXT4-fs warning (device loop4): dx_probe:966: inode #2: comm syz.4.725: Corrupt directory, running e2fsck is recommended
[  215.826362][ T8785] EXT4-fs warning (device loop4): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  215.932086][ T8813] loop3: detected capacity change from 0 to 2048
[  216.043119][ T5823] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.062862][ T8808] loop6: detected capacity change from 0 to 32768
[  216.197350][ T8821] loop1: detected capacity change from 0 to 1024
[  216.216974][ T8821] EXT4-fs (loop1): can't mount with both data=journal and delalloc
[  216.257289][ T8808] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  216.266324][ T8808] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  216.298297][ T8808] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  216.300688][ T8775] XFS (loop5): Mounting V5 Filesystem 6653b971-41ab-480a-bd7b-5ff79b9409b5
[  216.310164][ T2142] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  216.321916][ T2142] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  216.383923][ T8821] 9pnet_fd: Insufficient options for proto=fd
[  216.390058][ T8813] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  216.393907][ T2142] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 71ms
[  216.411075][ T8828] netlink: 12 bytes leftover after parsing attributes in process `syz.7.731'.
[  216.454860][ T8835] netlink: 'syz.4.732': attribute type 10 has an invalid length.
[  216.463600][ T2142] gfs2: fsid=syz:syz.0: jid=0: Done
[  216.468898][ T8808] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  216.495631][   T29] audit: type=1800 audit(1736557677.334:34): pid=8813 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.730" name="bus" dev="loop3" ino=18 res=0 errno=0
[  216.579269][ T8835] syz_tun: entered promiscuous mode
[  216.606189][ T8835] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  216.698658][ T8775] XFS (loop5): Ending clean mount
[  216.843706][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.104422][ T8850] loop7: detected capacity change from 0 to 4096
[  217.166031][ T5920] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  217.182301][ T5829] XFS (loop5): Unmounting Filesystem 6653b971-41ab-480a-bd7b-5ff79b9409b5
[  217.322944][ T5920] usb 5-1: Using ep0 maxpacket: 32
[  217.335824][ T5920] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  217.352177][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  217.371092][ T5920] usb 5-1: Product: syz
[  217.375380][ T5920] usb 5-1: Manufacturer: syz
[  217.380010][ T5920] usb 5-1: SerialNumber: syz
[  217.418635][ T5920] usb 5-1: config 0 descriptor??
[  217.436162][ T5920] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  217.597575][ T8867] loop5: detected capacity change from 0 to 128
[  217.695897][ T8863] loop1: detected capacity change from 0 to 2048
[  218.018536][ T8863] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  218.362488][ T8863] IPv6: Can't replace route, no match found
[  218.372721][ T8876] loop7: detected capacity change from 0 to 128
[  218.402758][    T9] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  218.535657][ T5920] gspca_stk1135: reg_w 0x7 err -71
[  218.541997][ T5920] gspca_stk1135: serial bus timeout: status=0x00
[  218.552201][ T5920] gspca_stk1135: Sensor write failed
[  218.573314][    T9] usb 7-1: Using ep0 maxpacket: 16
[  218.574740][ T5920] gspca_stk1135: serial bus timeout: status=0x00
[  218.580519][    T9] usb 7-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9
[  218.620704][    T9] usb 7-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[  218.626567][ T5920] gspca_stk1135: Sensor write failed
[  218.656598][    T9] usb 7-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  218.679989][    T9] usb 7-1: config 0 interface 0 has no altsetting 0
[  218.709644][ T5920] gspca_stk1135: serial bus timeout: status=0x00
[  218.720838][    T9] usb 7-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[  218.738492][ T5920] gspca_stk1135: Sensor read failed
[  218.750729][ T5920] gspca_stk1135: serial bus timeout: status=0x00
[  218.777226][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.788119][ T5920] gspca_stk1135: Sensor read failed
[  218.812913][ T5920] gspca_stk1135: Detected sensor type unknown (0x0)
[  218.826770][    T9] usb 7-1: config 0 descriptor??
[  218.839913][ T5920] gspca_stk1135: serial bus timeout: status=0x00
[  218.848090][ T8890] loop3: detected capacity change from 0 to 1024
[  218.864833][ T5920] gspca_stk1135: Sensor read failed
[  218.870208][ T5920] gspca_stk1135: serial bus timeout: status=0x00
[  218.889265][ T8890] EXT4-fs (loop3): can't mount with both data=journal and delalloc
[  218.917829][ T5920] gspca_stk1135: Sensor read failed
[  218.943062][ T5920] gspca_stk1135: serial bus timeout: status=0x00
[  218.965456][ T8890] 9pnet_fd: Insufficient options for proto=fd
[  218.972016][ T5920] gspca_stk1135: Sensor write failed
[  218.979327][ T5920] gspca_stk1135: serial bus timeout: status=0x00
[  218.999473][ T5920] gspca_stk1135: Sensor write failed
[  219.018997][ T5920] stk1135 5-1:0.0: probe with driver stk1135 failed with error -71
[  219.048409][ T5920] usb 5-1: USB disconnect, device number 8
[  219.217622][ T8899] netlink: 12 bytes leftover after parsing attributes in process `syz.7.749'.
[  219.239771][    T9] logitech 0003:046D:C298.0009: unknown main item tag 0x0
[  219.261218][    T9] logitech 0003:046D:C298.0009: unknown main item tag 0x0
[  219.319610][    T9] logitech 0003:046D:C298.0009: hidraw0: USB HID v0.00 Device [HID 046d:c298] on usb-dummy_hcd.6-1/input0
[  219.343040][    T9] logitech 0003:046D:C298.0009: no inputs found
[  219.500799][ T8904] loop3: detected capacity change from 0 to 128
[  219.518682][    T9] usb 7-1: USB disconnect, device number 3
[  219.622971][ T5882] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  219.753031][  T120] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  219.798241][ T5882] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  219.807243][ T5882] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  219.817624][ T5882] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  219.826854][ T5882] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  219.837979][ T5882] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  219.851498][ T5882] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  219.860658][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  219.868713][ T5882] usb 5-1: Product: syz
[  219.872945][ T5882] usb 5-1: Manufacturer: syz
[  219.882666][ T5882] cdc_wdm 5-1:1.0: skipping garbage
[  219.887953][ T5882] cdc_wdm 5-1:1.0: skipping garbage
[  219.894359][ T5882] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  219.900471][ T5882] cdc_wdm 5-1:1.0: Unknown control protocol
[  219.924249][  T120] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  219.933012][  T120] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  219.946555][ T8910] netlink: 12 bytes leftover after parsing attributes in process `syz.3.753'.
[  219.959269][  T120] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  219.979763][  T120] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  220.005154][  T120] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  220.044569][  T120] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  220.055925][  T120] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  220.095054][  T120] usb 8-1: Product: syz
[  220.124282][  T120] usb 8-1: Manufacturer: syz
[  220.178229][  T120] cdc_wdm 8-1:1.0: skipping garbage
[  220.256496][  T120] cdc_wdm 8-1:1.0: skipping garbage
[  220.263595][  T120] cdc_wdm 8-1:1.0: cdc-wdm1: USB WDM device
[  220.269737][  T120] cdc_wdm 8-1:1.0: Unknown control protocol
[  220.749558][ T8922] netlink: 4 bytes leftover after parsing attributes in process `syz.6.758'.
[  220.761032][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  220.761863][ T5920] usb 5-1: USB disconnect, device number 9
[  220.767641][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  220.767670][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  220.848232][ T8926] loop6: detected capacity change from 0 to 1024
[  220.886006][ T8926] EXT4-fs (loop6): can't mount with both data=journal and delalloc
[  221.082560][ T8926] 9pnet_fd: Insufficient options for proto=fd
[  222.194070][ T8938] dvmrp8: entered allmulticast mode
[  222.240165][ T8942] syz_tun (unregistering): left promiscuous mode
[  222.394667][ T8950] loop6: detected capacity change from 0 to 2048
[  222.493445][ T8950] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  222.536021][   T29] audit: type=1800 audit(1736557683.404:35): pid=8950 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.768" name="file1" dev="loop6" ino=15 res=0 errno=0
[  222.539215][ T8950] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  222.602072][ T8950] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 200 with error 28
[  222.614740][ T5920] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  222.622743][ T8950] EXT4-fs (loop6): This should not happen!! Data will be lost
[  222.622743][ T8950] 
[  222.633353][ T8950] EXT4-fs (loop6): Total free blocks count 0
[  222.639418][ T8950] EXT4-fs (loop6): Free/Dirty block details
[  222.644776][    T9] usb 8-1: USB disconnect, device number 5
[  222.647207][ T8950] EXT4-fs (loop6): free_blocks=66060288
[  222.672582][ T8950] EXT4-fs (loop6): dirty_blocks=208
[  222.689902][ T8950] EXT4-fs (loop6): Block reservation details
[  222.697078][ T8950] EXT4-fs (loop6): i_reserved_data_blocks=13
[  222.760272][ T8967] netlink: 12 bytes leftover after parsing attributes in process `syz.5.771'.
[  222.769806][ T8962] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 15 with max blocks 1 with error 28
[  222.825439][ T5920] usb 5-1: Using ep0 maxpacket: 8
[  222.957194][ T5920] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  222.971378][ T5920] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  222.981754][ T5920] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  223.007533][ T5920] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  223.103531][ T8976] syz.7.774[8976] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  223.104238][ T8976] syz.7.774[8976] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  223.116346][ T8976] syz.7.774[8976] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  223.573276][ T5920] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  223.593988][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.858631][ T5920] usb 5-1: GET_CAPABILITIES returned 0
[  223.864327][ T5920] usbtmc 5-1:16.0: can't read capabilities
[  223.892897][ T8984] loop5: detected capacity change from 0 to 1024
[  223.940756][ T8984] EXT4-fs (loop5): can't mount with both data=journal and delalloc
[  223.982932][ T2142] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  224.160232][ T8984] 9pnet_fd: Insufficient options for proto=fd
[  224.178175][    C1] usbtmc 5-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  224.187970][    C1] usbtmc 5-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  224.197250][    C1] usbtmc 5-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  224.206521][    C1] usbtmc 5-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  224.216082][    C1] usbtmc 5-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  224.225342][    C1] vkms_vblank_simulate: vblank timer overrun
[  225.165215][ T5920] usb 5-1: USB disconnect, device number 10
[  225.203382][ T2142] usb 2-1: Using ep0 maxpacket: 8
[  226.220257][ T2142] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  227.205866][ T2142] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  227.237398][ T2142] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  227.372729][ T2142] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  227.386000][ T2142] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  227.395117][ T2142] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.486716][ T2142] usb 2-1: can't set config #16, error -71
[  227.499448][ T2142] usb 2-1: USB disconnect, device number 9
[  229.149969][ T9007] loop7: detected capacity change from 0 to 1024
[  229.167650][ T9007] EXT4-fs (loop7): can't mount with both data=journal and delalloc
[  229.270869][ T9028] netlink: 32 bytes leftover after parsing attributes in process `syz.5.786'.
[  229.286502][ T9020] netlink: 32 bytes leftover after parsing attributes in process `syz.4.784'.
[  229.351081][ T9031] 9pnet_fd: Insufficient options for proto=fd
[  229.391079][ T9032] netlink: 12 bytes leftover after parsing attributes in process `syz.6.788'.
[  229.426127][ T9029] bridge0: port 3(vlan2) entered blocking state
[  229.543355][ T9029] bridge0: port 3(vlan2) entered disabled state
[  229.608911][ T9029] vlan2: entered allmulticast mode
[  229.808563][ T9029] vlan2: left allmulticast mode
[  230.216096][ T9045] loop7: detected capacity change from 0 to 1024
[  230.513009][  T120] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  230.642663][ T9057] hub 2-0:1.0: USB hub found
[  230.648638][ T9057] hub 2-0:1.0: 1 port detected
[  231.070709][ T9058] netlink: 12 bytes leftover after parsing attributes in process `syz.5.795'.
[  231.097220][ T9045] EXT4-fs: Ignoring removed orlov option
[  231.119451][ T9045] EXT4-fs (loop7): Test dummy encryption mode enabled
[  231.132991][  T120] usb 5-1: Using ep0 maxpacket: 16
[  231.145290][  T120] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  231.158626][ T9045] EXT4-fs (loop7): stripe (7) is not aligned with cluster size (16), stripe is disabled
[  231.176851][  T120] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  231.197810][  T120] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  231.215571][  T120] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  231.225310][  T120] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  231.311512][ T9045] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  231.342967][  T120] usb 5-1: config 0 descriptor??
[  232.175902][ T9069] loop6: detected capacity change from 0 to 1024
[  232.319185][ T9069] EXT4-fs (loop6): can't mount with both data=journal and delalloc
[  232.394332][ T9069] 9pnet_fd: Insufficient options for proto=fd
[  232.443357][  T120] HID 045e:07da: Invalid code 65791 type 1
[  232.992462][  T120] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.000A/input/input14
[  233.022621][ T9081] 9pnet: p9_errstr2errno: server reported unknown error œæç
[  233.077569][  T120] microsoft 0003:045E:07DA.000A: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  233.133983][ T9045] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  233.163334][  T120] usb 5-1: USB disconnect, device number 11
[  233.308528][ T9089] netlink: 12 bytes leftover after parsing attributes in process `syz.5.806'.
[  233.334017][ T7020] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.465622][ T9102] netlink: 8 bytes leftover after parsing attributes in process `syz.1.804'.
[  233.574763][ T9103] netlink: 32 bytes leftover after parsing attributes in process `syz.6.805'.
[  234.763911][ T9102] netlink: 32 bytes leftover after parsing attributes in process `syz.1.804'.
[  234.833701][ T9114] tmpfs: Unknown parameter 'mp'
[  236.651846][ T9130] netlink: 32 bytes leftover after parsing attributes in process `syz.4.811'.
[  237.474536][ T9138] hub 2-0:1.0: USB hub found
[  237.483358][ T9138] hub 2-0:1.0: 1 port detected
[  237.958278][ T9133] loop5: detected capacity change from 0 to 1024
[  237.983005][ T9133] EXT4-fs (loop5): can't mount with both data=journal and delalloc
[  238.150958][ T9133] 9pnet_fd: Insufficient options for proto=fd
[  238.191503][ T9145] loop3: detected capacity change from 0 to 128
[  238.375903][   T29] audit: type=1326 audit(1736557699.174:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9142 comm="syz.4.817" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f314eb85d29 code=0x0
[  238.446981][ T9153] loop6: detected capacity change from 0 to 1024
[  238.454115][ T9153] EXT4-fs: Ignoring removed orlov option
[  238.459861][ T9153] EXT4-fs: Ignoring removed nomblk_io_submit option
[  238.981756][ T9147] loop1: detected capacity change from 0 to 32768
[  239.058942][ T9145] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  239.098688][ T9153] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  239.126096][ T9145] ext4 filesystem being mounted at /160/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  239.261253][ T6865] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.291731][ T9147] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  239.717131][ T2142] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  240.006842][ T9174] tmpfs: Unknown parameter 'mp'
[  240.571135][ T5839] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  240.612588][ T9178] netlink: 12 bytes leftover after parsing attributes in process `syz.5.821'.
[  240.624761][ T5826] ocfs2: Unmounting device (7,1) on (node local)
[  240.852837][ T2142] usb 5-1: Using ep0 maxpacket: 8
[  240.873405][ T2142] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  240.887732][ T2142] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  241.228587][ T2142] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  241.239320][ T2142] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  241.253361][ T2142] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  241.263004][ T2142] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.579740][ T9186] netlink: 12 bytes leftover after parsing attributes in process `syz.3.825'.
[  241.600562][ T2142] usb 5-1: usb_control_msg returned -32
[  241.606270][ T2142] usbtmc 5-1:16.0: can't read capabilities
[  241.897866][ T9198] hub 2-0:1.0: USB hub found
[  241.904847][ T9198] hub 2-0:1.0: 1 port detected
[  242.505144][ T9204] netlink: 8 bytes leftover after parsing attributes in process `syz.5.829'.
[  242.542946][ T9204] netlink: 32 bytes leftover after parsing attributes in process `syz.5.829'.
[  242.754573][ T9213] netlink: 12 bytes leftover after parsing attributes in process `syz.1.832'.
[  242.780830][ T9214] netlink: 32 bytes leftover after parsing attributes in process `syz.6.830'.
[  243.070253][ T9216] syz.7.824[9216] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  243.070332][ T9216] syz.7.824[9216] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  243.081801][ T9216] syz.7.824[9216] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  243.219279][ T9224] loop5: detected capacity change from 0 to 1024
[  243.243081][ T9223] netlink: 32 bytes leftover after parsing attributes in process `syz.3.831'.
[  243.337492][ T9224] EXT4-fs (loop5): can't mount with both data=journal and delalloc
[  243.406572][ T2142] usb 5-1: USB disconnect, device number 12
[  243.585796][ T9226] loop4: detected capacity change from 0 to 1024
[  243.597038][ T9226] EXT4-fs (loop4): can't mount with both data=journal and delalloc
[  243.798746][ T9226] 9pnet_fd: Insufficient options for proto=fd
[  244.874391][  T120] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  244.994535][ T9247] tmpfs: Unknown parameter 'mp'
[  245.714777][ T9253] syz.1.841[9253] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  245.715298][ T9253] syz.1.841[9253] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  245.727722][ T9253] syz.1.841[9253] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  246.167101][  T120] usb 7-1: Using ep0 maxpacket: 32
[  246.212248][ T9255] usb usb8: usbfs: process 9255 (syz.3.844) did not claim interface 0 before use
[  246.309630][  T120] usb 7-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  246.330776][  T120] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.353595][  T120] usb 7-1: config 0 descriptor??
[  246.369897][  T120] gspca_main: sunplus-2.14.0 probing 041e:400b
[  247.340310][ T9263] hub 2-0:1.0: USB hub found
[  247.345216][ T9263] hub 2-0:1.0: 1 port detected
[  247.449503][  T120] gspca_sunplus: reg_w_riv err -110
[  247.454933][  T120] sunplus 7-1:0.0: probe with driver sunplus failed with error -110
[  247.769917][  T120] usb 7-1: USB disconnect, device number 4
[  249.535159][ T9287] hub 2-0:1.0: USB hub found
[  249.539977][ T9287] hub 2-0:1.0: 1 port detected
[  249.835136][ T9285] netlink: 12 bytes leftover after parsing attributes in process `syz.5.853'.
[  249.971175][ T9294] hub 2-0:1.0: USB hub found
[  249.983139][ T9294] hub 2-0:1.0: 1 port detected
[  250.867765][ T9295] netlink: 12 bytes leftover after parsing attributes in process `syz.1.855'.
[  251.807779][ T9307] netlink: 12 bytes leftover after parsing attributes in process `syz.3.854'.
[  252.537489][ T9312] tmpfs: Unknown parameter 'mp'
[  254.209606][ T9325] hub 2-0:1.0: USB hub found
[  254.215880][ T9325] hub 2-0:1.0: 1 port detected
[  254.878959][ T9336] netlink: 32 bytes leftover after parsing attributes in process `syz.7.862'.
[  254.990697][ T9344] syz.1.866[9344] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  254.991253][ T9344] syz.1.866[9344] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  255.003641][ T9344] syz.1.866[9344] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  255.433411][ T9345] netlink: 32 bytes leftover after parsing attributes in process `syz.6.861'.
[  255.454921][ T9346] netlink: 8 bytes leftover after parsing attributes in process `syz.5.864'.
[  255.468500][ T9346] netlink: 32 bytes leftover after parsing attributes in process `syz.5.864'.
[  255.519019][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  255.665331][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  257.013062][ T9355] syz.3.867[9355] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  257.013156][ T9355] syz.3.867[9355] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  257.025816][ T9355] syz.3.867[9355] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  257.280683][ T9360] loop4: detected capacity change from 0 to 1024
[  257.304712][ T9360] EXT4-fs (loop4): can't mount with both data=journal and delalloc
[  260.007877][ T9391] loop4: detected capacity change from 0 to 1024
[  260.042385][ T9393] netlink: 32 bytes leftover after parsing attributes in process `syz.1.873'.
[  260.055938][ T9391] EXT4-fs (loop4): can't mount with both data=journal and delalloc
[  260.212211][ T9394] syz.5.871[9394] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  260.212314][ T9394] syz.5.871[9394] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  260.223861][ T9394] syz.5.871[9394] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  260.825080][ T9390] 9pnet_fd: Insufficient options for proto=fd
[  261.150013][ T9399] loop5: detected capacity change from 0 to 1024
[  261.201618][ T9407] netlink: 12 bytes leftover after parsing attributes in process `syz.3.880'.
[  261.255321][ T9399] EXT4-fs (loop5): can't mount with both data=journal and delalloc
[  261.266486][ T9409] netlink: 12 bytes leftover after parsing attributes in process `syz.4.879'.
[  261.364902][ T9399] 9pnet_fd: Insufficient options for proto=fd
[  261.392739][ T9415] netlink: 32 bytes leftover after parsing attributes in process `syz.6.877'.
[  261.548094][ T9416] syz.7.874[9416] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  261.548199][ T9416] syz.7.874[9416] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  261.559764][ T9416] syz.7.874[9416] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  262.246148][ T9423] hub 2-0:1.0: USB hub found
[  262.263306][ T9423] hub 2-0:1.0: 1 port detected
[  262.744342][ T9422] netlink: 12 bytes leftover after parsing attributes in process `syz.5.881'.
[  263.177447][ T9426] hub 2-0:1.0: USB hub found
[  263.182321][ T9426] hub 2-0:1.0: 1 port detected
[  263.288211][ T9433] hub 2-0:1.0: USB hub found
[  263.294330][ T9433] hub 2-0:1.0: 1 port detected
[  264.093298][ T9438] tmpfs: Unknown parameter 'mp'
[  271.228408][ T9485] netlink: 12 bytes leftover after parsing attributes in process `syz.1.895'.
[  271.653774][ T9492] hub 2-0:1.0: USB hub found
[  271.659836][ T9492] hub 2-0:1.0: 1 port detected
[  272.073556][ T9493] netlink: 12 bytes leftover after parsing attributes in process `syz.5.899'.
[  272.106704][ T9494] netlink: 32 bytes leftover after parsing attributes in process `syz.7.898'.
[  272.634323][ T9503] hub 2-0:1.0: USB hub found
[  272.643110][ T9503] hub 2-0:1.0: 1 port detected
[  273.211758][ T9504] netlink: 12 bytes leftover after parsing attributes in process `syz.1.901'.
[  273.568278][ T9512] hub 2-0:1.0: USB hub found
[  273.574083][ T9512] hub 2-0:1.0: 1 port detected
[  274.972222][ T9521] tmpfs: Unknown parameter 'mp'
[  280.163843][ T9556] netlink: 12 bytes leftover after parsing attributes in process `syz.4.914'.
[  280.203233][ T9545] netlink: 12 bytes leftover after parsing attributes in process `syz.3.913'.
[  280.286791][ T9562] netlink: 32 bytes leftover after parsing attributes in process `syz.7.912'.
[  281.274642][ T9574] hub 2-0:1.0: USB hub found
[  281.280359][ T9574] hub 2-0:1.0: 1 port detected
[  281.441788][ T9576] hub 2-0:1.0: USB hub found
[  281.449711][ T9576] hub 2-0:1.0: 1 port detected
[  282.234752][ T9581] hub 2-0:1.0: USB hub found
[  282.240007][ T9581] hub 2-0:1.0: 1 port detected
[  282.723883][ T9583] tmpfs: Unknown parameter 'mp'
[  289.692565][ T9632] netlink: 12 bytes leftover after parsing attributes in process `syz.3.930'.
[  289.997255][ T9637] hub 2-0:1.0: USB hub found
[  290.002239][ T9637] hub 2-0:1.0: 1 port detected
[  290.243884][ T9629] tmpfs: Unknown parameter 'mp'
[  290.974576][ T9647] hub 2-0:1.0: USB hub found
[  290.980459][ T9647] hub 2-0:1.0: 1 port detected
[  292.680050][ T9636] netlink: 32 bytes leftover after parsing attributes in process `syz.6.931'.
[  297.799640][ T9694] netlink: 32 bytes leftover after parsing attributes in process `syz.7.941'.
[  301.308469][ T9718] netlink: 12 bytes leftover after parsing attributes in process `syz.4.951'.
[  301.349969][ T9714] hub 2-0:1.0: USB hub found
[  301.452918][ T9714] hub 2-0:1.0: 1 port detected
[  302.377081][ T9721] hub 2-0:1.0: USB hub found
[  302.382034][ T9721] hub 2-0:1.0: 1 port detected
[  302.610045][ T9727] tmpfs: Unknown parameter 'mp'
[  309.050240][ T9777] hub 2-0:1.0: USB hub found
[  309.063086][ T9777] hub 2-0:1.0: 1 port detected
[  310.139552][ T9782] netlink: 12 bytes leftover after parsing attributes in process `syz.4.966'.
[  310.507730][ T9794] tmpfs: Unknown parameter 'mp'
[  311.888444][ T9805] hub 2-0:1.0: USB hub found
[  311.894795][ T9805] hub 2-0:1.0: 1 port detected
[  312.315595][ T9788] netlink: 32 bytes leftover after parsing attributes in process `syz.5.969'.
[  312.443846][ T9803] netlink: 12 bytes leftover after parsing attributes in process `syz.3.974'.
[  317.777865][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  317.792325][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  320.900292][ T9847] hub 2-0:1.0: USB hub found
[  320.905960][ T9847] hub 2-0:1.0: 1 port detected
[  321.465502][ T9845] netlink: 32 bytes leftover after parsing attributes in process `syz.5.983'.
[  322.527626][ T9865] tmpfs: Unknown parameter 'mp'
[  323.175429][ T9869] netlink: 32 bytes leftover after parsing attributes in process `syz.4.985'.
[  326.815746][ T9899] netlink: 12 bytes leftover after parsing attributes in process `syz.5.993'.
[  326.938753][ T9908] netlink: 68 bytes leftover after parsing attributes in process `syz.5.993'.
[  328.140889][ T9900] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[  328.210935][ T9917] netlink: 32 bytes leftover after parsing attributes in process `syz.7.998'.
[  328.347764][ T9910] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  328.742054][ T9927] hub 2-0:1.0: USB hub found
[  328.759255][ T9927] hub 2-0:1.0: 1 port detected
[  331.462456][ T9940] tmpfs: Unknown parameter 'mp'
[  339.696849][T10001] tmpfs: Unknown parameter 'mp'
[  340.266270][T10002] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1014'.
[  344.983310][T10046] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1024'.
[  345.792965][T10051] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1029'.
[  345.893138][T10055] netlink: 68 bytes leftover after parsing attributes in process `syz.7.1024'.
[  347.448521][ T5879] usb 2-1: new full-speed USB device number 10 using dummy_hcd
[  349.129628][T10088] tmpfs: Unknown parameter 'mp'
[  350.103769][ T5879] usb 2-1: unable to read config index 0 descriptor/all
[  350.110804][ T5879] usb 2-1: can't read configurations, error -71
[  351.002996][T10108] syz.3.1041[10108] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  351.004991][T10108] syz.3.1041[10108] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  351.393242][T10108] syz.3.1041[10108] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  352.769083][T10127] syz.6.1045[10127] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  352.780698][T10127] syz.6.1045[10127] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  352.792679][T10127] syz.6.1045[10127] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  353.241768][T10120] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1043'.
[  353.461285][T10134] loop4: detected capacity change from 0 to 2048
[  353.667234][T10134] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  354.501064][T10141] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1046'.
[  354.602910][T10134] overlayfs: upper fs needs to support d_type.
[  354.609752][T10134] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  354.667682][T10134] overlayfs: failed to set xattr on upper
[  355.080001][T10134] overlayfs: ...falling back to redirect_dir=nofollow.
[  355.327062][T10134] overlayfs: ...falling back to index=off.
[  355.333246][T10134] overlayfs: ...falling back to uuid=null.
[  357.181654][ T5823] UDF-fs: error (device loop4): udf_read_inode: (ino 1317) failed !bh
[  357.195029][ T5823] UDF-fs: error (device loop4): udf_read_inode: (ino 1317) failed !bh
[  357.503863][T10179] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1056'.
[  358.047490][T10182] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1051'.
[  358.118122][ T9155] bond0: (slave syz_tun): Releasing backup interface
[  358.490661][   T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.565252][   T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.670338][T10187] loop6: detected capacity change from 0 to 1024
[  358.693496][T10187] EXT4-fs: Ignoring removed bh option
[  358.802061][T10194] syz.1.1052[10194] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  358.802159][T10194] syz.1.1052[10194] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  358.814265][T10194] syz.1.1052[10194] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  359.765444][   T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.935281][T10187] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  360.019742][T10187] ext4 filesystem being mounted at /109/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  360.038077][   T29] audit: type=1800 audit(1736557820.914:37): pid=10187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1061" name="file1" dev="loop6" ino=15 res=0 errno=0
[  360.060785][T10187] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.1061: bg 0: block 273: padding at end of block bitmap is not set
[  360.162232][ T6865] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  360.199815][T10184] loop5: detected capacity change from 0 to 32768
[  360.221558][   T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.248715][ T5830] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  360.257285][ T5830] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  360.268401][ T5830] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  360.286141][ T5830] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  360.335694][ T5830] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  360.347674][T10184] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1059 (10184)
[  360.393456][ T5830] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  360.829522][ T5828] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  360.836882][ T5828] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  360.852358][ T5828] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  360.859997][ T5828] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  360.867693][ T5828] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  360.875082][ T5828] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  360.889891][T10184] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  360.908670][T10184] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  360.925857][T10184] BTRFS info (device loop5): using free-space-tree
[  361.403897][T10237] hub 2-0:1.0: USB hub found
[  361.412977][T10237] hub 2-0:1.0: 1 port detected
[  361.762253][T10238] syz.7.1068[10238] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  361.762351][T10238] syz.7.1068[10238] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  361.774646][T10238] syz.7.1068[10238] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  362.153047][T10184] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  362.178022][T10184] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  362.220777][T10184] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  362.388229][T10184] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  362.484615][T10256] tmpfs: Unknown parameter 'mp'
[  362.521267][T10184] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  362.920389][T10184] BTRFS error (device loop5): open_ctree failed
[  362.947551][T10257] loop7: detected capacity change from 0 to 1024
[  362.977771][   T35] bridge_slave_1: left allmulticast mode
[  363.000152][   T29] audit: type=1800 audit(1736557823.874:38): pid=10257 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1071" name="file1" dev="loop7" ino=20 res=0 errno=0
[  363.003149][T10257] syz.7.1071: attempt to access beyond end of device
[  363.003149][T10257] loop7: rw=0, sector=5778, nr_sectors = 2 limit=1024
[  363.041237][   T35] bridge_slave_1: left promiscuous mode
[  363.047612][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  363.107560][T10231] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1067'.
[  363.129214][ T5830] Bluetooth: hci0: command tx timeout
[  363.291546][   T35] bridge_slave_0: left allmulticast mode
[  363.388004][   T35] bridge_slave_0: left promiscuous mode
[  363.403055][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  363.537899][T10272] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1073'.
[  365.735228][ T5830] Bluetooth: hci0: command tx timeout
[  367.789088][T10310] loop1: detected capacity change from 0 to 1024
[  367.819913][ T5830] Bluetooth: hci0: command tx timeout
[  367.828310][T10310] EXT4-fs (loop1): can't mount with both data=journal and delalloc
[  367.879676][T10310] 9pnet_fd: Insufficient options for proto=fd
[  368.030552][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  368.045740][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  368.057784][   T35] bond0 (unregistering): Released all slaves
[  368.238213][T10325] tmpfs: Unknown parameter 'mp'
[  368.668395][T10205] chnl_net:caif_netlink_parms(): no params data found
[  368.882420][T10205] bridge0: port 1(bridge_slave_0) entered blocking state
[  369.203435][T10205] bridge0: port 1(bridge_slave_0) entered disabled state
[  369.288183][T10205] bridge_slave_0: entered allmulticast mode
[  369.387265][T10205] bridge_slave_0: entered promiscuous mode
[  369.388799][T10338] loop6: detected capacity change from 0 to 256
[  369.411233][T10205] bridge0: port 2(bridge_slave_1) entered blocking state
[  369.421691][T10205] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.434678][T10338] exFAT-fs (loop6): bogus allocation bitmap size(need : 2, cur : 4294967295)
[  369.443977][T10338] exFAT-fs (loop6): failed to load alloc-bitmap
[  369.450325][T10338] exFAT-fs (loop6): failed to recognize exfat type
[  369.460495][T10338] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1091'.
[  369.474770][T10205] bridge_slave_1: entered allmulticast mode
[  369.489593][T10205] bridge_slave_1: entered promiscuous mode
[  369.799964][   T35] hsr_slave_0: left promiscuous mode
[  369.812023][   T35] hsr_slave_1: left promiscuous mode
[  369.824508][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  369.824956][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  369.829107][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  369.829132][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  369.833372][   T35] veth1_macvtap: left promiscuous mode
[  369.833425][   T35] veth0_macvtap: left promiscuous mode
[  369.833527][   T35] veth1_vlan: left promiscuous mode
[  369.833599][   T35] veth0_vlan: left promiscuous mode
[  369.895722][ T5920] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  369.900918][ T5830] Bluetooth: hci0: command tx timeout
[  369.906496][T10348] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1092'.
[  370.057734][ T5920] usb 8-1: Using ep0 maxpacket: 32
[  370.072645][ T5920] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  370.093867][ T5920] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  370.093896][ T5920] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  370.093916][ T5920] usb 8-1: Product: syz
[  370.093931][ T5920] usb 8-1: Manufacturer: syz
[  370.093945][ T5920] usb 8-1: SerialNumber: syz
[  370.190383][T10362] loop6: detected capacity change from 0 to 1024
[  370.199569][ T5920] usb 8-1: config 0 descriptor??
[  370.219213][T10345] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  370.256881][T10362] EXT4-fs (loop6): can't mount with both data=journal and delalloc
[  370.362675][T10362] 9pnet_fd: Insufficient options for proto=fd
[  370.400873][   T35] team0 (unregistering): Port device team_slave_1 removed
[  370.427377][   T35] team0 (unregistering): Port device team_slave_0 removed
[  370.542126][ T5920] usb 8-1: USB disconnect, device number 6
[  370.575609][T10372] loop6: detected capacity change from 0 to 1024
[  370.609940][T10372] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  370.638897][T10205] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  370.669975][T10372] EXT4-fs error (device loop6): ext4_xattr_inode_iget:440: inode #11: comm syz.6.1103: missing EA_INODE flag
[  370.698288][T10205] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  370.718144][T10372] EXT4-fs (loop6): Remounting filesystem read-only
[  370.725773][T10372] EXT4-fs warning (device loop6): ext4_xattr_inode_dec_ref_all:1229: inode #18: comm syz.6.1103: ea_inode dec ref err=-5
[  370.738995][T10372] EXT4-fs warning (device loop6): ext4_evict_inode:276: xattr delete (err -5)
[  370.777302][T10380] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1102'.
[  370.979495][T10205] team0: Port device team_slave_0 added
[  371.072013][T10205] team0: Port device team_slave_1 added
[  371.081686][ T6865] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  371.201864][T10205] batman_adv: batadv0: Adding interface: batadv_slave_0
[  371.247881][T10205] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  371.396275][T10205] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  371.409169][T10205] batman_adv: batadv0: Adding interface: batadv_slave_1
[  371.416384][T10205] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  371.444317][T10205] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  371.702247][T10393] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1108'.
[  371.980565][T10397] loop7: detected capacity change from 0 to 1024
[  372.005407][T10397] EXT4-fs (loop7): can't mount with both data=journal and delalloc
[  372.039666][   T35] IPVS: stop unused estimator thread 0...
[  372.055072][T10397] 9pnet_fd: Insufficient options for proto=fd
[  372.222932][T10205] hsr_slave_0: entered promiscuous mode
[  372.239167][T10205] hsr_slave_1: entered promiscuous mode
[  372.252754][T10205] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  372.269302][T10205] Cannot create hsr debugfs directory
[  372.474975][T10419] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1113'.
[  372.683080][    T8] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  372.800454][T10411] loop1: detected capacity change from 0 to 32768
[  373.438515][    T8] usb 8-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice= 0.00
[  373.448442][    T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  373.466638][    T8] usb 8-1: config 0 descriptor??
[  373.523257][T10411] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[  373.584151][T10433] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1118'.
[  373.701896][T10205] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  373.725586][T10205] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  373.737737][T10205] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  373.743593][T10411] loop1: detected capacity change from 32768 to 0
[  373.752200][T10428] jbd2/loop1-75: attempt to access beyond end of device
[  373.752200][T10428] loop1: rw=38913, sector=642, nr_sectors = 1 limit=0
[  373.772057][T10205] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  373.805607][T10428] jbd2/loop1-75: attempt to access beyond end of device
[  373.805607][T10428] loop1: rw=38913, sector=643, nr_sectors = 1 limit=0
[  373.854363][T10428] jbd2/loop1-75: attempt to access beyond end of device
[  373.854363][T10428] loop1: rw=38913, sector=644, nr_sectors = 1 limit=0
[  373.868629][T10428] jbd2/loop1-75: attempt to access beyond end of device
[  373.868629][T10428] loop1: rw=38913, sector=645, nr_sectors = 1 limit=0
[  373.882415][T10428] jbd2/loop1-75: attempt to access beyond end of device
[  373.882415][T10428] loop1: rw=38913, sector=646, nr_sectors = 1 limit=0
[  373.897173][T10428] Aborting journal on device loop1-75.
[  373.904413][T10428] jbd2/loop1-75: attempt to access beyond end of device
[  373.904413][T10428] loop1: rw=38913, sector=640, nr_sectors = 1 limit=0
[  373.918227][T10428] Buffer I/O error on dev loop1, logical block 640, lost sync page write
[  373.929881][    T8] playstation 0003:054C:0DF2.000B: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.7-1/input0
[  373.946818][T10428] JBD2: I/O error when updating journal superblock for loop1-75.
[  373.980259][T10439] (syz.1.1116,10439,0):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options
[  373.995823][T10205] 8021q: adding VLAN 0 to HW filter on device bond0
[  374.024796][T10205] 8021q: adding VLAN 0 to HW filter on device team0
[  374.040757][ T5826] syz-executor: attempt to access beyond end of device
[  374.040757][ T5826] loop1: rw=0, sector=17057, nr_sectors = 1 limit=0
[  374.046784][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  374.061201][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  374.083929][ T5826] (syz-executor,5826,0):ocfs2_read_locked_inode:521 ERROR: status = -5
[  374.131190][ T5826] syz-executor: attempt to access beyond end of device
[  374.131190][ T5826] loop1: rw=0, sector=17057, nr_sectors = 1 limit=0
[  374.131265][    T8] playstation 0003:054C:0DF2.000B: Invalid byte count transferred, expected 20 got 0
[  374.155711][    T8] playstation 0003:054C:0DF2.000B: Failed to retrieve DualSense pairing info: -22
[  374.170817][T10443] netlink: 'syz.6.1122': attribute type 10 has an invalid length.
[  374.179546][    T8] playstation 0003:054C:0DF2.000B: Failed to get MAC address from DualSense
[  374.189394][    T8] playstation 0003:054C:0DF2.000B: Failed to create dualsense.
[  374.200516][    T8] playstation 0003:054C:0DF2.000B: probe with driver playstation failed with error -22
[  374.215686][ T5826] (syz-executor,5826,0):ocfs2_read_locked_inode:521 ERROR: status = -5
[  374.228265][ T1078] bridge0: port 2(bridge_slave_1) entered blocking state
[  374.235403][ T1078] bridge0: port 2(bridge_slave_1) entered forwarding state
[  374.290161][T10443] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  374.370789][ T5920] usb 8-1: USB disconnect, device number 7
[  374.395632][ T8461] syz.1.657: attempt to access beyond end of device
[  374.395632][ T8461] loop1: rw=1, sector=17024, nr_sectors = 1 limit=0
[  374.404790][T10205] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  374.408983][ T8461] Buffer I/O error on dev loop1, logical block 17024, lost sync page write
[  374.419134][T10205] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  374.428398][ T8461] (syz.1.657,8461,0):ocfs2_write_block:78 ERROR: status = -5
[  374.445920][ T8461] (syz.1.657,8461,0):ocfs2_update_disk_slot:199 ERROR: status = -5
[  374.473044][ T8461] (syz.1.657,8461,0):ocfs2_put_slot:517 ERROR: status = -5
[  374.582746][ T8461] (syz.1.657,8461,1):ocfs2_journal_shutdown:1085 ERROR: status = -5
[  374.617611][ T8461] ocfs2: Unmounting device (7,1) on (node local)
[  374.731003][T10205] 8021q: adding VLAN 0 to HW filter on device batadv0
[  375.310071][   T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  375.344692][T10460] vlan3: entered promiscuous mode
[  375.349759][T10460] vlan1: entered promiscuous mode
[  375.397183][T10460] vlan3: entered allmulticast mode
[  375.412163][T10460] vlan1: entered allmulticast mode
[  375.585565][T10460] vlan1: left allmulticast mode
[  375.590480][T10460] vlan1: left promiscuous mode
[  376.111490][   T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.259382][   T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.380296][ T5828] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  376.388068][ T5828] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  376.422143][ T5828] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  376.459757][   T29] audit: type=1107 audit(1736557837.334:39): pid=10486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='P'
[  376.521523][ T5828] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  376.529225][ T5828] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  376.541798][ T5828] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  376.634537][   T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.884808][T10498] syz.6.1142[10498] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  376.884912][T10498] syz.6.1142[10498] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  376.896553][T10498] syz.6.1142[10498] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  377.133052][T10205] veth0_vlan: entered promiscuous mode
[  377.157096][T10505] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1138'.
[  377.280439][T10205] veth1_vlan: entered promiscuous mode
[  377.336890][T10205] veth0_macvtap: entered promiscuous mode
[  377.481360][T10205] veth1_macvtap: entered promiscuous mode
[  377.560177][   T11] bridge_slave_1: left allmulticast mode
[  377.569063][   T11] bridge_slave_1: left promiscuous mode
[  378.109289][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.292154][   T11] bridge_slave_0: left allmulticast mode
[  378.297918][   T11] bridge_slave_0: left promiscuous mode
[  378.303811][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.386722][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  378.394681][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  378.603541][ T5828] Bluetooth: hci1: command tx timeout
[  378.640981][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  378.806926][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  378.934732][   T11] bond0 (unregistering): Released all slaves
[  378.955268][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  378.966142][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  378.978730][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  378.981671][T10538] loop5: detected capacity change from 0 to 64
[  378.990724][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.011949][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  379.028924][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.043245][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  379.054011][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.064578][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  379.075367][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.088478][T10205] batman_adv: batadv0: Interface activated: batadv_slave_0
[  379.430031][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  379.441036][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.451238][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  379.468394][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.525650][T10557] syz.5.1154[10557] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  379.526037][T10557] syz.5.1154[10557] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  379.537987][T10557] syz.5.1154[10557] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  379.659127][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  379.824322][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.899504][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  379.911983][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.922059][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  379.933434][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.944806][T10205] batman_adv: batadv0: Interface activated: batadv_slave_1
[  379.952896][    T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  379.967877][T10555] netlink: 'syz.6.1156': attribute type 12 has an invalid length.
[  379.985304][T10205] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  379.996946][T10205] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  380.022940][T10205] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  380.031699][T10205] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  380.144988][    T9] usb 4-1: Using ep0 maxpacket: 8
[  380.151967][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  380.181904][    T9] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  380.194094][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.245801][    T9] usb 4-1: config 0 descriptor??
[  380.254989][T10482] chnl_net:caif_netlink_parms(): no params data found
[  380.275754][T10567] loop6: detected capacity change from 0 to 1024
[  380.292187][T10566] syzkaller0: entered promiscuous mode
[  380.311116][T10566] syzkaller0: entered allmulticast mode
[  380.390178][   T11] hsr_slave_0: left promiscuous mode
[  380.399875][   T11] hsr_slave_1: left promiscuous mode
[  380.408356][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  380.423098][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  380.438677][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  380.449649][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  380.478199][   T11] veth1_macvtap: left promiscuous mode
[  380.489810][   T11] veth0_macvtap: left promiscuous mode
[  380.503681][    T9] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  380.516736][   T11] veth1_vlan: left promiscuous mode
[  380.522017][   T11] veth0_vlan: left promiscuous mode
[  380.620362][T10577] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1160'.
[  380.683033][ T5828] Bluetooth: hci1: command tx timeout
[  381.302850][   T11] team0 (unregistering): Port device team_slave_1 removed
[  381.316158][   T11] team0 (unregistering): Port device team_slave_0 removed
[  381.428337][ T5920] usb 4-1: USB disconnect, device number 6
[  381.601077][T10586] loop7: detected capacity change from 0 to 16
[  381.607990][T10586] MTD: Attempt to mount non-MTD device "/dev/loop7"
[  381.623105][ T1078] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  381.630973][ T1078] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  381.866988][T10482] bridge0: port 1(bridge_slave_0) entered blocking state
[  381.887077][T10482] bridge0: port 1(bridge_slave_0) entered disabled state
[  381.957078][T10482] bridge_slave_0: entered allmulticast mode
[  382.050433][T10482] bridge_slave_0: entered promiscuous mode
[  382.094229][ T3579] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  382.120408][T10482] bridge0: port 2(bridge_slave_1) entered blocking state
[  382.141169][ T3579] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  382.171000][T10594] loop7: detected capacity change from 0 to 1024
[  382.180055][T10482] bridge0: port 2(bridge_slave_1) entered disabled state
[  382.223368][T10594] EXT4-fs (loop7): can't mount with both data=journal and delalloc
[  382.238333][T10482] bridge_slave_1: entered allmulticast mode
[  382.315422][T10482] bridge_slave_1: entered promiscuous mode
[  383.503202][ T5828] Bluetooth: hci1: command tx timeout
[  383.519630][T10593] 9pnet_fd: Insufficient options for proto=fd
[  383.679236][T10482] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  383.780304][T10482] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  383.808610][T10617] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1171'.
[  383.910411][T10482] team0: Port device team_slave_0 added
[  383.928815][T10482] team0: Port device team_slave_1 added
[  384.017401][T10623] syz.7.1170[10623] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  384.017812][T10623] syz.7.1170[10623] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  384.029991][T10623] syz.7.1170[10623] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  384.303062][T10622] loop6: detected capacity change from 0 to 1024
[  384.462874][  T120] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[  385.098883][  T120] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  385.112907][  T120] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  385.141246][  T120] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  385.151415][T10482] batman_adv: batadv0: Adding interface: batadv_slave_0
[  385.158737][  T120] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.173704][T10633] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1174'.
[  385.188015][T10633] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1174'.
[  385.199860][T10482] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  385.226929][T10482] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  385.244480][  T120] usb 9-1: Product: syz
[  385.248658][  T120] usb 9-1: Manufacturer: syz
[  385.374434][  T120] usb 9-1: SerialNumber: syz
[  385.410401][T10640] netlink: 32 bytes leftover after parsing attributes in process `syz.7.1175'.
[  385.463482][T10482] batman_adv: batadv0: Adding interface: batadv_slave_1
[  385.476630][T10482] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  385.577707][ T5828] Bluetooth: hci1: command tx timeout
[  385.602653][  T120] usb 9-1: 0:2 : does not exist
[  385.615692][T10482] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  385.631300][  T120] usb 9-1: 5:0: failed to get current value for ch 0 (-22)
[  386.463717][  T120] usb 9-1: USB disconnect, device number 2
[  386.696264][ T9711] udevd[9711]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  386.777436][T10639] loop3: detected capacity change from 0 to 32768
[  386.778429][T10482] hsr_slave_0: entered promiscuous mode
[  386.792681][T10639] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1176 (10639)
[  386.833829][T10482] hsr_slave_1: entered promiscuous mode
[  386.853196][T10482] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  386.860918][T10482] Cannot create hsr debugfs directory
[  386.869778][T10655] loop6: detected capacity change from 0 to 1024
[  386.897605][T10655] EXT4-fs (loop6): can't mount with both data=journal and delalloc
[  386.905749][T10639] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  386.922263][T10639] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  386.952730][T10639] BTRFS info (device loop3): disk space caching is enabled
[  386.960455][T10639] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  387.009312][T10655] 9pnet_fd: Insufficient options for proto=fd
[  387.037586][T10639] BTRFS info (device loop3): rebuilding free space tree
[  387.086677][T10639] BTRFS info (device loop3): disabling free space tree
[  387.105549][T10639] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  387.111382][T10680] loop8: detected capacity change from 0 to 128
[  387.119085][T10679] loop5: detected capacity change from 0 to 1024
[  387.130565][T10639] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  387.148156][T10679] EXT4-fs (loop5): can't mount with both data=journal and delalloc
[  387.201556][T10679] 9pnet_fd: Insufficient options for proto=fd
[  387.222189][T10639] BTRFS info (device loop3): balance: start -d -m
[  387.268948][T10639] BTRFS info (device loop3): relocating block group 6881280 flags data|metadata
[  387.294987][T10639] BTRFS info (device loop3): balance: paused
[  387.310721][T10639] BTRFS info (device loop3): balance: resume -dusage=90 -musage=90
[  387.319939][T10639] BTRFS info (device loop3): relocating block group 8519680 flags data|metadata
[  387.343438][T10682] loop6: detected capacity change from 0 to 4096
[  387.343769][T10687] loop5: detected capacity change from 0 to 1024
[  387.359516][T10687] EXT4-fs (loop5): can't mount with both data=journal and delalloc
[  387.392361][T10687] 9pnet_fd: Insufficient options for proto=fd
[  387.412913][    T8] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  387.414857][T10689] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  387.473028][   T29] audit: type=1804 audit(1736557848.344:40): pid=10682 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.1186" name="/newroot/142/file0/bus" dev="loop6" ino=18 res=1 errno=0
[  387.487458][T10482] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  387.494552][    C0] vkms_vblank_simulate: vblank timer overrun
[  387.521076][T10639] BTRFS info (device loop3): balance: canceled
[  387.566507][T10482] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  387.593714][    T8] usb 9-1: Using ep0 maxpacket: 16
[  387.603907][T10482] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  387.613047][    T8] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  387.628407][T10482] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  387.640260][    T8] usb 9-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55
[  387.668159][    T8] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.676927][    T8] usb 9-1: Product: syz
[  387.681109][    T8] usb 9-1: Manufacturer: syz
[  387.686141][    T8] usb 9-1: SerialNumber: syz
[  387.694563][    T8] usb 9-1: config 0 descriptor??
[  387.728963][    T8] usb 9-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  387.740455][ T5839] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  387.814968][T10482] 8021q: adding VLAN 0 to HW filter on device bond0
[  387.841503][T10482] 8021q: adding VLAN 0 to HW filter on device team0
[  387.880115][ T1078] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.887277][ T1078] bridge0: port 1(bridge_slave_0) entered forwarding state
[  387.950494][    T8] usb 9-1: USB disconnect, device number 3
[  387.957508][T10698] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1189'.
[  387.997564][T10698] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1189'.
[  388.007412][   T53] usb 9-1: Failed to submit usb control message: -71
[  388.018613][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  388.025721][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  388.035794][   T53] usb 9-1: unable to send the bmi data to the device: -71
[  388.065352][   T53] usb 9-1: unable to get target info from device
[  388.085549][   T53] usb 9-1: could not get target info (-71)
[  388.113769][   T53] usb 9-1: could not probe fw (-71)
[  388.133660][T10701] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96
[  388.548996][ T5920] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  388.764446][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  388.774281][ T5920] usb 4-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00
[  388.783404][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.806923][ T5920] usb 4-1: config 0 descriptor??
[  388.930474][T10718] netlink: 32 bytes leftover after parsing attributes in process `syz.8.1193'.
[  389.044914][T10720] syzkaller0: entered allmulticast mode
[  389.231260][ T5920] wacom 0003:056A:0094.000C: unknown main item tag 0x0
[  389.238751][ T5920] wacom 0003:056A:0094.000C: unknown main item tag 0x0
[  389.247166][ T5920] wacom 0003:056A:0094.000C: unknown main item tag 0x0
[  389.254542][ T5920] wacom 0003:056A:0094.000C: unknown main item tag 0x0
[  389.262294][T10720] syzkaller0 (unregistering): left allmulticast mode
[  389.270221][ T5920] wacom 0003:056A:0094.000C: unknown main item tag 0x0
[  389.277516][ T5920] wacom 0003:056A:0094.000C: unknown main item tag 0x0
[  389.286658][ T5920] wacom 0003:056A:0094.000C: unknown main item tag 0x0
[  389.299479][ T5920] wacom 0003:056A:0094.000C: Using device in hidraw-only mode
[  389.305594][T10726] loop6: detected capacity change from 0 to 1024
[  389.320134][ T5920] wacom 0003:056A:0094.000C: hidraw0: USB HID v0.04 Device [HID 056a:0094] on usb-dummy_hcd.3-1/input0
[  389.369702][T10482] 8021q: adding VLAN 0 to HW filter on device batadv0
[  389.379566][T10726] EXT4-fs (loop6): can't mount with both data=journal and delalloc
[  389.463351][ T5920] usb 4-1: USB disconnect, device number 7
[  389.546807][T10726] 9pnet_fd: Insufficient options for proto=fd
[  389.671327][T10734] loop8: detected capacity change from 0 to 1024
[  389.744553][T10739] syz.5.1200[10739] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  389.745046][T10739] syz.5.1200[10739] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  389.757245][T10739] syz.5.1200[10739] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  389.956547][T10734] EXT4-fs (loop8): can't mount with both data=journal and delalloc
[  390.211804][T10734] 9pnet_fd: Insufficient options for proto=fd
[  390.371315][T10744] loop3: detected capacity change from 0 to 512
[  390.410925][T10744] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  390.485542][T10742] loop6: detected capacity change from 0 to 32768
[  390.507376][T10742] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1203 (10742)
[  390.558608][T10482] veth0_vlan: entered promiscuous mode
[  390.568265][T10482] veth1_vlan: entered promiscuous mode
[  390.586394][T10482] veth0_macvtap: entered promiscuous mode
[  390.594580][T10482] veth1_macvtap: entered promiscuous mode
[  390.607614][T10482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.618102][T10482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.627963][T10482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.638419][T10482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.648425][T10482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.659088][T10482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.669179][T10482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.679835][T10482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.690167][T10482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.701092][T10482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.713942][T10482] batman_adv: batadv0: Interface activated: batadv_slave_0
[  390.723570][T10482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.734067][T10482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.744371][T10482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.755082][T10482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.765239][T10482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.775891][T10482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.785895][T10482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.796583][T10482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.806635][T10482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.817513][T10482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.830297][T10482] batman_adv: batadv0: Interface activated: batadv_slave_1
[  390.846378][T10742] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  390.858742][T10744] EXT4-fs (loop3): 1 truncate cleaned up
[  390.868288][T10482] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  390.874380][T10742] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm
[  390.877965][T10744] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  390.898557][T10482] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  390.907302][T10482] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  390.916276][T10482] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  390.933667][T10742] BTRFS info (device loop6): disk space caching is enabled
[  390.940987][T10742] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  390.952473][T10757] loop5: detected capacity change from 0 to 1024
[  390.959893][T10736] loop7: detected capacity change from 0 to 32768
[  391.045713][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  391.057941][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  391.075174][T10768] EXT4-fs (loop3): shut down requested (2)
[  391.117846][T10757] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  391.131190][ T1078] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  391.142336][ T1078] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  391.173061][   T29] audit: type=1800 audit(1736557852.054:41): pid=10757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1208" name="bus" dev="loop5" ino=18 res=0 errno=0
[  391.184370][T10757] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  391.219977][T10757] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  391.239056][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  391.245520][T10757] EXT4-fs (loop5): This should not happen!! Data will be lost
[  391.245520][T10757] 
[  391.277775][T10736] bcachefs (loop7): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,degraded,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow
[  391.280678][T10757] EXT4-fs (loop5): Total free blocks count 0
[  391.306240][T10736] bcachefs (loop7): recovering from clean shutdown, journal seq 10
[  391.306450][T10736] bcachefs (loop7): Version upgrade required:
[  391.306450][T10736] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  391.306450][T10736] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[  391.306450][T10736]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  391.316873][T10757] EXT4-fs (loop5): Free/Dirty block details
[  391.385494][    C0] vkms_vblank_simulate: vblank timer overrun
[  391.387190][    T8] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  391.407570][T10742] BTRFS info (device loop6): rebuilding free space tree
[  391.416057][T10757] EXT4-fs (loop5): free_blocks=68451041280
[  391.438820][T10757] EXT4-fs (loop5): dirty_blocks=64
[  391.444917][T10757] EXT4-fs (loop5): Block reservation details
[  391.447777][T10742] BTRFS info (device loop6): disabling free space tree
[  391.451286][T10757] EXT4-fs (loop5): i_reserved_data_blocks=4
[  391.466402][T10742] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  391.480686][T10742] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  391.484211][T10736] bcachefs (loop7): dropping and reconstructing all alloc info
[  391.493849][T10757] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[  391.522957][   T47] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  391.568563][T10736] bcachefs (loop7): check_topology... done
[  391.574952][T10736] bcachefs (loop7): accounting_read... done
[  391.581747][T10736] bcachefs (loop7): alloc_read... done
[  391.595811][T10736] bcachefs (loop7): stripes_read... done
[  391.611879][T10736] bcachefs (loop7): snapshots_read... done
[  391.624149][    T8] usb 9-1: Using ep0 maxpacket: 32
[  391.634084][T10736] bcachefs (loop7): check_allocations...
[  391.643504][   T29] audit: type=1800 audit(1736557852.484:42): pid=10742 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1203" name="file1" dev="loop6" ino=263 res=0 errno=0
[  391.680113][    T8] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  391.691209][T10736]  done
[  391.692334][T10736] bcachefs (loop7): going read-write
[  391.704430][   T47] usb 10-1: Using ep0 maxpacket: 32
[  391.718706][ T6865] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  391.736422][    T8] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  391.743519][   T47] usb 10-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  391.755875][   T47] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.764118][   T47] usb 10-1: Product: syz
[  391.769011][   T47] usb 10-1: Manufacturer: syz
[  391.773761][   T47] usb 10-1: SerialNumber: syz
[  391.783703][   T47] usb 10-1: config 0 descriptor??
[  391.791688][   T47] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  391.796016][    T8] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  391.807341][    T8] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.820775][T10736] bcachefs (loop7): done starting filesystem
[  391.983072][T10736] syz.7.1202 (10736) used greatest stack depth: 17680 bytes left
[  391.985132][    T8] usb 9-1: config 0 descriptor??
[  392.087147][ T7020] bcachefs (loop7): shutting down
[  392.105273][ T7020] bcachefs (loop7): going read-only
[  392.128900][ T7020] bcachefs (loop7): finished waiting for writes to stop
[  392.137731][T10790] loop3: detected capacity change from 0 to 32768
[  392.145115][T10790] XFS: attr2 mount option is deprecated.
[  392.167443][ T7020] bcachefs (loop7): flushing journal and stopping allocators, journal seq 12
[  392.169357][T10790] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  392.231654][ T7020] bcachefs (loop7): flushing journal and stopping allocators complete, journal seq 15
[  392.251155][ T7020] bcachefs (loop7): unshutdown complete, journal seq 16
[  392.259648][ T7020] bcachefs (loop7): done going read-only, filesystem not clean
[  392.290227][ T7020] bcachefs (loop7): shutdown complete
[  392.311418][T10790] XFS (loop3): Ending clean mount
[  392.319211][T10790] XFS (loop3): Quotacheck needed: Please wait.
[  392.340329][T10790] XFS (loop3): Quotacheck: Done.
[  392.383991][   T29] audit: type=1800 audit(1736557853.264:43): pid=10790 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1210" name="bus" dev="loop3" ino=9290 res=0 errno=0
[  392.414987][    T8] savu 0003:1E7D:2D5A.000D: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.8-1/input0
[  392.453180][T10790] loop3: detected capacity change from 32768 to 64
[  392.470265][T10790] syz.3.1210: attempt to access beyond end of device
[  392.470265][T10790] loop3: rw=2048, sector=18692, nr_sectors = 4 limit=64
[  392.488656][T10812] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1212'.
[  392.755713][    T8] usb 9-1: USB disconnect, device number 4
[  392.797115][ T5839] syz-executor: attempt to access beyond end of device
[  392.797115][ T5839] loop3: rw=432129, sector=896, nr_sectors = 128 limit=64
[  392.823176][   T44] XFS (loop3): log I/O error -5
[  392.828227][   T44] XFS (loop3): Filesystem has been shut down due to log error (0x2).
[  392.828251][   T44] XFS (loop3): Please unmount the filesystem and rectify the problem(s).
[  392.828585][ T5839] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  393.014671][   T47] gspca_stk1135: reg_w 0xd err -71
[  393.020939][   T47] gspca_stk1135: serial bus timeout: status=0x00
[  393.031184][   T47] gspca_stk1135: Sensor write failed
[  393.041994][   T47] gspca_stk1135: serial bus timeout: status=0x00
[  393.057863][   T47] gspca_stk1135: Sensor write failed
[  393.066534][   T47] gspca_stk1135: serial bus timeout: status=0x00
[  393.072986][   T47] gspca_stk1135: Sensor read failed
[  393.078396][   T47] gspca_stk1135: serial bus timeout: status=0x00
[  393.085087][   T47] gspca_stk1135: Sensor read failed
[  393.090595][   T47] gspca_stk1135: Detected sensor type unknown (0x0)
[  393.097601][   T47] gspca_stk1135: serial bus timeout: status=0x00
[  393.106316][   T47] gspca_stk1135: Sensor read failed
[  393.111575][   T47] gspca_stk1135: serial bus timeout: status=0x00
[  393.118841][   T47] gspca_stk1135: Sensor read failed
[  393.128082][   T47] gspca_stk1135: serial bus timeout: status=0x00
[  393.134555][   T47] gspca_stk1135: Sensor write failed
[  393.139872][   T47] gspca_stk1135: serial bus timeout: status=0x00
[  393.146422][   T47] gspca_stk1135: Sensor write failed
[  393.151752][   T47] stk1135 10-1:0.0: probe with driver stk1135 failed with error -71
[  393.162992][   T47] usb 10-1: USB disconnect, device number 2
[  393.295424][T10818] loop3: detected capacity change from 0 to 1024
[  393.305906][T10818] EXT4-fs (loop3): can't mount with both data=journal and delalloc
[  393.346015][T10818] 9pnet_fd: Insufficient options for proto=fd
[  393.818119][T10821] loop6: detected capacity change from 0 to 40427
[  393.829569][T10833] warning: `syz.9.1222' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  393.872981][T10821] F2FS-fs (loop6): build fault injection attr: rate: 0, type: 0x16481
[  393.989738][T10838] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1223'.
[  394.063705][T10821] F2FS-fs (loop6): invalid crc value
[  394.072657][T10821] F2FS-fs (loop6): Found nat_bits in checkpoint
[  394.202238][T10821] F2FS-fs (loop6): Start checkpoint disabled!
[  394.452399][T10821] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  394.463133][T10853] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1228'.
[  394.517011][T10821] F2FS-fs (loop6): Stopped filesystem due to reason: 0
[  394.588971][T10853] batadv1: entered allmulticast mode
[  394.903813][T10849] loop5: detected capacity change from 0 to 40427
[  394.960162][T10849] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x1fffff
[  395.129357][T10849] F2FS-fs (loop5): invalid crc value
[  395.276429][T10849] F2FS-fs (loop5): Found nat_bits in checkpoint
[  395.289528][T10861] loop9: detected capacity change from 0 to 512
[  395.500019][T10865] loop7: detected capacity change from 0 to 1024
[  395.507886][T10865] EXT4-fs (loop7): can't mount with both data=journal and delalloc
[  395.556493][T10849] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  395.589416][T10861] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  395.613242][T10861] ext4 filesystem being mounted at /4/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  395.685006][T10861] EXT4-fs error (device loop9): ext4_do_update_inode:5153: inode #2: comm syz.9.1229: corrupted inode contents
[  395.701781][T10861] EXT4-fs error (device loop9): ext4_dirty_inode:6041: inode #2: comm syz.9.1229: mark_inode_dirty error
[  395.702532][T10849] F2FS-fs (loop5): inject checkpoint error in f2fs_balance_fs of f2fs_setxattr+0x1bf/0x390
[  395.728525][T10861] EXT4-fs error (device loop9): ext4_do_update_inode:5153: inode #2: comm syz.9.1229: corrupted inode contents
[  395.750225][T10849] F2FS-fs (loop5): Stopped filesystem due to reason: 1
[  395.778460][T10861] EXT4-fs error (device loop9): __ext4_ext_dirty:207: inode #2: comm syz.9.1229: mark_inode_dirty error
[  395.795908][T10849] overlayfs: conflicting lowerdir path
[  395.865898][T10879] netlink: 32 bytes leftover after parsing attributes in process `syz.8.1230'.
[  395.982183][T10482] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  396.619973][T10894] loop9: detected capacity change from 0 to 512
[  396.651296][T10894] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  396.701733][T10881] loop3: detected capacity change from 0 to 32768
[  396.711864][T10894] EXT4-fs (loop9): 1 truncate cleaned up
[  396.728898][T10881] jfs_lookup: dtSearch returned -5
[  396.791391][T10894] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  396.854211][   T29] audit: type=1800 audit(1736557857.734:44): pid=10894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.1239" name="file1" dev="loop9" ino=15 res=0 errno=0
[  396.933381][ T5879] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  396.947970][   T29] audit: type=1800 audit(1736557857.764:45): pid=10894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.1239" name="file1" dev="loop9" ino=15 res=0 errno=0
[  397.093176][ T5879] usb 9-1: Using ep0 maxpacket: 32
[  397.100075][ T5879] usb 9-1: config index 0 descriptor too short (expected 35577, got 27)
[  397.112275][ T5879] usb 9-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  397.134520][ T5879] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 92
[  397.143866][ T5879] usb 9-1: config 1 has no interface number 0
[  397.150055][ T5879] usb 9-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  397.161166][ T5879] usb 9-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  397.174547][ T5879] usb 9-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  397.184175][ T5879] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.196458][T10482] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  397.202188][ T5879] snd_usb_pod 9-1:1.1: Line 6 Pocket POD found
[  397.531648][ T5879] snd_usb_pod 9-1:1.1: Line 6 Pocket POD now attached
[  398.518306][   T47] usb 9-1: USB disconnect, device number 5
[  398.525081][   T47] snd_usb_pod 9-1:1.1: Line 6 Pocket POD now disconnected
[  399.136680][T10920] Bluetooth: MGMT ver 1.23
[  399.906726][T10929] netlink: 56 bytes leftover after parsing attributes in process `syz.6.1249'.
[  399.987784][T10933] syz.9.1247[10933] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  399.987875][T10933] syz.9.1247[10933] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  399.999770][T10933] syz.9.1247[10933] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  400.236474][T10930] loop3: detected capacity change from 0 to 2048
[  400.341342][T10938] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1250'.
[  400.512262][T10948] syz.7.1251[10948] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  400.512707][T10948] syz.7.1251[10948] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  400.524905][T10948] syz.7.1251[10948] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  400.917532][T10930] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  400.957370][T10930] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  400.965548][T10930] UDF-fs: Scanning with blocksize 512 failed
[  400.975235][T10930] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  400.996525][T10944] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1252'.
[  401.018089][T10953] loop8: detected capacity change from 0 to 1024
[  401.032109][T10951] loop5: detected capacity change from 0 to 1024
[  401.050181][T10953] EXT4-fs (loop8): can't mount with both data=journal and delalloc
[  401.081543][T10951] EXT4-fs (loop5): can't mount with both data=journal and delalloc
[  401.120328][T10953] 9pnet_fd: Insufficient options for proto=fd
[  401.429756][T10964] loop9: detected capacity change from 0 to 512
[  401.478787][T10963] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1260'.
[  401.524345][T10964] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  401.565831][T10964] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  401.751449][T10955] loop6: detected capacity change from 0 to 32768
[  401.777020][T10955] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1257 (10955)
[  401.820552][T10955] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  401.860282][T10955] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm
[  401.869693][T10955] BTRFS info (device loop6): disk space caching is enabled
[  401.880051][T10955] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  401.916233][T10482] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  402.011566][T10983] loop3: detected capacity change from 0 to 1024
[  402.035566][T10983] EXT4-fs (loop3): can't mount with both data=journal and delalloc
[  402.052650][T10983] 9pnet_fd: Insufficient options for proto=fd
[  402.115933][T10955] BTRFS info (device loop6): rebuilding free space tree
[  402.153275][T10955] BTRFS info (device loop6): disabling free space tree
[  402.160272][T10955] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  402.172647][T10955] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  402.364600][T11004] netlink: 32 bytes leftover after parsing attributes in process `syz.9.1266'.
[  402.645103][T11006] loop7: detected capacity change from 0 to 256
[  402.718292][T11006] exfat: Unknown parameter '©ã�ÉG–t'
[  402.868095][T10997] syz.3.1267[10997] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  402.868166][T10997] syz.3.1267[10997] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  402.909780][T10997] syz.3.1267[10997] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  403.083517][ T6865] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  403.405278][T11035] loop3: detected capacity change from 0 to 1024
[  403.433832][T11035] EXT4-fs (loop3): can't mount with both data=journal and delalloc
[  403.537170][T11035] 9pnet_fd: Insufficient options for proto=fd
[  404.207458][T11045] loop9: detected capacity change from 0 to 7
[  404.710783][T11055] tmpfs: Unknown parameter 'mp'
[  405.526089][T11057] syz.6.1272[11057] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  405.526334][T11057] syz.6.1272[11057] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  405.538076][T11057] syz.6.1272[11057] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  405.716090][T11045]  loop9: [POWERTEC]
[  405.801516][T11051]  loop9: [POWERTEC]
[  406.005699][T11070] syz.3.1288[11070] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  406.005793][T11070] syz.3.1288[11070] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  406.017367][T11070] syz.3.1288[11070] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  406.049402][ T5200]  loop9: [POWERTEC]
[  406.060650][ T5879] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  406.239483][ T5879] usb 6-1: config 1 has an invalid interface number: 166 but max is 0
[  406.248652][ T5879] usb 6-1: config 1 has no interface number 0
[  406.665627][ T5879] usb 6-1: New USB device found, idVendor=0547, idProduct=2727, bcdDevice=b6.97
[  406.674788][ T5879] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.917213][T11088] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1289'.
[  406.933702][T11087] ALSA: seq fatal error: cannot create timer (-22)
[  407.002215][ T5879] cdc_subset 6-1:1.166: probe with driver cdc_subset failed with error -71
[  407.088515][ T5879] usb 6-1: USB disconnect, device number 7
[  407.096673][T11095] netlink: 'syz.3.1297': attribute type 10 has an invalid length.
[  407.266738][T11091] loop8: detected capacity change from 0 to 32768
[  407.495405][T11091] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.1295 (11091)
[  408.409067][T11096] ------------[ cut here ]------------
[  408.414598][T11096] WARNING: CPU: 0 PID: 11096 at drivers/gpu/drm/vkms/vkms_crtc.c:98 vkms_get_vblank_timestamp+0x183/0x1b0
[  408.417576][T11104] tmpfs: Unknown parameter 'mp'
[  408.425999][T11096] Modules linked in:
[  408.434751][T11096] CPU: 0 UID: 0 PID: 11096 Comm: syz.7.1298 Not tainted 6.13.0-rc6-syzkaller-00213-ge0daef7de1ac #0
[  408.446072][T11096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  408.456395][T11096] RIP: 0010:vkms_get_vblank_timestamp+0x183/0x1b0
[  408.462976][T11096] Code: 42 80 3c 30 00 74 08 48 89 ef e8 d8 3b 09 fc 48 89 5d 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d e9 1e 94 f3 05 e8 1e d7 a2 fb 90 <0f> 0b 90 eb e4 89 d9 80 e1 07 38 c1 0f 8c cd fe ff ff 48 89 df e8
[  408.482884][T11096] RSP: 0018:ffffc900057476a8 EFLAGS: 00010293
[  408.489238][T11096] RAX: ffffffff85fcacf2 RBX: 0000005f15a59362 RCX: ffff88802d370000
[  408.497532][T11096] RDX: 0000000000000000 RSI: 0000005f15a59362 RDI: 0000005f15a59362
[  408.497655][T11095] bond0: (slave netdevsim0): no link monitoring support
[  408.505539][T11096] RBP: ffffc90005747840 R08: ffffffff85fcac5f R09: 1ffff1100531ce22
[  408.505564][T11096] R10: dffffc0000000000 R11: ffffffff85fcab70 R12: 0000005f15a59362
[  408.505586][T11096] R13: ffff888142362950 R14: 1ffff92000ae8f08 R15: ffff888024ba0000
[  408.505611][T11096] FS:  0000555581b6d500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  408.505636][T11096] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  408.505656][T11096] CR2: 0000000000000000 CR3: 0000000066cfa000 CR4: 0000000000350ef0
[  408.505678][T11096] Call Trace:
[  408.505687][T11096]  <TASK>
[  408.505699][T11096]  ? __warn+0x165/0x4d0
[  408.505735][T11096]  ? vkms_get_vblank_timestamp+0x183/0x1b0
[  408.573563][T11095] bond0: (slave netdevsim0): MII and ETHTOOL support not available for slave, and arp_interval/arp_ip_target module parameters not specified, thus bonding will not detect link failures! see bonding.txt for details
[  408.576731][T11096]  ? report_bug+0x2b3/0x500
[  408.602154][T11096]  ? vkms_get_vblank_timestamp+0x183/0x1b0
[  408.608232][T11096]  ? handle_bug+0x60/0x90
[  408.612693][T11096]  ? exc_invalid_op+0x1a/0x50
[  408.617415][T11096]  ? asm_exc_invalid_op+0x1a/0x20
[  408.622473][T11096]  ? __pfx_vkms_get_vblank_timestamp+0x10/0x10
[  408.628712][T11096]  ? vkms_get_vblank_timestamp+0xef/0x1b0
[  408.634489][T11096]  ? vkms_get_vblank_timestamp+0x182/0x1b0
[  408.640315][T11096]  ? vkms_get_vblank_timestamp+0x183/0x1b0
[  408.646199][T11096]  ? vkms_get_vblank_timestamp+0x182/0x1b0
[  408.651812][T11091] BTRFS info (device loop8): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9
[  408.652012][T11096]  ? __pfx_vkms_get_vblank_timestamp+0x10/0x10
[  408.668310][T11096]  drm_crtc_next_vblank_start+0x22b/0x490
[  408.674086][T11096]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  408.680324][T11096]  ? __pfx_drm_crtc_next_vblank_start+0x10/0x10
[  408.686998][T11096]  ? drm_gem_plane_helper_prepare_fb+0x44e/0x5f0
[  408.693498][T11096]  ? drm_gem_shmem_vmap+0x252/0x630
[  408.698733][T11096]  drm_atomic_helper_wait_for_fences+0x277/0x8e0
[  408.704771][T11091] BTRFS info (device loop8): using crc32c (crc32c-intel) checksum algorithm
[  408.705126][T11096]  ? __asan_memcpy+0x40/0x70
[  408.718381][T11096]  ? __pfx_drm_atomic_helper_wait_for_fences+0x10/0x10
[  408.725340][T11096]  ? drm_atomic_helper_prepare_planes+0x65f/0xb50
[  408.726950][T11095] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  408.731775][T11096]  drm_atomic_helper_commit+0x53a/0x9f0
[  408.746254][T11096]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  408.752358][T11096]  drm_atomic_commit+0x296/0x2f0
[  408.757363][T11096]  ? srso_alias_return_thunk+0x5/0xfbef5
[  408.757720][T11091] BTRFS info (device loop8): using free-space-tree
[  408.763050][T11096]  ? __pfx_drm_atomic_commit+0x10/0x10
[  408.763093][T11096]  ? __pfx___drm_printfn_info+0x10/0x10
[  408.780628][T11096]  ? drm_client_rotation+0x249/0x550
[  408.786208][T11096]  drm_client_modeset_commit_atomic+0x670/0x7d0
[  408.792711][T11096]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[  408.799543][T11096]  ? __mutex_lock+0x37f/0xee0
[  408.804325][T11096]  ? __pfx___mutex_lock+0x10/0x10
[  408.809403][T11096]  ? drm_client_dev_restore+0xae/0x270
[  408.814932][T11096]  drm_client_modeset_commit_locked+0xe0/0x520
[  408.821116][T11096]  drm_client_modeset_commit+0x4a/0x70
[  408.826657][T11096]  drm_fb_helper_lastclose+0xbb/0x180
[  408.832071][T11096]  drm_fbdev_client_restore+0x34/0x40
[  408.837528][T11096]  drm_client_dev_restore+0x134/0x270
[  408.842990][T11096]  drm_release+0x335/0x410
[  408.847432][T11096]  ? __pfx_drm_release+0x10/0x10
[  408.852390][T11096]  __fput+0x23e/0xa50
[  408.856444][T11096]  task_work_run+0x251/0x310
[  408.861086][T11096]  ? srso_alias_return_thunk+0x5/0xfbef5
[  408.866791][T11096]  ? _raw_spin_unlock+0x28/0x50
[  408.871703][T11096]  ? __pfx_task_work_run+0x10/0x10
[  408.876890][T11096]  ? srso_alias_return_thunk+0x5/0xfbef5
[  408.882551][T11096]  ? rcu_is_watching+0x15/0xb0
[  408.887601][T11096]  syscall_exit_to_user_mode+0x13f/0x340
[  408.893583][T11096]  do_syscall_64+0x100/0x230
[  408.898204][T11096]  ? srso_alias_return_thunk+0x5/0xfbef5
[  408.903951][T11096]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.909918][T11096] RIP: 0033:0x7fb2ca185d29
[  408.914390][T11096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.934077][T11096] RSP: 002b:00007ffc901678e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  408.942526][T11096] RAX: 0000000000000000 RBX: 00007fb2ca377ba0 RCX: 00007fb2ca185d29
[  408.950576][T11096] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  408.958597][T11096] RBP: 00007fb2ca377ba0 R08: 0000000000000d10 R09: 00007ffc90167bdf
[  408.966608][T11096] R10: 00007fb2ca377ac0 R11: 0000000000000246 R12: 0000000000063a1f
[  408.974641][T11096] R13: 00007fb2ca376160 R14: 0000000000000032 R15: ffffffffffffffff
[  408.982623][T11096]  </TASK>
[  408.985678][T11096] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  408.992966][T11096] CPU: 0 UID: 0 PID: 11096 Comm: syz.7.1298 Not tainted 6.13.0-rc6-syzkaller-00213-ge0daef7de1ac #0
[  409.003748][T11096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  409.013987][T11096] Call Trace:
[  409.017263][T11096]  <TASK>
[  409.020230][T11096]  dump_stack_lvl+0x241/0x360
[  409.024927][T11096]  ? __pfx_dump_stack_lvl+0x10/0x10
[  409.030141][T11096]  ? __pfx__printk+0x10/0x10
[  409.034736][T11096]  ? _printk+0xd5/0x120
[  409.038899][T11096]  ? __init_begin+0x41000/0x41000
[  409.043937][T11096]  ? srso_alias_return_thunk+0x5/0xfbef5
[  409.049573][T11096]  ? vscnprintf+0x5d/0x90
[  409.053910][T11096]  panic+0x349/0x880
[  409.057813][T11096]  ? __warn+0x174/0x4d0
[  409.061972][T11096]  ? __pfx_panic+0x10/0x10
[  409.066404][T11096]  __warn+0x344/0x4d0
[  409.070389][T11096]  ? vkms_get_vblank_timestamp+0x183/0x1b0
[  409.076286][T11096]  report_bug+0x2b3/0x500
[  409.080622][T11096]  ? vkms_get_vblank_timestamp+0x183/0x1b0
[  409.086439][T11096]  handle_bug+0x60/0x90
[  409.090596][T11096]  exc_invalid_op+0x1a/0x50
[  409.095101][T11096]  asm_exc_invalid_op+0x1a/0x20
[  409.099959][T11096] RIP: 0010:vkms_get_vblank_timestamp+0x183/0x1b0
[  409.106376][T11096] Code: 42 80 3c 30 00 74 08 48 89 ef e8 d8 3b 09 fc 48 89 5d 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d e9 1e 94 f3 05 e8 1e d7 a2 fb 90 <0f> 0b 90 eb e4 89 d9 80 e1 07 38 c1 0f 8c cd fe ff ff 48 89 df e8
[  409.125980][T11096] RSP: 0018:ffffc900057476a8 EFLAGS: 00010293
[  409.132055][T11096] RAX: ffffffff85fcacf2 RBX: 0000005f15a59362 RCX: ffff88802d370000
[  409.140026][T11096] RDX: 0000000000000000 RSI: 0000005f15a59362 RDI: 0000005f15a59362
[  409.147993][T11096] RBP: ffffc90005747840 R08: ffffffff85fcac5f R09: 1ffff1100531ce22
[  409.155961][T11096] R10: dffffc0000000000 R11: ffffffff85fcab70 R12: 0000005f15a59362
[  409.163931][T11096] R13: ffff888142362950 R14: 1ffff92000ae8f08 R15: ffff888024ba0000
[  409.171903][T11096]  ? __pfx_vkms_get_vblank_timestamp+0x10/0x10
[  409.178062][T11096]  ? vkms_get_vblank_timestamp+0xef/0x1b0
[  409.183781][T11096]  ? vkms_get_vblank_timestamp+0x182/0x1b0
[  409.189592][T11096]  ? vkms_get_vblank_timestamp+0x182/0x1b0
[  409.195400][T11096]  ? __pfx_vkms_get_vblank_timestamp+0x10/0x10
[  409.201556][T11096]  drm_crtc_next_vblank_start+0x22b/0x490
[  409.207283][T11096]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  409.213273][T11096]  ? __pfx_drm_crtc_next_vblank_start+0x10/0x10
[  409.219533][T11096]  ? drm_gem_plane_helper_prepare_fb+0x44e/0x5f0
[  409.225897][T11096]  ? drm_gem_shmem_vmap+0x252/0x630
[  409.231117][T11096]  drm_atomic_helper_wait_for_fences+0x277/0x8e0
[  409.237462][T11096]  ? __asan_memcpy+0x40/0x70
[  409.242069][T11096]  ? __pfx_drm_atomic_helper_wait_for_fences+0x10/0x10
[  409.248934][T11096]  ? drm_atomic_helper_prepare_planes+0x65f/0xb50
[  409.255370][T11096]  drm_atomic_helper_commit+0x53a/0x9f0
[  409.260930][T11096]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  409.267012][T11096]  drm_atomic_commit+0x296/0x2f0
[  409.271962][T11096]  ? srso_alias_return_thunk+0x5/0xfbef5
[  409.277599][T11096]  ? __pfx_drm_atomic_commit+0x10/0x10
[  409.283078][T11096]  ? __pfx___drm_printfn_info+0x10/0x10
[  409.288743][T11096]  ? drm_client_rotation+0x249/0x550
[  409.294041][T11096]  drm_client_modeset_commit_atomic+0x670/0x7d0
[  409.300293][T11096]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[  409.307061][T11096]  ? __mutex_lock+0x37f/0xee0
[  409.311760][T11096]  ? __pfx___mutex_lock+0x10/0x10
[  409.316791][T11096]  ? drm_client_dev_restore+0xae/0x270
[  409.322253][T11096]  drm_client_modeset_commit_locked+0xe0/0x520
[  409.328411][T11096]  drm_client_modeset_commit+0x4a/0x70
[  409.333872][T11096]  drm_fb_helper_lastclose+0xbb/0x180
[  409.339341][T11096]  drm_fbdev_client_restore+0x34/0x40
[  409.344724][T11096]  drm_client_dev_restore+0x134/0x270
[  409.350099][T11096]  drm_release+0x335/0x410
[  409.354516][T11096]  ? __pfx_drm_release+0x10/0x10
[  409.359453][T11096]  __fput+0x23e/0xa50
[  409.363453][T11096]  task_work_run+0x251/0x310
[  409.368052][T11096]  ? srso_alias_return_thunk+0x5/0xfbef5
[  409.373686][T11096]  ? _raw_spin_unlock+0x28/0x50
[  409.378563][T11096]  ? __pfx_task_work_run+0x10/0x10
[  409.383683][T11096]  ? srso_alias_return_thunk+0x5/0xfbef5
[  409.389400][T11096]  ? rcu_is_watching+0x15/0xb0
[  409.394172][T11096]  syscall_exit_to_user_mode+0x13f/0x340
[  409.399819][T11096]  do_syscall_64+0x100/0x230
[  409.404424][T11096]  ? srso_alias_return_thunk+0x5/0xfbef5
[  409.410057][T11096]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  409.415961][T11096] RIP: 0033:0x7fb2ca185d29
[  409.420373][T11096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  409.439977][T11096] RSP: 002b:00007ffc901678e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  409.448398][T11096] RAX: 0000000000000000 RBX: 00007fb2ca377ba0 RCX: 00007fb2ca185d29
[  409.456367][T11096] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  409.464338][T11096] RBP: 00007fb2ca377ba0 R08: 0000000000000d10 R09: 00007ffc90167bdf
[  409.472307][T11096] R10: 00007fb2ca377ac0 R11: 0000000000000246 R12: 0000000000063a1f
[  409.480272][T11096] R13: 00007fb2ca376160 R14: 0000000000000032 R15: ffffffffffffffff
[  409.488250][T11096]  </TASK>
[  409.491498][T11096] Kernel Offset: disabled
[  409.495811][T11096] Rebooting in 86400 seconds..