last executing test programs:

26m10.636864267s ago: executing program 2 (id=719):
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000400)={0x1, &(0x7f0000000000)=[{0x2, 0x4, 0xff, 0x7fff0000}]})
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
preadv(r3, &(0x7f0000000100)=[{&(0x7f0000000140)=""/197, 0xc5}], 0x1, 0x36, 0x0)
ioctl$TIOCSSOFTCAR(r3, 0x541a, &(0x7f0000000340)=0x2)
fspick(0xffffffffffffffff, 0x0, 0x1)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@mangle={'mangle\x00', 0x2, 0x6, 0x510, 0x0, 0x270, 0x0, 0xd0, 0x360, 0x440, 0x440, 0x440, 0x440, 0x440, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, [0xff, 0xff000000], [0x0, 0xff000000], 'syzkaller0\x00', 'pimreg0\x00', {0xff}, {}, 0x0, 0x2}, 0x0, 0xa8, 0xd0}, @HL={0x28, 'HL\x00', 0x0, {0x3, 0xa}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x3ff}}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0x0, 0xff], [], 'bond_slave_1\x00', 'pim6reg1\x00', {0xff}}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4, 0x0, 0x2b}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [0xffffff00, 0xffffffff, 0xff000000], [0xffffffff, 0xffffffff, 0x0, 0xffffffff], 'geneve1\x00', 'team_slave_1\x00', {0xff}, {}, 0x32, 0x9, 0x1, 0x40}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x1, 0x24, 0x1}, {0x4, 0x4}, {0x2, 0x5, 0x5}, 0x4, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x570)

26m9.541466264s ago: executing program 2 (id=725):
r0 = io_uring_setup(0x355b, &(0x7f0000000140)={0x0, 0xe24b, 0x10, 0x5, 0x4000020})
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
recvfrom$l2tp(0xffffffffffffffff, 0x0, 0x0, 0x12142, 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x80000000005, 0x100000001000087}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, 0x0, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(0xffffffffffffffff, 0x3ba0, &(0x7f0000000740)={0x48, 0x1, r3, 0x0, 0x3a0b, 0x80000001})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r3, 0x0, 0x0, 0x0, <r4=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(0xffffffffffffffff, 0x3b89, &(0x7f00000001c0)={0x28, 0x0, r4, r3, 0x0, 0x0, 0x0, 0x0, 0x0})
io_setup(0x1, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x9, 0x4)
close_range(r0, 0xffffffffffffffff, 0x0)

26m6.52481986s ago: executing program 2 (id=729):
setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x68)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r2}, 0x10)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0xc0185879, &(0x7f00000004c0)={0x0, 0xffffffffffffffff, 0x400000, 0x2, 0x0, 0x0, 0x2401})
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000040)={r2}, 0xc)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000600)=0x1, 0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20040005)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@gcm_256={{0x303}, "0f78fbc54b6c106c", "75fd7583f127c5c356354c80ea765edaa15f377fb214e20fda1b0241bed67dc4", "b1726789", "fb442565fb00"}, 0x38)
sendto$inet6(r1, &(0x7f00000001c0), 0xffffffffffffff13, 0x0, 0x0, 0x3000137)
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x3200400, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x3, 0xa83, &(0x7f0000000180)="$eJzs3U2MG1cBAOBn73qTTVLilIQuSWgTftry091ms4SfCJqquRA1FbdKFZco3ZaIbUCkErSqRJITN1pV4QpFnMqhAoTUXlDUE5dKNBKXngoHDkRBVOIAhcRo7fe84xeb8f5kba+/T3r7/OaN572ZHY/HM/PeC8DYqjb/LizMVEK48tarJ/92/1+nl6c80p6j3vw7WUjVQgiVmJ7Mlvf+RCu++cFLZ7vFlTDf/JvS4Ykb7ffuDCFcDIfC1VAP+69ce+Wd+cdPXzp1+fC7rx+/fmfWHgAAxss3rx5f2PfnPx7Y8+Eb954I29rT0/l5PaZ3xfP+E/HEP53/V0NnulIIRVPZfJMxVLP5JrrMVyynls032aP8qWy5tXb+gY75tpWUP1GY1m29YZSl/bgeKtXZjnS1Ojvb+k0emr/rpyqz588tPXNhQBUFNtw/7wshHBJWGxqNxo+aG3AI6iIIaw2N3YM+AgG05PcLb3Mxv7KwPu2lTfZX/o1Hq93fDxtgs/d/5Y9W+b+85IjDxtmqe1Nar/Q52hXT+X2E/Pml1X7+0/Ly+xG1PuvZ6z7CqNxf6FXPiU2ux1r1qn++X2xVX4tx2g5fz/KLn5/8fzoq/2Ogu39t1vX/16YHfq1zORzqf97WF/0Q1HmkQm0I6iD0HRqDPgABQ2vlubmWRpTy8+f68vxtJfnbS/KnS/J3lOTvLMmHcfbb538SXq6s/M7Pf9Ov9npYus52V4w/ssr65NcjV1t+/tzvaq23/Px5Yhhmb555cvHLTz91rfX8f6W9/9+K+/uhmK7Hz9bVOEO6XphfV28/+1/vLKfaY767s/rcddv8jVaJezvnq+xdWU4oHGc6lr+8sJnO9+3uVd+DnfPVs/mmY9ie1Tc/P9mRvS+df6Tjatpek9n61rL1mMrqkY4re2Kc1wPWIu2PvZ7/T/vnTKhVnjm3tPhwTKf99A8TtW3L048UF/qrzak7sD79tv+ZCZ3tf3a1p9eqxePC7pXpleJxoZ5Nn28l27fJ0/SjMZ2+5749Md2cPnv2u0tPb/TKw5i78MKL3zmztLT4fS/Si2mbxQsvyo4cW/XJQRgfc88/9725Cy+8+NC55848u/js4vmjx44dnZ8/9pWjC3PN8/q54tk9sJWsfOkPuiYAAAAAAAAAAABAv35w6uS1P739pfda7f9X2v+l9v/pyd/U/v/HWfv/vJ18ahWQ2gHu6ZLfHHfvzc56TGXz1WL4aFbfvVk5+7L3fSzG7XH8Yvv/1N4+79c11eeebHref2+aL+tO4Lb+UqayPkja4wXGBvufjOnLMf5FgAGqTHefHOOy/q3Tvp76p9AvxWhK/7e0N6R+TFL77179OqXj/55NqCMbbzOaEw56HYHu/j70438WzsQHXpf/GxqNwddh/WFN27k2+HoLawqNhlE8gOEw6PE/03XPFJ///Te2L4c0241HO4+Xxf5L/7GhNWMcDfv4k8rfWuN/tse/6+v416V39Y5+nvsfXeHfP7v+XqHYsL/f42++/qkf6L3lZRZ9GMtP6/9A6K/8xmtZ+fkNoT79Jyt/R5/l37b+B9dW/n9j+WmzPfipfstv1bhS7axHft043f/LrxsnN7P1T317rnr91zhQ461YPoyz3uPM9juC7XAalfF/e8mfw/hiTKcDYXrOIf9GLq9/ZzI9X5G+B/Zly6+UfL+NyjjFvYz7+L9fjXHZ5yGN/5v2x3qXdLWQrnXZtqO+r8BW8/7Q3/8bsXBxCOogDGkYjjGwi6HRaAy0I2+9iA/WoLf/oO8+D7r8QW//Mvn4v/k5fD7+bzX7AZGP/5u/Px//N8/Px9fL8/Pxf/PtmY//m+ffky03v4I9U5L/8ZL8/SX5B1byp7vlHyx5/ydK8g+X5N9bkn9fSf7dJfkTJfmfLsn/TEn+/SX5D5bkf7Ykf6trtkcpfKjGbf1hnOXt83z+YXyk+z+9Pv97S/KB0fXTN4489tRvvlVvtf+fav9eS/fxTsR0Lf52/mFM5/e9QyG9nPd2TP8lyx/26x0wTvL+M/Lv9wdK8oHRlZ7z8vmGMVTp3mNPfr+tV79Vvc7zGS2fi/HnY/yFGD8U49kYz8X4SIznN6l+3BmP/fp3x1+urPze353l9/s8fN4eKO8n6mif9cmvD6z2efy8H7/VWm/5a2wOBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDDV5t+FhZlKCFfeevXkk6fPzS1PeaQ9R735d7KQqrXfF8LDMZ6I8c/ji5sfvHS2GN+KcSXMh0qotKeHJ260S9oZQrgYDoWroR72X7n2yjvzj5++dOry4XdfP379zm0BAAAA2Pr+FwAA///8rRvq")

26m4.440671641s ago: executing program 2 (id=735):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000180)={[{@errors_remount}]}, 0x3, 0x43b, &(0x7f0000000300)="$eJzs28tvG0UYAPBv7TxIHyRU5dG0QKAgIh5Jk5bSAxcQSBxAQoJDOYYkrULdBjVBolUEAaFyRJW4I45I/AWc4IKAExJXuKNKFcqlhZPR2ruJ7TrOo04c8O8nbTuzO9bM593Pnt2JA+haI+k/ScSBiPg9Igar1foGI9X/bq8sTf+9sjSdRLn81l9Jpd2tlaXpvGn+uv15pSei8FkSR5v0u3Dl6oWpUmn2clYfX7z4/vjClavPzV2cOj97fvbS5Jkzp05OvHB68vm2xJnGdWv4o/ljR1575/ob02evv/vzt0kef0McbTLS6uCT5XKbu+usgzXlpKeDA2FLitU0jd5K/g9GMdZO3mC8+mlHBwfsqHK5XH5g/cPLZeB/LIlOjwDojPyLPr3/zbddmnrsCTdfqt4ApXHfzrbqkZ4oZG16G+5v22kkIs4u//NVusXOPIcAAKjzfTr/ebbZ/K8Qtc+F7s3WUIYi4r6IOBQRpyPicETcH1Fp+2BEPLTF/hsXSe6c/xRubCuwTUrnfy9ma1v187989hdDxax2sBJ/b3JurjR7IntPRqO3P61PtOjjh1d++2K9Y7Xzv3RL+8/ngtk4bvT0179mZmpx6m5irnXzk4jhnmbxJ6srAUlEHImI4W32Mff0N8fWO7Zx/C20YZ2p/HXEU9XzvxwN8eeS1uuT4/dEafbEeH5V3OmXX6+9uV7/dxV/G6Tnf1/T6381/qGkdr12Yet9XPvj83XvabZ7/fclb9ft+3BqcfHyRERf8np10LX7JxvaTa61T+MfPd48/w/F2jtxNCLSi/jhiHgkIh7Nxv5YRDweEcdbxP/Ty0+81zr+/ujk+Z/Z0vlfK/RF457mheKFH7+r63SoMf6Nzv+pSmk027OZz7/NjGt7VzMAAAD89xQi4kAkhbHVcqEwNlb9G/7Dsa9Qml9YfObc/AeXZqq/ERiK3kL+pGuw5nnoRHZbn9cnG+ons+fGXxYHKvWx6fnSTKeDhy63P8//1cd91fxP/Vns4MCA3eH3WtC95D90L/kP3Uv+Q/dqkv8DnRgHsPuaff9/3IFxALuvIf8t+0EXcf8P3Uv+Q/eS/9CVFgZi4x/JK2yj0Lc3hrFjhSjsiWEo7FCh059MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7fFvAAAA//9ksOTc")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
write$uinput_user_dev(r0, &(0x7f0000000640)={'syz0\x00', {0x3, 0x6, 0x7}, 0x49, [0x3, 0x0, 0x4, 0x1, 0x1, 0x2, 0xf3, 0x0, 0x8, 0xf, 0x7, 0x3, 0xfffffffe, 0x101, 0x400, 0x3, 0x4, 0x3, 0xa, 0x4, 0xfc, 0xfffffffe, 0x400, 0x100, 0x8000, 0xfff, 0x400, 0x0, 0x3, 0x401, 0x9, 0xfffffffe, 0x10, 0x3, 0x4, 0x0, 0x27, 0x7, 0x0, 0x8, 0x1195, 0x8, 0x5, 0x8, 0x3, 0x2, 0x10001, 0x3, 0x2b2, 0x4, 0x1ad0, 0x9, 0x6, 0x4, 0xedbe, 0x4, 0x2, 0x7, 0xa3, 0xfffffff8, 0x6, 0x80, 0x10000022, 0x81], [0x1, 0x8001, 0x563, 0x80000001, 0x0, 0x0, 0x4, 0x854f002, 0x2, 0x8, 0x8001, 0xd2, 0x8b, 0x8ab, 0x3, 0x2a6d2895, 0x5, 0x3, 0x100, 0x201, 0x6, 0x0, 0x5, 0x7, 0x4a63, 0x1, 0x9, 0x8, 0x1000, 0x9, 0x4, 0xf, 0x7, 0x401, 0x7, 0x8, 0x8000, 0xff, 0x4, 0xb0f, 0x8001, 0xdfcf, 0xc1f40800, 0x9, 0x2, 0x2, 0x6, 0x0, 0x9, 0x1000f, 0x0, 0x2, 0xfffff2a1, 0x2000009, 0x3cb, 0x5bda, 0x1, 0x40defe, 0x7, 0x7, 0x4, 0x524, 0x8001, 0x41], [0x6, 0x4, 0x7, 0xe000, 0x7, 0x3, 0x123, 0xc, 0x1, 0x4, 0x6, 0xfffffff8, 0x9, 0x300000, 0x80000001, 0x4, 0x8008, 0x4, 0xd, 0x9, 0x8001, 0x2, 0x2, 0x4, 0x6, 0x1, 0x6, 0x2, 0x400, 0x20400, 0xff, 0x166, 0x7, 0xc8f, 0x3, 0x8, 0x3, 0x1, 0x1000, 0x7fffffff, 0x9, 0x8, 0x1000, 0x10, 0x6, 0xfeb, 0x100, 0x8, 0x3ff, 0x3a, 0xa18858f, 0x9, 0x1, 0x9, 0xffc00000, 0x4841, 0x4, 0x10, 0x4, 0x3, 0xf, 0x40, 0x5ff, 0x3a], [0xaeaf, 0x6, 0x2, 0x7ff, 0x3ff, 0x800, 0x8, 0x6, 0x1, 0x5, 0x9, 0x2, 0x8a4, 0xd5, 0xdd, 0xb5, 0x2, 0x1, 0x2, 0xcb32, 0x3, 0xf018, 0x9, 0x0, 0xda19, 0x80000001, 0x10001, 0x0, 0x4, 0x0, 0x5, 0xcc1, 0x8, 0x1, 0x2, 0xb, 0x3, 0x1, 0x0, 0xb7b, 0xffffff4a, 0x4, 0x7886, 0xbf8d, 0x9, 0x46dc, 0x1, 0x40, 0x9, 0x8, 0x10000, 0x1, 0x8, 0x10, 0x770, 0x0, 0x10001, 0x3ff, 0x5, 0x7, 0x8, 0x7d1, 0x1, 0x8]}, 0x45c)

26m3.18050372s ago: executing program 0 (id=739):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010018000000000000009c0000009c00000003000000000000000700000d000000000d000000000000000d0000000200000002000000040000000d00005583e93136ecfe0f00040000000e00000005000000060000000300000f0500000000000009040000000e"], 0x0, 0xb7, 0x0, 0x1, 0x9, 0x0, @void, @value}, 0x28)
syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaa23ffffffffffff080600010800"], 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14)

26m1.428716817s ago: executing program 2 (id=742):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file0\x00', 0x2000414, &(0x7f0000000340)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2a1, &(0x7f0000000540)="$eJzs3MFqE18Ux/Hzb/pv0pQ2EURQUA+60c3QxgfQIC2IAaU2RV0IUzvRkDEpM0MlIjYbcetzFJfuBPUFuhE37t0VQXDThTjiTKZN2rSmbdLE9PuBck9y7o+5bdNyUuis3339pFRwjYLpyVBCZUikJhsi6T9V3X/1dSioR6RRTS6P/fhy9s69+zezudz0rOpMdu5KRlUnzr9/+vzNhY/e2PzbiXdxWUs/WP+e+bp2au30+q+5x0VXi66WK56aulCpeOaCbeli0S0Zqrdty3QtLZZdy2nqF+zK0lJVzfLieHLJsVxXzXJVS1ZVvYp6TlXNR2axrIZh6HhSjrfhNvbkV2dnzeyubT/W0ROh60ZbPek42VrrZn71CM4EAAD6zN7zfzjr7z7/5+bDtcPzvwjzf5fUmh79Zf7HQHCcrJms//w2Y/4HAAAAAAAAAAAAAAAAAAAAAOBfsOH7Kd/3U9EafcRFJCEi0eNenxPdccDv/9UeHRcd1vCPewkR+9VyfjkfrmE/W5Ci2GLJpKTkZ/B6qAvrmRu56UkNpOWDvVLPryznYxKP8pF0q/y5E1NhXpvz/0uy8foZScnJ1tfPtMyPyKWLDXlDUvLpoVTElsXgdb2VfzGlev1Wblt+NNgHAAAAAMAgMHTTjvfvQT/YkJCd/TC/j78PbHt/PSxn2rlFJQAAAAAAODS3+qxk2rblHKCIi8gh4oNaxKQvjrGtuCYifXCMoyoSIhI+oweJf9uMt5Xy29gzLCI9/7Lso+j1byYAAAAAnbY19O8j9PllF08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDx0+79wKL9O1pRY494w+ViR/4JAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH3kdwAAAP//R8IgDA==")
r0 = open(0x0, 0x10400, 0x182)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)={'#! ', './file1/file0/file0'}, 0x17)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000880)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

26m1.351605978s ago: executing program 0 (id=744):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
writev(r0, &(0x7f0000000200)=[{&(0x7f0000000100)="09c69e16e1606f13050000d8186dd644", 0x10}], 0x1)

26m0.839902926s ago: executing program 0 (id=748):
prlimit64(0x0, 0xe, 0x0, 0x0)
io_setup(0x2, &(0x7f0000000040))
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x0)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
arch_prctl$ARCH_GET_UNTAG_MASK(0x4001, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x121601, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$ax25(0x3, 0x2, 0x8)
ioctl$SNDCTL_TMR_CONTINUE(r1, 0x5404)

26m0.488253582s ago: executing program 2 (id=749):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, 0x0, 0x48000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000600)={0x0, @in6={{0xa, 0x4e23, 0xfffffff0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x81}}}, &(0x7f00000006c0)=0x84)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000800)=ANY=[], 0x134}}, 0x0)
openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0xa08000, 0x0)
r4 = syz_open_dev$vcsu(&(0x7f0000000040), 0x3, 0x10002)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000100)={&(0x7f0000282000/0x3000)=nil, 0x3000})
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)

25m59.484723797s ago: executing program 32 (id=749):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, 0x0, 0x48000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000600)={0x0, @in6={{0xa, 0x4e23, 0xfffffff0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x81}}}, &(0x7f00000006c0)=0x84)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000800)=ANY=[], 0x134}}, 0x0)
openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0xa08000, 0x0)
r4 = syz_open_dev$vcsu(&(0x7f0000000040), 0x3, 0x10002)
ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000100)={&(0x7f0000282000/0x3000)=nil, 0x3000})
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)

25m59.475795577s ago: executing program 0 (id=751):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000180)={[{@errors_remount}]}, 0x3, 0x43b, &(0x7f0000000300)="$eJzs28tvG0UYAPBv7TxIHyRU5dG0QKAgIh5Jk5bSAxcQSBxAQoJDOYYkrULdBjVBolUEAaFyRJW4I45I/AWc4IKAExJXuKNKFcqlhZPR2ruJ7TrOo04c8O8nbTuzO9bM593Pnt2JA+haI+k/ScSBiPg9Igar1foGI9X/bq8sTf+9sjSdRLn81l9Jpd2tlaXpvGn+uv15pSei8FkSR5v0u3Dl6oWpUmn2clYfX7z4/vjClavPzV2cOj97fvbS5Jkzp05OvHB68vm2xJnGdWv4o/ljR1575/ob02evv/vzt0kef0McbTLS6uCT5XKbu+usgzXlpKeDA2FLitU0jd5K/g9GMdZO3mC8+mlHBwfsqHK5XH5g/cPLZeB/LIlOjwDojPyLPr3/zbddmnrsCTdfqt4ApXHfzrbqkZ4oZG16G+5v22kkIs4u//NVusXOPIcAAKjzfTr/ebbZ/K8Qtc+F7s3WUIYi4r6IOBQRpyPicETcH1Fp+2BEPLTF/hsXSe6c/xRubCuwTUrnfy9ma1v187989hdDxax2sBJ/b3JurjR7IntPRqO3P61PtOjjh1d++2K9Y7Xzv3RL+8/ngtk4bvT0179mZmpx6m5irnXzk4jhnmbxJ6srAUlEHImI4W32Mff0N8fWO7Zx/C20YZ2p/HXEU9XzvxwN8eeS1uuT4/dEafbEeH5V3OmXX6+9uV7/dxV/G6Tnf1/T6381/qGkdr12Yet9XPvj83XvabZ7/fclb9ft+3BqcfHyRERf8np10LX7JxvaTa61T+MfPd48/w/F2jtxNCLSi/jhiHgkIh7Nxv5YRDweEcdbxP/Ty0+81zr+/ujk+Z/Z0vlfK/RF457mheKFH7+r63SoMf6Nzv+pSmk027OZz7/NjGt7VzMAAAD89xQi4kAkhbHVcqEwNlb9G/7Dsa9Qml9YfObc/AeXZqq/ERiK3kL+pGuw5nnoRHZbn9cnG+ons+fGXxYHKvWx6fnSTKeDhy63P8//1cd91fxP/Vns4MCA3eH3WtC95D90L/kP3Uv+Q/dqkv8DnRgHsPuaff9/3IFxALuvIf8t+0EXcf8P3Uv+Q/eS/9CVFgZi4x/JK2yj0Lc3hrFjhSjsiWEo7FCh059MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7fFvAAAA//9ksOTc")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000640)={'syz0\x00', {0x3, 0x6, 0x7}, 0x49, [0x3, 0x0, 0x4, 0x1, 0x1, 0x2, 0xf3, 0x0, 0x8, 0xf, 0x7, 0x3, 0xfffffffe, 0x101, 0x400, 0x3, 0x4, 0x3, 0xa, 0x4, 0xfc, 0xfffffffe, 0x400, 0x100, 0x8000, 0xfff, 0x400, 0x0, 0x3, 0x401, 0x9, 0xfffffffe, 0x10, 0x3, 0x4, 0x0, 0x27, 0x7, 0x0, 0x8, 0x1195, 0x8, 0x5, 0x8, 0x3, 0x2, 0x10001, 0x3, 0x2b2, 0x4, 0x1ad0, 0x9, 0x6, 0x4, 0xedbe, 0x4, 0x2, 0x7, 0xa3, 0xfffffff8, 0x6, 0x80, 0x10000022, 0x81], [0x1, 0x8001, 0x563, 0x80000001, 0x0, 0x0, 0x4, 0x854f002, 0x2, 0x8, 0x8001, 0xd2, 0x8b, 0x8ab, 0x3, 0x2a6d2895, 0x5, 0x3, 0x100, 0x201, 0x6, 0x0, 0x5, 0x7, 0x4a63, 0x1, 0x9, 0x8, 0x1000, 0x9, 0x4, 0xf, 0x7, 0x401, 0x7, 0x8, 0x8000, 0xff, 0x4, 0xb0f, 0x8001, 0xdfcf, 0xc1f40800, 0x9, 0x2, 0x2, 0x6, 0x0, 0x9, 0x1000f, 0x0, 0x2, 0xfffff2a1, 0x2000009, 0x3cb, 0x5bda, 0x1, 0x40defe, 0x7, 0x7, 0x4, 0x524, 0x8001, 0x41], [0x6, 0x4, 0x7, 0xe000, 0x7, 0x3, 0x123, 0xc, 0x1, 0x4, 0x6, 0xfffffff8, 0x9, 0x300000, 0x80000001, 0x4, 0x8008, 0x4, 0xd, 0x9, 0x8001, 0x2, 0x2, 0x4, 0x6, 0x1, 0x6, 0x2, 0x400, 0x20400, 0xff, 0x166, 0x7, 0xc8f, 0x3, 0x8, 0x3, 0x1, 0x1000, 0x7fffffff, 0x9, 0x8, 0x1000, 0x10, 0x6, 0xfeb, 0x100, 0x8, 0x3ff, 0x3a, 0xa18858f, 0x9, 0x1, 0x9, 0xffc00000, 0x4841, 0x4, 0x10, 0x4, 0x3, 0xf, 0x40, 0x5ff, 0x3a], [0xaeaf, 0x6, 0x2, 0x7ff, 0x3ff, 0x800, 0x8, 0x6, 0x1, 0x5, 0x9, 0x2, 0x8a4, 0xd5, 0xdd, 0xb5, 0x2, 0x1, 0x2, 0xcb32, 0x3, 0xf018, 0x9, 0x0, 0xda19, 0x80000001, 0x10001, 0x0, 0x4, 0x0, 0x5, 0xcc1, 0x8, 0x1, 0x2, 0xb, 0x3, 0x1, 0x0, 0xb7b, 0xffffff4a, 0x4, 0x7886, 0xbf8d, 0x9, 0x46dc, 0x1, 0x40, 0x9, 0x8, 0x10000, 0x1, 0x8, 0x10, 0x770, 0x0, 0x10001, 0x3ff, 0x5, 0x7, 0x8, 0x7d1, 0x1, 0x8]}, 0x45c)

25m58.913669746s ago: executing program 0 (id=755):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0xec}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0xf, 0x0, &(0x7f0000000080))
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

25m57.32032617s ago: executing program 0 (id=757):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file0\x00', 0x2000414, &(0x7f0000000340)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2a1, &(0x7f0000000540)="$eJzs3MFqE18Ux/Hzb/pv0pQ2EURQUA+60c3QxgfQIC2IAaU2RV0IUzvRkDEpM0MlIjYbcetzFJfuBPUFuhE37t0VQXDThTjiTKZN2rSmbdLE9PuBck9y7o+5bdNyUuis3339pFRwjYLpyVBCZUikJhsi6T9V3X/1dSioR6RRTS6P/fhy9s69+zezudz0rOpMdu5KRlUnzr9/+vzNhY/e2PzbiXdxWUs/WP+e+bp2au30+q+5x0VXi66WK56aulCpeOaCbeli0S0Zqrdty3QtLZZdy2nqF+zK0lJVzfLieHLJsVxXzXJVS1ZVvYp6TlXNR2axrIZh6HhSjrfhNvbkV2dnzeyubT/W0ROh60ZbPek42VrrZn71CM4EAAD6zN7zfzjr7z7/5+bDtcPzvwjzf5fUmh79Zf7HQHCcrJms//w2Y/4HAAAAAAAAAAAAAAAAAAAAAOBfsOH7Kd/3U9EafcRFJCEi0eNenxPdccDv/9UeHRcd1vCPewkR+9VyfjkfrmE/W5Ci2GLJpKTkZ/B6qAvrmRu56UkNpOWDvVLPryznYxKP8pF0q/y5E1NhXpvz/0uy8foZScnJ1tfPtMyPyKWLDXlDUvLpoVTElsXgdb2VfzGlev1Wblt+NNgHAAAAAMAgMHTTjvfvQT/YkJCd/TC/j78PbHt/PSxn2rlFJQAAAAAAODS3+qxk2rblHKCIi8gh4oNaxKQvjrGtuCYifXCMoyoSIhI+oweJf9uMt5Xy29gzLCI9/7Lso+j1byYAAAAAnbY19O8j9PllF08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDx0+79wKL9O1pRY494w+ViR/4JAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH3kdwAAAP//R8IgDA==")
r0 = open(0x0, 0x10400, 0x182)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)={'#! ', './file1/file0/file0'}, 0x17)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000880)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

25m56.694188659s ago: executing program 33 (id=757):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file0\x00', 0x2000414, &(0x7f0000000340)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2a1, &(0x7f0000000540)="$eJzs3MFqE18Ux/Hzb/pv0pQ2EURQUA+60c3QxgfQIC2IAaU2RV0IUzvRkDEpM0MlIjYbcetzFJfuBPUFuhE37t0VQXDThTjiTKZN2rSmbdLE9PuBck9y7o+5bdNyUuis3339pFRwjYLpyVBCZUikJhsi6T9V3X/1dSioR6RRTS6P/fhy9s69+zezudz0rOpMdu5KRlUnzr9/+vzNhY/e2PzbiXdxWUs/WP+e+bp2au30+q+5x0VXi66WK56aulCpeOaCbeli0S0Zqrdty3QtLZZdy2nqF+zK0lJVzfLieHLJsVxXzXJVS1ZVvYp6TlXNR2axrIZh6HhSjrfhNvbkV2dnzeyubT/W0ROh60ZbPek42VrrZn71CM4EAAD6zN7zfzjr7z7/5+bDtcPzvwjzf5fUmh79Zf7HQHCcrJms//w2Y/4HAAAAAAAAAAAAAAAAAAAAAOBfsOH7Kd/3U9EafcRFJCEi0eNenxPdccDv/9UeHRcd1vCPewkR+9VyfjkfrmE/W5Ci2GLJpKTkZ/B6qAvrmRu56UkNpOWDvVLPryznYxKP8pF0q/y5E1NhXpvz/0uy8foZScnJ1tfPtMyPyKWLDXlDUvLpoVTElsXgdb2VfzGlev1Wblt+NNgHAAAAAMAgMHTTjvfvQT/YkJCd/TC/j78PbHt/PSxn2rlFJQAAAAAAODS3+qxk2rblHKCIi8gh4oNaxKQvjrGtuCYifXCMoyoSIhI+oweJf9uMt5Xy29gzLCI9/7Lso+j1byYAAAAAnbY19O8j9PllF08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDx0+79wKL9O1pRY494w+ViR/4JAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH3kdwAAAP//R8IgDA==")
r0 = open(0x0, 0x10400, 0x182)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)={'#! ', './file1/file0/file0'}, 0x17)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000880)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

25m56.67729512s ago: executing program 3 (id=760):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4000000000010104000000000002000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000008000480040003"], 0x40}}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x5c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2c}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x5c}}, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004"], 0x48)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000049c7d958aec852291f8d579d42e00dd17ef2eb4391d549352765a17a009b924eb9253e1a1f38b839f78d1da58950bb0816e22dde4dbd98cfefe59b7b7fe0a4a8face354c7bbc8ac8b29d68be25f4796537"], 0x14}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280), 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0), 0xffffffffffffffff)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB='L\x00\x00', @ANYRES64=r0], 0x4c}}, 0x4000804)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

25m56.307458265s ago: executing program 3 (id=762):
socket(0x40000000015, 0x2, 0x0)
socket$inet(0xa, 0x801, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000000240)={[{@nodiscard}, {@nocheckpoint_merge}, {@alloc_mode_def}, {@six_active_logs}, {@flush_merge}, {@fault_injection={'fault_injection', 0x3d, 0x14}}, {@discard}, {@noacl}, {@fsync_mode_posix}, {@alloc_mode_def}, {@noextent_cache}, {@two_active_logs}, {@fault_type={'fault_type', 0x3d, 0xfffffe}}]}, 0x1, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040), 0x6)
socket$unix(0x1, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
socket$inet(0x2, 0x3, 0x2)
r2 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/9, 0x9}], 0x1, 0x2f, 0x0)

25m55.576222327s ago: executing program 3 (id=764):
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
r1 = getpid()
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x9, 0xffffffff, 'syz0\x00', 0x8}, 0x5, 0x1, 0x1, r1, 0x0, 0x0, 'syz1\x00', 0x0})

25m53.524649498s ago: executing program 3 (id=766):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000180)={[{@errors_remount}]}, 0x3, 0x43b, &(0x7f0000000300)="$eJzs28tvG0UYAPBv7TxIHyRU5dG0QKAgIh5Jk5bSAxcQSBxAQoJDOYYkrULdBjVBolUEAaFyRJW4I45I/AWc4IKAExJXuKNKFcqlhZPR2ruJ7TrOo04c8O8nbTuzO9bM593Pnt2JA+haI+k/ScSBiPg9Igar1foGI9X/bq8sTf+9sjSdRLn81l9Jpd2tlaXpvGn+uv15pSei8FkSR5v0u3Dl6oWpUmn2clYfX7z4/vjClavPzV2cOj97fvbS5Jkzp05OvHB68vm2xJnGdWv4o/ljR1575/ob02evv/vzt0kef0McbTLS6uCT5XKbu+usgzXlpKeDA2FLitU0jd5K/g9GMdZO3mC8+mlHBwfsqHK5XH5g/cPLZeB/LIlOjwDojPyLPr3/zbddmnrsCTdfqt4ApXHfzrbqkZ4oZG16G+5v22kkIs4u//NVusXOPIcAAKjzfTr/ebbZ/K8Qtc+F7s3WUIYi4r6IOBQRpyPicETcH1Fp+2BEPLTF/hsXSe6c/xRubCuwTUrnfy9ma1v187989hdDxax2sBJ/b3JurjR7IntPRqO3P61PtOjjh1d++2K9Y7Xzv3RL+8/ngtk4bvT0179mZmpx6m5irnXzk4jhnmbxJ6srAUlEHImI4W32Mff0N8fWO7Zx/C20YZ2p/HXEU9XzvxwN8eeS1uuT4/dEafbEeH5V3OmXX6+9uV7/dxV/G6Tnf1/T6381/qGkdr12Yet9XPvj83XvabZ7/fclb9ft+3BqcfHyRERf8np10LX7JxvaTa61T+MfPd48/w/F2jtxNCLSi/jhiHgkIh7Nxv5YRDweEcdbxP/Ty0+81zr+/ujk+Z/Z0vlfK/RF457mheKFH7+r63SoMf6Nzv+pSmk027OZz7/NjGt7VzMAAAD89xQi4kAkhbHVcqEwNlb9G/7Dsa9Qml9YfObc/AeXZqq/ERiK3kL+pGuw5nnoRHZbn9cnG+ons+fGXxYHKvWx6fnSTKeDhy63P8//1cd91fxP/Vns4MCA3eH3WtC95D90L/kP3Uv+Q/dqkv8DnRgHsPuaff9/3IFxALuvIf8t+0EXcf8P3Uv+Q/eS/9CVFgZi4x/JK2yj0Lc3hrFjhSjsiWEo7FCh059MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7fFvAAAA//9ksOTc")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000640)={'syz0\x00', {0x3, 0x6, 0x7}, 0x49, [0x3, 0x0, 0x4, 0x1, 0x1, 0x2, 0xf3, 0x0, 0x8, 0xf, 0x7, 0x3, 0xfffffffe, 0x101, 0x400, 0x3, 0x4, 0x3, 0xa, 0x4, 0xfc, 0xfffffffe, 0x400, 0x100, 0x8000, 0xfff, 0x400, 0x0, 0x3, 0x401, 0x9, 0xfffffffe, 0x10, 0x3, 0x4, 0x0, 0x27, 0x7, 0x0, 0x8, 0x1195, 0x8, 0x5, 0x8, 0x3, 0x2, 0x10001, 0x3, 0x2b2, 0x4, 0x1ad0, 0x9, 0x6, 0x4, 0xedbe, 0x4, 0x2, 0x7, 0xa3, 0xfffffff8, 0x6, 0x80, 0x10000022, 0x81], [0x1, 0x8001, 0x563, 0x80000001, 0x0, 0x0, 0x4, 0x854f002, 0x2, 0x8, 0x8001, 0xd2, 0x8b, 0x8ab, 0x3, 0x2a6d2895, 0x5, 0x3, 0x100, 0x201, 0x6, 0x0, 0x5, 0x7, 0x4a63, 0x1, 0x9, 0x8, 0x1000, 0x9, 0x4, 0xf, 0x7, 0x401, 0x7, 0x8, 0x8000, 0xff, 0x4, 0xb0f, 0x8001, 0xdfcf, 0xc1f40800, 0x9, 0x2, 0x2, 0x6, 0x0, 0x9, 0x1000f, 0x0, 0x2, 0xfffff2a1, 0x2000009, 0x3cb, 0x5bda, 0x1, 0x40defe, 0x7, 0x7, 0x4, 0x524, 0x8001, 0x41], [0x6, 0x4, 0x7, 0xe000, 0x7, 0x3, 0x123, 0xc, 0x1, 0x4, 0x6, 0xfffffff8, 0x9, 0x300000, 0x80000001, 0x4, 0x8008, 0x4, 0xd, 0x9, 0x8001, 0x2, 0x2, 0x4, 0x6, 0x1, 0x6, 0x2, 0x400, 0x20400, 0xff, 0x166, 0x7, 0xc8f, 0x3, 0x8, 0x3, 0x1, 0x1000, 0x7fffffff, 0x9, 0x8, 0x1000, 0x10, 0x6, 0xfeb, 0x100, 0x8, 0x3ff, 0x3a, 0xa18858f, 0x9, 0x1, 0x9, 0xffc00000, 0x4841, 0x4, 0x10, 0x4, 0x3, 0xf, 0x40, 0x5ff, 0x3a], [0xaeaf, 0x6, 0x2, 0x7ff, 0x3ff, 0x800, 0x8, 0x6, 0x1, 0x5, 0x9, 0x2, 0x8a4, 0xd5, 0xdd, 0xb5, 0x2, 0x1, 0x2, 0xcb32, 0x3, 0xf018, 0x9, 0x0, 0xda19, 0x80000001, 0x10001, 0x0, 0x4, 0x0, 0x5, 0xcc1, 0x8, 0x1, 0x2, 0xb, 0x3, 0x1, 0x0, 0xb7b, 0xffffff4a, 0x4, 0x7886, 0xbf8d, 0x9, 0x46dc, 0x1, 0x40, 0x9, 0x8, 0x10000, 0x1, 0x8, 0x10, 0x770, 0x0, 0x10001, 0x3ff, 0x5, 0x7, 0x8, 0x7d1, 0x1, 0x8]}, 0x45c)

25m53.244704742s ago: executing program 3 (id=767):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f00000004c0)={@rand_addr, @multicast1, <r2=>0x0}, &(0x7f0000000500)=0xc)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000540)={@empty, 0x19, r2})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_FREE_STREAMS(r6, 0x8008551d, 0x0)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x42000773)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$TIOCMSET(r7, 0x5418, &(0x7f00000001c0)=0xfffffe00)
syz_pidfd_open(r1, 0x0)
r8 = getpid()
ioctl$KDSKBENT(r7, 0x4b47, &(0x7f0000000580)={0x2, 0x0, 0x8001})
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7)
prlimit64(r8, 0xa, &(0x7f00000001c0)={0x7fffffff, 0x1}, &(0x7f0000000280))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r9 = socket$nl_audit(0x10, 0x3, 0x9)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f0000000700)=ANY=[], 0x0, 0x58, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
sendmsg$AUDIT_USER(r9, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)={0xd0, 0x3ed, 0x20, 0x70bd26, 0x25dfdbfb, "7f38ea14473e094d8f1dcc8145c88489aebcc30bc1235010f1cbb711ab54d83b2a518fe885b12fd3d6c7f211bfb521ec76edf896e74399e0dd5cdaa1db0a4705c6e7d00e86f198227851540cef9b259ce9f449a3e7fdd4ec1322d699d44c7bfb9f16e8e35806fa699711deffd7d193c9b2666b4b6275458a196ba9707546c7d6df47bdf4017ca21464d6412b7d1b505c3d6378b26a86086e36589f91916c781072a703918a6264316251578553364997f879444f00"/191, ["", ""]}, 0xd0}, 0x1, 0x0, 0x0, 0x4}, 0x844)

25m51.508187278s ago: executing program 3 (id=771):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0xec}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0xf, 0x0, &(0x7f0000000080))
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

25m50.815556049s ago: executing program 34 (id=771):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0xec}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0xf, 0x0, &(0x7f0000000080))
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

25m42.157533921s ago: executing program 1 (id=781):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$netlink(0x10, 0x3, 0x4)
writev(r1, &(0x7f0000000080)=[{&(0x7f0000000000)="480000001400190d09004beafd0d36020a8429000b4e230f4e230000a2bc5603ca00000f7f89004e002050da742dac0000000101ff05020003000200000000000100000000005839", 0x48}], 0x1)

25m41.923592155s ago: executing program 1 (id=782):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000440)={0x2, 0xfffffffc, 0x6}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4001}, 0x894)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000400000000f5dffeff9500"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r1}, 0x10)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newsa={0x150, 0x10, 0x413, 0x70bd29, 0x0, {{@in=@remote, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x4e24, 0x0, 0x2, 0x0, 0x20, 0x21}, {@in=@multicast1, 0x0, 0x32}, @in6=@loopback={0x100000000000000}, {0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x8, 0x80000, 0x81}, {0x0, 0x5, 0x4, 0x4000006}, {0x0, 0xfffffff9, 0x80000}, 0x0, 0x0, 0x2, 0x1, 0x81, 0x68}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x80, "25cac5216d3c8af0aa76902918bf448c5d9f5459"}}]}, 0x150}, 0x1, 0x0, 0x0, 0x612fc0b6c779297b}, 0x20000080)

25m41.335090424s ago: executing program 1 (id=783):
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="001b82c7db7d42db303586547449d62aaac0dcf36e9c5d35f62c180dabbf5f896257eb342385e354c1aa"], 0x1, 0xa10, &(0x7f0000001540)="$eJzs3U2MG1cdAPBn73rTfJQ4JaFLGtqEQls+uttslvARQVM1F6Km6q1SxSVK0xKRBkQqQasekpy40aoKVz7EqZcKEBK9oKgnLpVoJC49FQ4ciIJUiQMUkkXrfc/r/cfW2Jvser3+/aTZ55n/s98b73g8npn3XgLGVr31d35+upbS5XfePPaPh/6+dXHJ4+0czdbfyY65Rkqplucnw+t9OLGU3vjotVPd0lqaa/0t8+np6+3nbk8pXUj705XUTHsvX33jvbmnTlw8funA+28dubY2aw8AAOPlmStH5vf89c/37fr47fuPpi3t5eX4vJnnd+Tj/qP5wL8c/9fTyvlax9RpKuSbzFM95Jvokq+znEbIN9mj/Knwuo0e+bZUlD/RsazbesMoK9txM9XqMyvm6/WZmaXf5Kn1u36qNnPuzNkXzg+posAd968HUkr7TSbTOE4LO4e9BwJYEq8X3uJCPLNwe9qvNtlf+defqHd/PtwB6739K3+0yv/1RXsc7pzNujWV9Sqfox15Pl5HiPcvDfr5L68Xr0c0+qxnr+sIo3J9oVc9J9a5HqvVq/5xu9isvpnT8j58K8Q7Pz/xfzoq/2Ogu387/28yje20MOwdELBhxfvmFrISj/f1xfiWivhdFfGtFfFtFfHtFXEYZ797+afp9dry7/z4m37Q82HlPNvdOf3EgPWJ5yMHLT/e9zuo2y0/3k8MG9kfTj57+mvPP3d16f7/2uL237rl/2be3vfnfM382bqSN/dyvjCeV1++9/+ZFeXUe+S7J9Tn7i75W493r8xX2738OqljP3NLPaZXPm9nr3z7VuZrhnxb83RXqG88PtkWnleOP8p+tbxfk2F9G2E9pkI9yn5lV05jPWA1yvbY6/7/sn1Op0bthTNnTz+W58t2+qeJxpbF5QfXud7A7eu3/c90Wtn+Z0d7eaPeuV/Yuby81rlfaIblcz2WH8rz5XvuuxNbW8tnTn3/7PN3euVhzJ1/5dXvnTx79vQPPfDAAw/aD4a9ZwLW2uzLL/1g9vwrrz565qWTL55+8fS5Q4cPH5qbO/z1Q/OzreP62c6je2AzWf7SH3ZNAAAAAAAAAAAAgH796Pixq39596sfLLX/X27/V9r/lzt/S/v/n4T2/7GdfGkHX9oB7uoSb+UJHaxOhXyNPH0y1Hd3KGdPeN6nctoexy+3/y/FxX5dS33uDctj/70lX+hO4Jb+UqZCHyRxvMDP5vRSTn+VYIhqW7svzmlV/9ZlWy/9U+iXYjSV/1vZGko/JqX9d69+ncr+f9c61JE7bz2aEw57HYHu/qn/b5NpbKeFBaN4ABvDsMf/LOc9S3ruj9++a3Eq2a4/sXJ/Gfsvhdux0cefVP7mGv+zPf5d3/u/MGJec3Xl/ufn1z7oKDbt7bf8uP6lH+jdg5X/cS6/rM3Dqb/yF34Zyo8XhPr031D+tj7Lv2X9962u/P/l8svb9siD/Za/VONafWU94nnjcv0vnjcuboT1L317Drz+qxyo8WYuH8bZqIwzO6hRGf+3l3gfxlfyfNkRlvsc4ngng9a/3F9Rvgf2hNevVXy/bfbxfy+uY12G4Rs5rfo8lPF/y/bY7DJf75hvdHlvN+u+BkbVh67/mUxjOy0sLKztCa0KQy2cob//w/6dMOzyh/3+V4nj/8Zj+Dj+b4zH8X9jPI7/G+NxfL0Yj+P/xvczjv8b4/eG143jA09XxD9dEd9bEb+vIr6vIv6ZiviBivj9FfEHKuL3VMQfrIh/riL++Yr4QxXxRyriX6iIb3alPcq4rj+Ms9g+z+cfxke5/tPr87+7Ig6Mrp+9ffDJ5377neZS+/+p9vmQch3vaJ7fn387/zjPx+veqWN+MfZunv9biG/08x0wTmL/GfH7/eGKODC6yn1ePt8whmrde+zpt9+qXsf5jJYv5vRLOf1yTh/N6UxOZ3N6MKdz61Q/1saTv/n9kddry7/3d4Z4v/eTx/ZAsZ+oQ33WJ54fGPR+9tiP36But/xVNgcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYmnrr7/z8dC2ly++8eezZE2dmF5c83s7RbP2d7JhrtJ+X0mM5ncjpL/KDGx+9dqozvZnTWppLtVRrL09PX2+XtD2ldCHtT1dSM+29fPWN9+aeOnHx+KUD77915NravQMAAACw+f0/AAD//8MLDok=")
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000740)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
syz_emit_ethernet(0x3e, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffffffffffffff08004500003000000000006790780008d7bd94ffffff0c0090785300000045750007006600066011000c"], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file0\x00', 0xa00004, &(0x7f0000000680)={[{@adinicb}, {@iocharset={'iocharset', 0x3d, 'iso8859-9'}}, {@adinicb}, {@uid}, {}, {@iocharset={'iocharset', 0x3d, 'macinuit'}}, {@mode={'mode', 0x3d, 0x8}}, {@iocharset={'iocharset', 0x3d, 'iso8859-5'}}, {@adinicb}, {@gid_forget}, {@lastblock={'lastblock', 0x3d, 0x7}}, {@gid_forget}, {@uid}]}, 0x1, 0xc4d, &(0x7f0000000f40)="$eJzs3U9sHNd9B/DfGy3FldxWTJwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQwWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xr546nTaZsOhh9AYAOCBuDz2tVNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+/LzQ+e7eak98wH199pn49WxKxcbL83enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvnZr8vr1hcaZ585u2nx74L3+J44PXBh65uTT3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORopnv/+z1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnz32Fq6mt/6UZ2HL1UDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/ijilUjx87dPxLV8n6nuNV+MeKXMH0a8WeaLEan8YpyLeHeb7xGPploU8efl9b+wliar+0H3vnLp642vzlyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcRnIsXL//ZH1bjiqMalH7sw9PsDv9w7ZvypD9lPWfa5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vv2wGwMAAAAAAAAAAAAAAAAAAPCxVsRPI8UL75xIy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIt6PFN/55lqKFBHNiIno5Er/w24dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDqT0X8IFI0/qB5Z10tIlL1b8eJ8pdz0Txc5iejOVTmi9G8mLNVZa357YfQfnanLxXxk0jRX3/rzgXP17+v8+nO1yDe/NbGp8/WOnmou3Hgvf4njh+7MDTy+ad2Wk7bNWDwUnvm1u3G+PDIyFjP6lo++id71g3k4xZ703UiYuH1N15rTU9Pzd//QvkVuM/q3Su5i6M/yIVUe2SaamEvFqJ2IJrxcPq+Sf1h3JzYd+Xz/91I8dvv/Hv3gd95/tfjlzqf7jzh4xd/svH8f2Hrju7x+V/bWi8//8snwXbP/yd71r2QfzfSV4uoL96c6zseUV94/Y2T7ZutG1M3pmbOnTr1laGhr5w91Xc4on69PT3Vs7QnpwsAAAAAAAAAAAAAAADgwUlF/G6kaP1kLTUi4nY1XmvgwtAzJ58+FIeq8Vabxm2/OnblYuOl2Ztz81MLC1OTjfGZ9rXZyal7PVy9Gu41PjyyL535UEf2uf1H6i/Nzr0+377xh4vbbj9av3h1YXG+dW37zXEkiohm75rBqsHjwyNVo6fbrZmq6ui2g+k/ur5UxH9EimvnGukLeV0e/791hP+m8f9LW3e0h+P/P390Y/zfJ3qKlsdMqYhfRIrf+oun4gtVO4/GXecsl/ubSDF4/nO5XBwuy3Xb0HmvQGdkYFn2fyLFP7y/uWx3POSTG2VPf6ST+wgor/+xSPGDP/te/Hpet/n9D9tf/6Nbd7RP73/4VM+6o5veV7DrrpOv/8lI8eKTb8VvVGv+7wPf/9F9Y8OJTuGN93Ps0/X/1Z51A/m4v7lXnQcAAAAAAAAAAHiE9aUi/jZS/Giklp7P6+7l7/9Nbt3RPv39r0/3rJvcm/mKPnRh1ycVAAAAAA6IvlTETyPFjcW37oyh3jz+u2f85+9sjP8cTlu2Vn/O9yvVewP28s//eg3k407svtsAAAAAAAAAAAAAAAAAAABwoKRUxPN5PvWJajz/5I7zqa9Eipf/69lcLh0vy3XngR+ofq1fnp05eXF6erYei62r01ONsbnWtamy7qcixdpffy7XLar51bvzzXfmeN+Yi30+Uoz8XbdsZy727tzknfnA6+vrEafLsp+IFP/595vL5qmp89zR1X7PlGX/KlJ845+2L3t8o+zZsuz3IsWPv9Holj1alu2+H/XTG2WfuzZb7MNVAQAAAAAAAAAAAAAAAAAA4OOmLxXxp5Hiv28u3xnLn+f/7+v5WHnzWz3z/W9xu5rnf6Ca/3+n5fuZ/796r8DSTkcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHU4oi3ogUc5fX0kp/+bmjfqk9c+v2+PDI9tWOpKrmoap8+VM/febsuS8/P3S+mx9cf699Jl4du3Kx8dLszbn5qYWFqcnG+Ez72uzk1D3vYbf1txqsTkDj5mu3Jq9fX2icee7sps23B97rf+L4wIWhZ04+3S07PjwyMtZTptZ330e/S9ph/eEo4i8jxbPf/1n6UX9EEbs/Fx/y3dlvR6pODFadGB8eqToy3W7NLJYbR7snooho9FRqds/RA7gWu9KMWCqbXzZ4sOze2FxrvnV1eqox2ppfbC+2Z2dGU6e1ZX8aUcT5FLEcEav9d++uL4p4LVJ899ha+uf+iEPd8/Cly2NfO3Vm53YU+9jHe1C2s9EXsVw8AtfsAOuPIv4xUvz87RPxL/0Rtej8xBcjXinzhxFvRud6p/KLcS7i3W2+RzyaalHE/5bX/8Jaeru/vB907yuXvt746sz12Z6y3fvKI/98eJAO+L2pHkX8uLrjr6V/9d81AAAAAAAAAAAAAAAAwAFSxK9FihfeOZGq8cF3xhS3Z240rrSuTneG9XXH/nXHTK+vr683UiebOSdyLuVczrmSczVnFLl+zmaZ9fX1ifx5KedyzpWcqznjUK6fs5lzIudSzuWcKzlXc0Yt18/ZzDmRcynncs6VnKs544CM3QMAAAAAAAAAAAAAAAAAAB4vRfVPiu98cy2t93fml56ITq6YD/Sx9/8BAAD//9kg9g0=")
syz_mount_image$fuse(0x0, &(0x7f0000000e80)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f00000003c0)=""/34)
mq_open(0x0, 0x0, 0x0, &(0x7f0000000180)={0x8001})
setsockopt$IPT_SO_SET_REPLACE(r0, 0x9003000000000000, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x2, 0x3, 0x2c8, 0x0, 0x178, 0x178, 0x178, 0x178, 0x230, 0x230, 0x230, 0x230, 0x230, 0x3, 0x0, {[{{@uncond, 0x0, 0x158, 0x178, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "d9d9e63590ab5471c46924e95540949f0cd7e2b0a94d71d9d944acb7f0a1297674a95b30cee19db4c1725572ba928385b1635c89b58ae9a0e1ea500b26f006da3fa8a134552f7980e92de5a784cd4f46e799e191835d7d5ea776f04bef524e22f0bb6ed4b00f44ceb936943e13fa1caa6b4b159c673db1efa9a08b1ddc74ce6c", 0x43, 0x3}}, @common=@inet=@socket3={{0x28}, 0x51}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x328)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

25m40.084115583s ago: executing program 1 (id=784):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000180)={[{@errors_remount}]}, 0x3, 0x43b, &(0x7f0000000300)="$eJzs28tvG0UYAPBv7TxIHyRU5dG0QKAgIh5Jk5bSAxcQSBxAQoJDOYYkrULdBjVBolUEAaFyRJW4I45I/AWc4IKAExJXuKNKFcqlhZPR2ruJ7TrOo04c8O8nbTuzO9bM593Pnt2JA+haI+k/ScSBiPg9Igar1foGI9X/bq8sTf+9sjSdRLn81l9Jpd2tlaXpvGn+uv15pSei8FkSR5v0u3Dl6oWpUmn2clYfX7z4/vjClavPzV2cOj97fvbS5Jkzp05OvHB68vm2xJnGdWv4o/ljR1575/ob02evv/vzt0kef0McbTLS6uCT5XKbu+usgzXlpKeDA2FLitU0jd5K/g9GMdZO3mC8+mlHBwfsqHK5XH5g/cPLZeB/LIlOjwDojPyLPr3/zbddmnrsCTdfqt4ApXHfzrbqkZ4oZG16G+5v22kkIs4u//NVusXOPIcAAKjzfTr/ebbZ/K8Qtc+F7s3WUIYi4r6IOBQRpyPicETcH1Fp+2BEPLTF/hsXSe6c/xRubCuwTUrnfy9ma1v187989hdDxax2sBJ/b3JurjR7IntPRqO3P61PtOjjh1d++2K9Y7Xzv3RL+8/ngtk4bvT0179mZmpx6m5irnXzk4jhnmbxJ6srAUlEHImI4W32Mff0N8fWO7Zx/C20YZ2p/HXEU9XzvxwN8eeS1uuT4/dEafbEeH5V3OmXX6+9uV7/dxV/G6Tnf1/T6381/qGkdr12Yet9XPvj83XvabZ7/fclb9ft+3BqcfHyRERf8np10LX7JxvaTa61T+MfPd48/w/F2jtxNCLSi/jhiHgkIh7Nxv5YRDweEcdbxP/Ty0+81zr+/ujk+Z/Z0vlfK/RF457mheKFH7+r63SoMf6Nzv+pSmk027OZz7/NjGt7VzMAAAD89xQi4kAkhbHVcqEwNlb9G/7Dsa9Qml9YfObc/AeXZqq/ERiK3kL+pGuw5nnoRHZbn9cnG+ons+fGXxYHKvWx6fnSTKeDhy63P8//1cd91fxP/Vns4MCA3eH3WtC95D90L/kP3Uv+Q/dqkv8DnRgHsPuaff9/3IFxALuvIf8t+0EXcf8P3Uv+Q/eS/9CVFgZi4x/JK2yj0Lc3hrFjhSjsiWEo7FCh059MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7fFvAAAA//9ksOTc")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
write$uinput_user_dev(r0, &(0x7f0000000640)={'syz0\x00', {0x3, 0x6, 0x7}, 0x49, [0x3, 0x0, 0x4, 0x1, 0x1, 0x2, 0xf3, 0x0, 0x8, 0xf, 0x7, 0x3, 0xfffffffe, 0x101, 0x400, 0x3, 0x4, 0x3, 0xa, 0x4, 0xfc, 0xfffffffe, 0x400, 0x100, 0x8000, 0xfff, 0x400, 0x0, 0x3, 0x401, 0x9, 0xfffffffe, 0x10, 0x3, 0x4, 0x0, 0x27, 0x7, 0x0, 0x8, 0x1195, 0x8, 0x5, 0x8, 0x3, 0x2, 0x10001, 0x3, 0x2b2, 0x4, 0x1ad0, 0x9, 0x6, 0x4, 0xedbe, 0x4, 0x2, 0x7, 0xa3, 0xfffffff8, 0x6, 0x80, 0x10000022, 0x81], [0x1, 0x8001, 0x563, 0x80000001, 0x0, 0x0, 0x4, 0x854f002, 0x2, 0x8, 0x8001, 0xd2, 0x8b, 0x8ab, 0x3, 0x2a6d2895, 0x5, 0x3, 0x100, 0x201, 0x6, 0x0, 0x5, 0x7, 0x4a63, 0x1, 0x9, 0x8, 0x1000, 0x9, 0x4, 0xf, 0x7, 0x401, 0x7, 0x8, 0x8000, 0xff, 0x4, 0xb0f, 0x8001, 0xdfcf, 0xc1f40800, 0x9, 0x2, 0x2, 0x6, 0x0, 0x9, 0x1000f, 0x0, 0x2, 0xfffff2a1, 0x2000009, 0x3cb, 0x5bda, 0x1, 0x40defe, 0x7, 0x7, 0x4, 0x524, 0x8001, 0x41], [0x6, 0x4, 0x7, 0xe000, 0x7, 0x3, 0x123, 0xc, 0x1, 0x4, 0x6, 0xfffffff8, 0x9, 0x300000, 0x80000001, 0x4, 0x8008, 0x4, 0xd, 0x9, 0x8001, 0x2, 0x2, 0x4, 0x6, 0x1, 0x6, 0x2, 0x400, 0x20400, 0xff, 0x166, 0x7, 0xc8f, 0x3, 0x8, 0x3, 0x1, 0x1000, 0x7fffffff, 0x9, 0x8, 0x1000, 0x10, 0x6, 0xfeb, 0x100, 0x8, 0x3ff, 0x3a, 0xa18858f, 0x9, 0x1, 0x9, 0xffc00000, 0x4841, 0x4, 0x10, 0x4, 0x3, 0xf, 0x40, 0x5ff, 0x3a], [0xaeaf, 0x6, 0x2, 0x7ff, 0x3ff, 0x800, 0x8, 0x6, 0x1, 0x5, 0x9, 0x2, 0x8a4, 0xd5, 0xdd, 0xb5, 0x2, 0x1, 0x2, 0xcb32, 0x3, 0xf018, 0x9, 0x0, 0xda19, 0x80000001, 0x10001, 0x0, 0x4, 0x0, 0x5, 0xcc1, 0x8, 0x1, 0x2, 0xb, 0x3, 0x1, 0x0, 0xb7b, 0xffffff4a, 0x4, 0x7886, 0xbf8d, 0x9, 0x46dc, 0x1, 0x40, 0x9, 0x8, 0x10000, 0x1, 0x8, 0x10, 0x770, 0x0, 0x10001, 0x3ff, 0x5, 0x7, 0x8, 0x7d1, 0x1, 0x8]}, 0x45c)

25m39.764970907s ago: executing program 1 (id=785):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[], 0x188}}, 0x0)

25m37.940264436s ago: executing program 1 (id=786):
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000400)={0x1, &(0x7f0000000000)=[{0x2, 0x4, 0xff, 0x7fff0000}]})
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
preadv(r4, &(0x7f0000000100)=[{&(0x7f0000000140)=""/197, 0xc5}], 0x1, 0x36, 0x0)
ioctl$TIOCSSOFTCAR(r4, 0x541a, &(0x7f0000000340)=0x2)
fspick(0xffffffffffffffff, 0x0, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@mangle={'mangle\x00', 0x2, 0x6, 0x510, 0x0, 0x270, 0x0, 0xd0, 0x360, 0x440, 0x440, 0x440, 0x440, 0x440, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, [0xff, 0xff000000], [0x0, 0xff000000], 'syzkaller0\x00', 'pimreg0\x00', {0xff}, {}, 0x0, 0x2}, 0x0, 0xa8, 0xd0}, @HL={0x28, 'HL\x00', 0x0, {0x3, 0xa}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x3ff}}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0x0, 0xff], [], 'bond_slave_1\x00', 'pim6reg1\x00', {0xff}}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4, 0x0, 0x2b}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [0xffffff00, 0xffffffff, 0xff000000], [0xffffffff, 0xffffffff, 0x0, 0xffffffff], 'geneve1\x00', 'team_slave_1\x00', {0xff}, {}, 0x32, 0x9, 0x1, 0x40}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x1, 0x24, 0x1}, {0x4, 0x4}, {0x2, 0x5, 0x5}, 0x4, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x570)

25m37.248110916s ago: executing program 35 (id=786):
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000400)={0x1, &(0x7f0000000000)=[{0x2, 0x4, 0xff, 0x7fff0000}]})
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
preadv(r4, &(0x7f0000000100)=[{&(0x7f0000000140)=""/197, 0xc5}], 0x1, 0x36, 0x0)
ioctl$TIOCSSOFTCAR(r4, 0x541a, &(0x7f0000000340)=0x2)
fspick(0xffffffffffffffff, 0x0, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@mangle={'mangle\x00', 0x2, 0x6, 0x510, 0x0, 0x270, 0x0, 0xd0, 0x360, 0x440, 0x440, 0x440, 0x440, 0x440, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, [0xff, 0xff000000], [0x0, 0xff000000], 'syzkaller0\x00', 'pimreg0\x00', {0xff}, {}, 0x0, 0x2}, 0x0, 0xa8, 0xd0}, @HL={0x28, 'HL\x00', 0x0, {0x3, 0xa}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x3ff}}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0x0, 0xff], [], 'bond_slave_1\x00', 'pim6reg1\x00', {0xff}}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4, 0x0, 0x2b}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [0xffffff00, 0xffffffff, 0xff000000], [0xffffffff, 0xffffffff, 0x0, 0xffffffff], 'geneve1\x00', 'team_slave_1\x00', {0xff}, {}, 0x32, 0x9, 0x1, 0x40}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x1, 0x24, 0x1}, {0x4, 0x4}, {0x2, 0x5, 0x5}, 0x4, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x570)

8m3.139532431s ago: executing program 6 (id=4051):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000440)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4e7, 0x30, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x89, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x80, 0x40}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000040)={0x40, 0x2, 0x3, {0x3, 0x1, '\x00'}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

8m0.838821456s ago: executing program 6 (id=4067):
socket(0x2, 0x80805, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000032500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000850000000f000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0)
epoll_create(0x802)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/mdstat\x00', 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet(0x2, 0x3, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c00000000010104000000000000000002001000240002801400018008000100e000000108000200e00000010c00028005000100000000001c0010800800014000000000d97405010000000008000240000000000800", @ANYRES64=r2], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)

8m0.676444999s ago: executing program 6 (id=4069):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r1, 0x3b88, &(0x7f0000000200)={0xc, r2})
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r1, 0x3b70, &(0x7f0000000240)={0x30})
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r3, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfff9}, 0xe)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
writev(r3, &(0x7f0000000100), 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r3)
shutdown(r3, 0x1)
set_mempolicy(0x2, 0x0, 0x3)
socket(0x10, 0x3, 0x0)
r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r4, 0x12, 0x2, 0x0, &(0x7f0000000000))
setresuid(0x0, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, r6, 0x1, 0x300, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_4ADDR={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4c800}, 0xc0c4)

7m59.568279015s ago: executing program 6 (id=4071):
r0 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r0, &(0x7f0000000180)={0x28, 0x0, 0x0, @local}, 0x10)
connect$vsock_stream(r0, &(0x7f0000000400)={0x28, 0x0, 0x2710, @host}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x48, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x4000000)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$rds(0x15, 0x5, 0x0)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
syz_open_dev$sg(&(0x7f00000001c0), 0x0, 0x101a02)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r4 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsmount(r4, 0x0, 0x1)
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r5, &(0x7f0000000040)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000ac0)="ee", 0x1}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb71658bda99b49720fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d700000010"], 0x10b8}, 0x0)
recvmsg$kcm(r5, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x202)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x303, 0x36}, "f1ff5ef2fe010017", "9e8ecc7bb5352776725e1047711330ff2bb17b5508000000000000009bc400", "c9063700", "46b0dc72b7b1d30e"}, 0x38)
r6 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r6, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792c", 0x48, 0x20000000, 0x0, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]})
close_range(r7, 0xffffffffffffffff, 0x0)
mmap$snddsp_control(&(0x7f0000003000/0x2000)=nil, 0x1000, 0x1000008, 0x4010, 0xffffffffffffffff, 0x83000000)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

7m59.380113898s ago: executing program 6 (id=4074):
openat$userio(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x0, &(0x7f0000000080)})
socket$netlink(0x10, 0x3, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x55, 0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
syz_open_procfs(0x0, &(0x7f0000002000)='net/ip_mr_vif\x00')
execve(0x0, &(0x7f00000016c0), 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x1000000000)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0xb5)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
pwritev2(r1, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0x5412, 0x1, 0x0)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c)
rt_sigsuspend(&(0x7f0000000040)={[0x3]}, 0x8)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0), 0x0, 0x4001c00)

7m58.130437157s ago: executing program 6 (id=4079):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0100000042000000060000000800000000000000", @ANYRES32=0x1], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r1}, 0x38)

7m43.030713917s ago: executing program 36 (id=4079):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0100000042000000060000000800000000000000", @ANYRES32=0x1], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r1}, 0x38)

18.890486173s ago: executing program 4 (id=5455):
syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000480)={0x1, 0x0, 0x0, &(0x7f0000001740)=""/97, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000400))
r1 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000003700)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/163, 0x0, 0x4000})
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)

15.216059409s ago: executing program 4 (id=5458):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0)
getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x40)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast1}]}}}]}, 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c0000001000010404000000fedbdf2500000000", @ANYBLOB="132a01bf61a001001c0012800900010069706970000000000c000280"], 0x3c}, 0x1, 0x0, 0x0, 0x40001}, 0x20004000)

14.376077911s ago: executing program 4 (id=5459):
prctl$PR_CAP_AMBIENT(0x2f, 0x1, 0x4)
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x11)
ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x3)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x3)
getuid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = shmget$private(0x0, 0x3000, 0x1, &(0x7f0000fef000/0x3000)=nil)
r3 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0xc0c00)
ioctl$IOC_PR_PREEMPT(r3, 0x40046109, &(0x7f0000000040)={0xd2, 0xfffffffffffffffe})
shmat(r2, &(0x7f0000ff7000/0x3000)=nil, 0x400c)
ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x5)
connect$bt_rfcomm(r0, &(0x7f00000001c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xa)
landlock_restrict_self(0xffffffffffffffff, 0x1)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)

13.051168221s ago: executing program 4 (id=5463):
r0 = add_key$user(&(0x7f00000006c0), &(0x7f0000000280)={'syz', 0x3}, &(0x7f00000008c0)="d3a24845fed3b644db111f6660fcd399052be391b829c18141634298ceeb56ee051e22d30dbb5f2c5ab2078c2c8cf5b9a0385ac162b836c7977ec2752acb894b12c965ca0e6ef3be0e26d7ce463ba7d45d493070046ee8bf617e890cd5321ff6387b3c061c485ebc22948c0292c94d7463b0a2daf8dd3e66c957e3aef3a4b95f4935d34e1bcbc49fc30eb919f98f0c8eeedbb598bc77f0ea766d13268eb19b0cfd6d9624efc20e49f72912e99e06f832a5d6a336636bcef1293071e0a88f8453a5e3f66a46bb0d1151d677b39ea96b1e0df37938a43869aff5ef6877c00111c7dac90bf1400828b2e8d7480538629ae1c49cdb837a0982effd", 0xf9, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080), 0x0, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000540)={r1, r0, r0}, &(0x7f0000000780)=""/86, 0x56, &(0x7f0000000400)={&(0x7f00000002c0)={'crc32c\x00'}})

12.918762003s ago: executing program 5 (id=5464):
openat(0xffffffffffffff9c, 0x0, 0x101880, 0x42)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001500)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)
r0 = gettid()
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000240)='./file0\x00', 0x8c0, &(0x7f0000000100)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c001967b9b8a6cdd636d75428f2c5e8054d01858eef552755576e749526b36860cf2511040d1ce5a743ffd83d29d1ba3a54a59d8c7aa249f08d3c8c6d04ac105d67934db6190d59f2323b55a5a4"], 0x1, 0x4431, &(0x7f00000088c0)="$eJzs3b9PHFceAPA3Az6Dz/ZhnwufdNKtdJbudHdC4OoSLAVjbAw2ceTELtKsF1jbJAtrwRKlcEE6S6kipYhSWImUjspCSu38CWlSOrWlpEgTKZIVop2dxcywGzaEhdj6fIod5v2G78zbN8Xw4lTt7vxyYX65UFosVGdvL58tvFetrCyUQ7xPWvZ/aP/6pzPduE5+rc0v92zktHLtwqU3b54N4au5b55ubGxshLre0NLwlp9//OH+7NZjU5yrU2+3dWt75e0Qwqlt46rrCSH0hRCiEML5NG0sPfaHEI6leTfvf3irsEejefSkfK74bPrB+siZqbWH6+1/9yiETyt/+9+dhe/+2TPy7X/2qHsAAAAAAAAAAAAAAAAAAF5wE9ev3XhjaDg8jkLvWrT9fd2J9Nju/diNPfOP7v+yAAAAAAAAAAAAAAAAAAAA8Af1/P3/QnSyxfv/4+lxtE39jde6P0a6Z/L1a+MXh4bT/d+jbfn/T5O+P98TTrTY9z2///v5XP3W+79v72e3muNr9jsQongwcx7Hg4MhfJ5u/H46OhJXqsu1/96urizO7dkwXljZ+Dd2789EJ93Qv8P4x2O59ru///9ft11N9fNbe3eJvdSy8e9pW+6LD6KO7v8LuXr7EX92Lxv/3iStf2uB0cYEUI//R707x38813634n88hFCI6mMtZGaA+hqmnt5uvUJWNv6HkrTM1Jn+Idvd/z/l4n8x1/5Bzf+r+S8iWsrG/09JWl+mxOHkM4l/vPP9fynX/kHEvz7+Vd//HcnGvxHr0JspkvwlO53/J3Ltt43/4d837htxOs7jUeYKWIsa6e3+Xx1Z2fj3bct//vwXd7T+u5yrv1/Pf81+m89/zen/31Hj+Y/WsvHvb1uu0/t/Mlev2/P/aLL+Y7ey8T+SpGXXzgPJZ6fxn8q13634J08lfc34P59Pfj7cSP/M+q8j2fj/uZEYby2xmnwm679o5/X/lVz7B7H+q49/Ne5ury+LbPyPti1Xj//XHXz/X83V6378Qxiy1t+1bPyPtS2X3P99O8d/Olev2/H/VzcbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgBjKXHgRDFg5nzOB4cDOFCen46HIlmSnPFmUp19t3lEMbT9EI4Gd2pVGdKleL8YnWuXCxVKtXZEC6m+adCX7RcqdaKC6V7lzbb6o/ulktLtZlyqRZCmEjT/x6ONduama8tlO6FEC5v5v0lri7du1taLM7NL706NDQ0FCY3x3AiKr9fKy/WGr03ckOY2qw7EG0ZXJJ9ZXMsR6N3qitLi6VKkn51S51KdbZU2VJnOs37OJyIaksri7OlWrlYqd5p9neQRtPj+OT1t65fHd6WfytqHMf2d1gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/EaPR175JITQ2ziLQwijzR+iVuUfPSmfKz6bfrA+cmZq7eH603blAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgF3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8eoCQRRGIDfTIokXY6Rakm6tBsCISmyQfAEegwPo0fxEt7BwsLWQgTZRV13YRutvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCY71E1/n97j0jxtH+MWE5X6/P8t67zz+77D3eYkdv5+au+Tn+YrvKP+mhT5mO6284m0VEbi9aetPfpss9z71x9+9Y3X9P3JVIuIqKs89eUc1EMewsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgwA4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/AgAA////gRtE")
mknodat(0xffffffffffffff9c, &(0x7f0000000180)='./file7\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = open(&(0x7f0000000040)='./bus\x00', 0x1c1242, 0x0)
ftruncate(r2, 0x2007ffb)
sendfile(0xffffffffffffffff, r2, 0x0, 0x7ffff000)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

12.836724185s ago: executing program 4 (id=5466):
syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000480)={0x1, 0x0, 0x0, &(0x7f0000001740)=""/97, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000400))
r1 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000003700)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/163, 0x0, 0x4000})
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)

10.737796636s ago: executing program 4 (id=5470):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$tipc(0x1e, 0x4, 0x0)
connect$tipc(r1, 0x0, 0x0)
sendmmsg$inet(r1, 0x0, 0x0, 0x81)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'sit0\x00', &(0x7f0000000300)={'syztnl1\x00', 0x0, 0x8, 0x7, 0x6, 0xfffffffc, {{0x1a, 0x4, 0x1, 0x30, 0x68, 0x66, 0x0, 0x5a, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, {[@timestamp={0x44, 0x18, 0xee, 0x0, 0x7, [0x8000, 0x800, 0xb73c, 0x0, 0x4]}, @timestamp_prespec={0x44, 0x2c, 0x36, 0x3, 0xb, [{@remote, 0x25b066fe}, {@multicast2, 0x1}, {@private=0xa010100, 0x2}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xffff}, {@remote, 0xff}]}, @ra={0x94, 0x4}, @rr={0x7, 0xb, 0xe7, [@multicast1, @multicast2]}, @end]}}}}})
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280)=0xffffffffffffffff, 0x4)
socket$kcm(0x10, 0x400000002, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0xc}, 0x8)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$sock(r3, &(0x7f0000000cc0)=[{{&(0x7f0000000100)=@l2tp={0x2, 0x0, @broadcast, 0x3}, 0x80, 0x0}}, {{&(0x7f0000000700)=@in6={0xa, 0x4e20, 0x7, @dev={0xfe, 0x80, '\x00', 0x18}, 0x60}, 0x80, 0x0}}], 0x2, 0x48094)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000000), 0xffffff6a)
sendfile(r3, r4, 0x0, 0xffffffff000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)

9.415133876s ago: executing program 5 (id=5472):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x48808}, 0x20004804)

8.636718138s ago: executing program 7 (id=5473):
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000000)='./file0\x00', 0x280008a, &(0x7f000001c380)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c636f6465706167653d3837342c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e39352c6e6f6e756d7461696c3d302c726f6469722c73686f72746e616d653d77696e6e742c646973636172642c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c636865636b3d72656c617865642c73686f72746e616d653d77696e6e742c73686f72746e616d653d6d697865642c756e695f786c6174653d302c696f636861727365743d69736f383835392d362c73686f72746e616d653d6d697865642c726f6469722c7569643d6e4ad8c43b1100c0344de5741a26aab12236c332332194bd77ef64fb4717db829730779da1ecad20a6cc9fce05bebfe6069c2be726472ef871d8ee192966e4932b15af666d4b1e6276e99d45706129bb5bd87be3c0c495d72155b0f4478eb0e8043c0799390cf1371a63f7eba9c846d0a0d12e041671ac7fc36b3d9ab0da8935c15000f2aadd2023d0122b2172a54dbef3f19d0912c8ec28868e8c957de4682b9578d4a642112b0082c497e263b2f17efe44900d41a04365d3a00ef997ff6464de4a454ca7c273d7a059038c6770931336f89068425b84a8ea1d81cc84a8cc4631c746", @ANYRESHEX=0x0, @ANYRESHEX=0x0], 0x97, 0x2b3, &(0x7f0000000840)="$eJzs3T9rc1UYAPDnpmmSV4dUcBLBC76DU2m7uqRIC8VMSgZ10GJbkCYILRT8g9dOri6Ori6C4OaXcPEbCK6CmwULV25yb5PWNE2Kaf3z+y3vec99nnOfc3pK6ZCn7704OD5I4+j805+j1Uqi1olOXCSxFrWofB7XdL4MAODf7CLP47d8ZJG8JCJayysLAFiihX/+f7/0kgCAJXvzrbdf3+52d95I01bsDr446xW/2Rf/jp5vH8UH0Y/D2Ih2XEbkV0bj3TzPs3paWIung+ysV2QO3v2xXH/714hh/ma0Y204dT1/r7uzmY7E0ydVflbU8Uz5/k6RvxXteH7K+/e6O1tX+Vfvz6LXiFdenqh/Pdrx0/vxYfTjYFjEKD9qEZ9tpulr+Ve/f/JOUV6Rn2RnveYwbixfeeAvDQAAAAAAAAAAAAAAAAAAAAAA/2HrZe+cZgz79xRTZf+dlcviP6uRVib7+2RVf6CkWuhGf6Asj6+r/jwbaZrmZeA4vx4v1KP+OLsGAAAAAAAAAAAAAAAAAACAf5bTjz4+3u/3D0/+lkHVDaD6WP991+lMzLwUs4Ob43fVyuGMlWOlikkiZpZRbGLumv8o2x7c7+ieu63mb7+be51v7t57OVidI+bOwZOZ96e6Xcf7yfQzbEY106ouyQ+TMY2Ys57GbY/yha5fY+qj9sLH0nh2OMhmxEQyq7BXfxmdXDmT3NxFY3iqU9NXy8FE+vWY1vz3ufhO+YtEtw4AAAAAAAAAAAAAAAAAAFiq8Yd+pzw8n5lay5tLKwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHtT47/8vMMjK5DmCG3Fy+shbBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4H/gzwAAAP//6JxfRQ==")
creat(&(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10)

8.271975354s ago: executing program 7 (id=5475):
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
close(r0)
r1 = getpid()
futex(0x0, 0x85, 0x4, 0x0, 0x0, 0xc5fffffd)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
r4 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r4, &(0x7f0000000000), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

8.097556887s ago: executing program 8 (id=5476):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0)
getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x40)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast1}]}}}]}, 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000340)=ANY=[@ANYRES32=r2, @ANYBLOB="132a01bf61a001001c0012800900010069706970000000000c000280"], 0x3c}, 0x1, 0x0, 0x0, 0x40001}, 0x20004000)

7.88053393s ago: executing program 5 (id=5477):
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000000)={0x0, &(0x7f0000000100)})

7.585568334s ago: executing program 8 (id=5478):
syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000480)={0x1, 0x0, 0x0, &(0x7f0000001740)=""/97, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000400))
r1 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000003700)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/163, 0x0, 0x4000})
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)

7.161075321s ago: executing program 5 (id=5479):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
chdir(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f00000006c0)={{0x6, 0xd}, 'port0\x00', 0x47, 0x131452, 0x107, 0x8, 0x80, 0x650, 0x9, 0x0, 0x4, 0x3})
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
poll(&(0x7f0000b2c000)=[{0xffffffffffffffff, 0x300}], 0x2c, 0xffffffffffbffff8)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000240)={0x400, 0x30, 0xf0, 0x0, 0x0, 0x1f, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x40, 0x0, 0x7, 0x0, 0x5, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x5})

5.506192886s ago: executing program 7 (id=5480):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$vhost_msg_v2(r1, &(0x7f0000000640)={0x2, 0x0, {&(0x7f0000000440)=""/232, 0xfffffffffffffea5, 0x0, 0x3, 0x2}}, 0x48)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$tipc(0x1e, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
fanotify_init(0x200, 0x101000)
syz_open_dev$media(&(0x7f0000000b40), 0x2e14, 0x80082)
socket$can_j1939(0x1d, 0x2, 0x7)
syz_io_uring_setup(0x3b1, &(0x7f0000000380)={0x0, 0x0, 0x80, 0x80000e, 0xfffffc}, 0x0, 0x0)
syz_open_dev$video4linux(&(0x7f0000000200), 0xf5d0, 0x1414c0)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x24, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r3, 0x84, 0x16, &(0x7f0000000040)={0x1, [0x2]}, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000340)='./file1\x00', 0x1804810, &(0x7f0000000180)=ANY=[], 0xf6, 0x68f, &(0x7f0000000cc0)="$eJzs3c1vHGcdB/DvbDZrb1qCmyZtQJVqNRIgIhI7lgvmQkAI+RChqhw4W4nTWNmkxXaRWyHq8HrtoX9AOfiCOCFxj1Q4cIFbb8jHSkhceqnhsmhnZ+21vXa8ebGd9vOJxs8z88zzPL/5zc6+KpoAX1izF1O/nyKzF6+tdNbX16Za62tTd3r1JCNJVpN6klqS4rN2u/1RcjUpNocpdpS7fLAw8/rHn65/0l2rV0u5f22/fjtU+63u2Lza2zae5ERVPoJt411/5PGKzcivJrlQlXDkTiZpb/Ozvz+72dKnOaj36KHECDxZRfd1c5ex5FR1oXfeB/ReeWuHG93BjRxwv53vIAAAAOBpc5DPwF/eyEZWitOHEA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8Lqxu3f+/qJZarz6eonf//0a1LVX9eHl5uN3vP6k4AAAAAAAAAOAQvbyRjazkdG+9XZS/+b9Srpwt/z6Tt7OU+SzmUlYyl+UsZzGTScb6BmqszC0vL04eoOeVgT2vPCDQkapsPp7jBgAAAAAAAIDPmV9lduv3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA6K5ES3SHGvb/NYavUko0kanQ2ryT979afZ/aMOAAAAAA7BSLKRlZzurbeLnE3yQvkdwGjezt0sZyHLaWU+N8rvBbqf+mvra1Ot9bWpO51l97jf/89QYZQjpvvdw+CZz5d7NHMzC+WWS7meN9PKjdTKnh3nq3h6o/bFNZrkXiem4nuVA0Z2oyo7R/5+Ve7y3lAHu5chv0wZKzNycjMjE1VsnWw81zszg87QwEMYZqbJ1DaDPbtjpkbyWbsrD5vzU32B/m53wNeGjf/x2ZmJK32Pvhf2y3nH1//yp59OVPWhz8ERO1GV5UlNc3cmpvoy8eJBMnGrdff2rZtLF49bJv7XHrLDRJmJc5vrs/lRfpKLGc9rWcxCfp65LGc+4/lhWZurTn7Rd8nvkamr29Zee1AkjeoR2j1Zw8X0Stn3dBby47yZG5nPq+W/K5nMtzOd6cz0neFz+5/h8qqvDbzqV9P+0sDgL3yjqjST/L4q9zjIQ9aZ8rm+vPY/546Vbf1btrJ05gBZGvK5sf7VqtKZ49dVeTzszMRkXyae35mJ0W1d/1Bec0utu7cXb829dbDpzrxfVTrX0W+T8aN9ImnsqJ/pnKxybfujo9P2/MC2ybLt7GZbbVfbuc227pW6uueV2qjew+0e6UrZ9uLAtqmy7Xxf26D3WwAce6e+earR/HfzH80Pm79p3mpeG/3ByHdGXmrk5F9Pfrc+ceJrtZeKP+fD/HLr8z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDwlt559/ZcqzW/2K00kpSVdrv93vamYSv1aobhu48+VK+tSsb/9Uxn5gFNvduZPcJxDVv5yrPJYc11fCv/bbfb1ZZij33++Ldjk6jqRobtY5G6YSsbjyf4Bz93FNW9HoGn0+XlO29dXnrn3W8t3Jl7Y/6N+bsz09MzEzPTr05dvrnQmp/o/j3qKIEnYetFf9iexXG7gS8AAAAAAAAAAAB8YRzGf0s46mMEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnm6zF1O/nyKTE5cmOuvra1OtztKrb+1ZT1JLUvwiKT5Kmr2Gsb7hir3m+WBh5vWPP13/ZGusem//2n79Dma1WjKe5ES3vPe4xrtelfsq9juEYvMIrya5UJVw5P4fAAD//5HDE9s=")
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1000, 0x1)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080))
writev(r2, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="16000000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec300059191b00867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3)

2.676788579s ago: executing program 8 (id=5481):
prctl$PR_CAP_AMBIENT(0x2f, 0x1, 0x4)
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x11)
ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x3)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x3)
getuid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = shmget$private(0x0, 0x3000, 0x1, &(0x7f0000fef000/0x3000)=nil)
r3 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0xc0c00)
ioctl$IOC_PR_PREEMPT(r3, 0x40046109, &(0x7f0000000040)={0xd2, 0xfffffffffffffffe})
shmat(r2, &(0x7f0000ff7000/0x3000)=nil, 0x400c)
ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x5)
connect$bt_rfcomm(r0, &(0x7f00000001c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xa)
landlock_restrict_self(0xffffffffffffffff, 0x1)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)

2.282154805s ago: executing program 7 (id=5482):
bpf$PROG_BIND_MAP(0x23, &(0x7f00000000c0), 0xc)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB="f0000000100013070000000000000000ffffffff000000000000000000000000000000000000000000000000000000010004000000000000000000202c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe80"], 0xf0}, 0x1, 0xe}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

2.012454759s ago: executing program 5 (id=5483):
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x48100)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000040)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042"})
ioctl$SW_SYNC_IOC_INC(r1, 0x40045701, &(0x7f0000000e00)=0x4)

1.773422292s ago: executing program 8 (id=5484):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x48808}, 0x20004804)

1.589217535s ago: executing program 7 (id=5485):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0)
getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x40)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast1}]}}}]}, 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000340)=ANY=[@ANYRES32=r2, @ANYBLOB="132a01bf61a001001c0012800900010069706970000000000c000280"], 0x3c}, 0x1, 0x0, 0x0, 0x40001}, 0x20004000)

1.361657499s ago: executing program 7 (id=5486):
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101)
r1 = openat$cgroup_ro(r0, &(0x7f00000002c0)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021501700001e0a05010000000000000000070000000900020073797a31000000000900010073797a300000000024170380300000802c000180250001007bb0c03ce8ed22d039cce454fd98ae614b08a9f3d4ddf1f742d55995afac076948000000f01600800c00054000000000000000000c00054000000000000000000c00044000000000000000000c00044000000000000000000600064019d20000ac0201802800028008000340000000000900020073797a3100000000080003400000000008000180"], 0x17d4}}, 0x0)
pipe2(&(0x7f0000000040)={<r3=>0xffffffffffffffff}, 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYRES16=r0, @ANYRES8, @ANYRES16=r1, @ANYRES16=r3], 0x0)

1.156386882s ago: executing program 8 (id=5487):
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
close(r0)
r1 = getpid()
futex(0x0, 0x85, 0x4, 0x0, 0x0, 0xc5fffffd)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
r4 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r4, &(0x7f0000000000), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

111.945718ms ago: executing program 5 (id=5488):
syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000480)={0x1, 0x0, 0x0, &(0x7f0000001740)=""/97, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000400))
r1 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000003700)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/163, 0x0, 0x4000})
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)

0s ago: executing program 8 (id=5489):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @bcast, @bpq0, 0x1, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
socket$caif_seqpacket(0x25, 0x5, 0x0)
connect$rose(r3, &(0x7f00000000c0)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, 0x5, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @null]}, 0x40)

kernel console output (not intermixed with test programs):

aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1451.739627][T21474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1451.744694][T21599] loop4: detected capacity change from 0 to 256
[ 1451.753818][T21474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1451.767222][T21474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1451.783948][T21474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1451.795248][T21474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1451.805616][T21474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1451.835050][T21474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1451.887813][T21474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1451.925902][T21474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1451.936191][T18950] usb 8-1: new high-speed USB device number 50 using dummy_hcd
[ 1451.958259][T21474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1451.987078][T21474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1452.012369][T21474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1452.023254][T21474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1452.037156][T21474] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1452.061392][T21474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1452.110956][T21474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1452.136651][T21474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1452.147734][T21474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1452.158872][T18950] usb 8-1: Using ep0 maxpacket: 32
[ 1452.165038][T21474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1452.176515][T21474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1452.187732][T18950] usb 8-1: config 2 has an invalid interface number: 66 but max is 0
[ 1452.195965][T21474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1452.206640][T18950] usb 8-1: config 2 has no interface number 0
[ 1452.208809][T21474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1452.213025][T18950] usb 8-1: config 2 interface 66 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7
[ 1452.230945][T21474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1452.237053][T18950] usb 8-1: New USB device found, idVendor=046d, idProduct=08c6, bcdDevice= b.5d
[ 1452.245781][T21474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1452.264453][T18950] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1452.267098][T21474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1452.284789][T21474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1452.293506][T18950] usb 8-1: Product: syz
[ 1452.295253][T21474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1452.304430][T18950] usb 8-1: Manufacturer: syz
[ 1452.310471][T21474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1452.324901][T21474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1452.325994][T18950] usb 8-1: SerialNumber: syz
[ 1452.336004][T21474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1452.387275][T21474] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1452.413555][T21474] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1452.424578][T18950] usb 8-1: Found UVC 0.00 device syz (046d:08c6)
[ 1452.433312][T21474] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1452.437344][T18950] usb 8-1: No valid video chain found.
[ 1452.453169][T21474] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1452.469139][T21474] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1452.692698][T18950] usb 8-1: USB disconnect, device number 50
[ 1452.741140][ T1097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1452.764972][ T1097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1452.838946][T19117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1452.858336][T19117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1453.577760][T21629] random: crng reseeded on system resumption
[ 1458.554700][T21683] random: crng reseeded on system resumption
[ 1458.905952][T21690] loop8: detected capacity change from 0 to 1024
[ 1458.918198][T21690] EXT4-fs: Ignoring removed bh option
[ 1458.923877][T21690] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1459.044701][T21690] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1459.312966][T21474] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1462.173191][T21737] random: crng reseeded on system resumption
[ 1464.758343][T18074] usb 8-1: new high-speed USB device number 51 using dummy_hcd
[ 1464.980130][T18074] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[ 1464.997633][T18074] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1465.027100][T18074] usb 8-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00
[ 1465.042018][T18074] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1465.060690][T18074] usb 8-1: config 0 descriptor??
[ 1465.160827][T19129] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1466.188841][T18074] usbhid 8-1:0.0: can't add hid device: -71
[ 1466.194953][T18074] usbhid: probe of 8-1:0.0 failed with error -71
[ 1466.408789][T18074] usb 8-1: USB disconnect, device number 51
[ 1466.620173][T19129] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1466.713210][T19129] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1466.903165][T21789] random: crng reseeded on system resumption
[ 1467.570493][T19129] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1467.880173][T21800] loop7: detected capacity change from 0 to 2048
[ 1467.933892][T21800] NILFS (loop7): invalid segment: Magic number mismatch
[ 1467.959803][T21800] NILFS (loop7): trying rollback from an earlier position
[ 1468.720422][T21800] NILFS (loop7): recovery complete
[ 1468.732175][T21806] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1468.916002][   T28] audit: type=1800 audit(1750338644.842:313): pid=21800 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.4221" name="bus" dev="loop7" ino=12 res=0 errno=0
[ 1468.989966][   T28] audit: type=1800 audit(1750338644.872:314): pid=21800 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.4221" name="bus" dev="loop7" ino=12 res=0 errno=0
[ 1471.044974][T21831] loop5: detected capacity change from 0 to 32768
[ 1471.101241][T21831] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[ 1471.160616][T21836] random: crng reseeded on system resumption
[ 1471.209395][T19127] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1471.253397][T21831] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[ 1472.168486][T17946] ocfs2: Unmounting device (7,5) on (node local)
[ 1473.948460][T21862] futex_wake_op: syz.8.4238 tries to shift op by -1; fix this program
[ 1474.121878][T21869] loop5: detected capacity change from 0 to 128
[ 1474.217972][T21869] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[ 1474.858649][T21869] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1475.580074][T21869] ext2 filesystem being mounted at /297/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[ 1476.156585][T17946] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1476.367777][T18950] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[ 1476.567813][T18950] usb 5-1: Using ep0 maxpacket: 32
[ 1476.576017][T18950] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[ 1476.598274][T18950] usb 5-1: config 0 has no interface number 0
[ 1476.604472][T18950] usb 5-1: config 0 interface 184 has no altsetting 0
[ 1476.636620][T18950] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1476.651664][T18950] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1476.674965][T18950] usb 5-1: Product: syz
[ 1476.687614][T18950] usb 5-1: Manufacturer: syz
[ 1476.704377][T18950] usb 5-1: SerialNumber: syz
[ 1476.767046][T19129] hsr_slave_0: left promiscuous mode
[ 1476.767123][T18950] usb 5-1: config 0 descriptor??
[ 1476.790907][T18950] smsc75xx v1.0.0
[ 1476.799947][T19129] hsr_slave_1: left promiscuous mode
[ 1476.824193][T19129] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1476.848386][T19129] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1476.869710][T19129] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1476.885010][T19129] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1476.906845][T19129] bridge_slave_1: left allmulticast mode
[ 1477.560806][T19129] bridge_slave_1: left promiscuous mode
[ 1477.748034][T19129] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1477.852150][T19129] bridge_slave_0: left allmulticast mode
[ 1477.883863][T19129] bridge_slave_0: left promiscuous mode
[ 1477.897869][T19129] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1477.910770][T21910] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4246'.
[ 1478.003643][T19129] veth1_macvtap: left promiscuous mode
[ 1478.018747][T19129] veth0_macvtap: left promiscuous mode
[ 1478.024603][T19129] veth1_vlan: left promiscuous mode
[ 1478.037967][T19129] veth0_vlan: left promiscuous mode
[ 1478.164625][T18950] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -61
[ 1478.187208][T18950] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1478.198633][T18074] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[ 1478.421004][T18074] usb 9-1: Using ep0 maxpacket: 16
[ 1478.452040][T18074] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1478.542582][T18074] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1478.566829][T18950] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[ 1478.579765][T18950] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[ 1478.589950][T18950] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[ 1478.600506][T18950] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[ 1478.636370][T18074] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1478.647990][T18074] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1478.650220][T18950] smsc75xx: probe of 5-1:0.184 failed with error -32
[ 1478.656096][T18074] usb 9-1: Product: syz
[ 1479.654776][T18074] usb 9-1: Manufacturer: syz
[ 1479.659831][T18074] usb 9-1: SerialNumber: syz
[ 1479.737287][T18950] usb 5-1: USB disconnect, device number 67
[ 1479.891435][T18074] usb 9-1: 0:2 : does not exist
[ 1479.958372][T18074] usb 9-1: 5:0: failed to get current value for ch 0 (-22)
[ 1480.036486][T18074] usb 9-1: USB disconnect, device number 2
[ 1481.035873][ T7847] udevd[7847]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1484.469256][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.475623][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[ 1484.977676][T19129] team0 (unregistering): Port device team_slave_1 removed
[ 1485.074753][T21981] loop8: detected capacity change from 0 to 1024
[ 1485.094172][T19129] team0 (unregistering): Port device team_slave_0 removed
[ 1485.145333][T21981] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1485.202172][T21474] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1485.275567][T19129] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1485.405113][T19129] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1485.589473][    T8] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[ 1485.783142][    T8] usb 9-1: Using ep0 maxpacket: 16
[ 1485.815371][    T8] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1485.827380][    T8] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1485.839906][    T8] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1485.850757][    T8] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1485.859185][    T8] usb 9-1: Product: syz
[ 1485.863410][    T8] usb 9-1: Manufacturer: syz
[ 1485.868371][    T8] usb 9-1: SerialNumber: syz
[ 1486.095570][    T8] usb 9-1: 0:2 : does not exist
[ 1486.105278][    T8] usb 9-1: 5:0: failed to get current value for ch 0 (-22)
[ 1486.173687][    T8] usb 9-1: USB disconnect, device number 3
[ 1486.232459][ T7847] udevd[7847]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1486.498953][T19129] bond0 (unregistering): Released all slaves
[ 1487.820730][T19129] IPVS: stop unused estimator thread 0...
[ 1492.626954][T22066] loop7: detected capacity change from 0 to 32768
[ 1492.644138][T22066] ocfs2: Slot 0 on device (7,7) was already allocated to this node!
[ 1492.662544][T22066] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[ 1494.323744][T18349] ocfs2: Unmounting device (7,7) on (node local)
[ 1497.174115][T22132] loop7: detected capacity change from 0 to 1024
[ 1497.225879][T22132] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1499.188398][T18349] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1500.009263][T22155] loop5: detected capacity change from 0 to 32768
[ 1500.050193][T22155] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[ 1500.192908][T22155] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[ 1502.031080][T17946] ocfs2: Unmounting device (7,5) on (node local)
[ 1504.303270][   T62] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1505.351614][T22231] loop7: detected capacity change from 0 to 2048
[ 1505.418664][T22231] EXT4-fs: Ignoring removed bh option
[ 1505.531428][T22231] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1505.596427][T22231] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 1505.614360][   T28] audit: type=1800 audit(1750338681.522:315): pid=22231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.4330" name="file1" dev="loop7" ino=15 res=0 errno=0
[ 1505.661870][T22231] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[ 1505.674627][T22231] EXT4-fs (loop7): This should not happen!! Data will be lost
[ 1505.674627][T22231] 
[ 1505.684817][T22231] EXT4-fs (loop7): Total free blocks count 0
[ 1505.691106][T22231] EXT4-fs (loop7): Free/Dirty block details
[ 1505.697380][T22231] EXT4-fs (loop7): free_blocks=2415919104
[ 1505.713167][T22231] EXT4-fs (loop7): dirty_blocks=16
[ 1505.735906][T22231] EXT4-fs (loop7): Block reservation details
[ 1505.746022][T22231] EXT4-fs (loop7): i_reserved_data_blocks=1
[ 1505.795065][T22231] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28
[ 1506.658147][ T5827] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[ 1506.871671][ T5827] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11
[ 1506.902543][ T5827] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1506.946626][ T5827] usb 6-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00
[ 1506.999007][ T5827] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1507.053008][ T5827] usb 6-1: config 0 descriptor??
[ 1507.310612][T22266] loop7: detected capacity change from 0 to 1024
[ 1507.341908][T22266] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1508.012243][ T5827] usbhid 6-1:0.0: can't add hid device: -71
[ 1508.037881][ T5827] usbhid: probe of 6-1:0.0 failed with error -71
[ 1508.056110][ T5827] usb 6-1: USB disconnect, device number 44
[ 1508.190573][T18349] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1508.222309][T22257] loop8: detected capacity change from 0 to 32768
[ 1510.232262][T22313] overlayfs: missing 'workdir'
[ 1511.388395][    T8] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[ 1511.602003][    T8] usb 5-1: Using ep0 maxpacket: 8
[ 1511.623992][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1511.666849][    T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1511.727799][    T8] usb 5-1: New USB device found, idVendor=046d, idProduct=0a87, bcdDevice= 0.00
[ 1511.809856][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1511.851846][    T8] usb 5-1: config 0 descriptor??
[ 1512.058052][T22336] 9pnet_virtio: no channels available for device syz
[ 1513.706114][    T8] logitech-hidpp-device 0003:046D:0A87.000B: unknown main item tag 0x0
[ 1513.747915][    T8] logitech-hidpp-device 0003:046D:0A87.000B: unknown main item tag 0x0
[ 1513.780780][    T8] logitech-hidpp-device 0003:046D:0A87.000B: collection stack underflow
[ 1513.803176][    T8] logitech-hidpp-device 0003:046D:0A87.000B: item 0 0 0 12 parsing failed
[ 1513.838616][    T8] logitech-hidpp-device 0003:046D:0A87.000B: hidpp_probe:parse failed
[ 1513.859145][    T8] logitech-hidpp-device: probe of 0003:046D:0A87.000B failed with error -22
[ 1513.940681][    T8] usb 5-1: USB disconnect, device number 68
[ 1515.952165][T22379] futex_wake_op: syz.4.4363 tries to shift op by -1; fix this program
[ 1517.297879][T18950] usb 8-1: new high-speed USB device number 52 using dummy_hcd
[ 1517.497939][T18950] usb 8-1: Using ep0 maxpacket: 8
[ 1517.516734][T18950] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1517.528693][T18950] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1517.542994][T18950] usb 8-1: New USB device found, idVendor=046d, idProduct=0a87, bcdDevice= 0.00
[ 1517.557910][T18950] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1517.621740][T18950] usb 8-1: config 0 descriptor??
[ 1517.814365][T22392] loop4: detected capacity change from 0 to 2048
[ 1517.914825][T22392] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1518.052908][T18950] logitech-hidpp-device 0003:046D:0A87.000C: unknown main item tag 0x0
[ 1518.299373][T18950] logitech-hidpp-device 0003:046D:0A87.000C: unknown main item tag 0x0
[ 1518.311604][T18950] logitech-hidpp-device 0003:046D:0A87.000C: collection stack underflow
[ 1519.308362][T18950] logitech-hidpp-device 0003:046D:0A87.000C: item 0 0 0 12 parsing failed
[ 1519.368230][T18950] logitech-hidpp-device 0003:046D:0A87.000C: hidpp_probe:parse failed
[ 1519.408336][T18950] logitech-hidpp-device: probe of 0003:046D:0A87.000C failed with error -22
[ 1519.464878][T18950] usb 8-1: USB disconnect, device number 52
[ 1519.968377][T22428] futex_wake_op: syz.5.4375 tries to shift op by -1; fix this program
[ 1521.326080][T22443] loop8: detected capacity change from 0 to 2048
[ 1521.364822][T22443] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1522.348262][T22464] futex_wake_op: syz.4.4386 tries to shift op by -1; fix this program
[ 1523.860369][T22486] loop5: detected capacity change from 0 to 2048
[ 1524.260103][T22486] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1525.320999][T22506] netlink: 44 bytes leftover after parsing attributes in process `syz.7.4397'.
[ 1525.349917][T22507] futex_wake_op: syz.5.4398 tries to shift op by -1; fix this program
[ 1528.409545][T22552] futex_wake_op: syz.5.4411 tries to shift op by -1; fix this program
[ 1530.516916][T22573] autofs4:pid:22573:autofs_fill_super: called with bogus options
[ 1530.643186][T22580] loop8: detected capacity change from 0 to 2048
[ 1530.682662][T22580] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1531.075622][T22590] futex_wake_op: syz.8.4423 tries to shift op by -1; fix this program
[ 1533.121604][T22611] autofs4:pid:22611:autofs_fill_super: called with bogus options
[ 1533.168177][T22608] loop8: detected capacity change from 0 to 2048
[ 1533.189199][T22608] EXT4-fs: Ignoring removed bh option
[ 1533.238407][T22608] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1533.327064][T22608] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 1533.344534][   T28] audit: type=1800 audit(1750338709.252:316): pid=22608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.4427" name="file1" dev="loop8" ino=15 res=0 errno=0
[ 1533.426058][T22608] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[ 1533.449320][T22608] EXT4-fs (loop8): This should not happen!! Data will be lost
[ 1533.449320][T22608] 
[ 1533.477691][T22608] EXT4-fs (loop8): Total free blocks count 0
[ 1533.488194][T22624] loop7: detected capacity change from 0 to 512
[ 1533.495297][T22608] EXT4-fs (loop8): Free/Dirty block details
[ 1533.508301][T22608] EXT4-fs (loop8): free_blocks=2415919104
[ 1533.514182][T22608] EXT4-fs (loop8): dirty_blocks=16
[ 1533.530464][T22624] EXT4-fs (loop7): can't mount with commit=3, fs mounted w/o journal
[ 1533.576197][T22608] EXT4-fs (loop8): Block reservation details
[ 1533.607314][T22608] EXT4-fs (loop8): i_reserved_data_blocks=1
[ 1533.786478][T21474] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1535.530611][T19121] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1535.719996][T22645] futex_wake_op: syz.7.4437 tries to shift op by -1; fix this program
[ 1535.802763][T22649] autofs4:pid:22649:autofs_fill_super: called with bogus options
[ 1539.999715][T22703] futex_wake_op: syz.7.4452 tries to shift op by -1; fix this program
[ 1540.264439][T22709] loop8: detected capacity change from 0 to 1024
[ 1541.037260][T22709] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1542.823311][T21474] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1544.806588][T22740] loop4: detected capacity change from 0 to 32768
[ 1545.012675][T22740] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.4462 (22740)
[ 1545.520015][T22740] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1545.584023][T22740] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[ 1545.608150][T22740] BTRFS info (device loop4): enabling auto defrag
[ 1545.628078][T22740] BTRFS info (device loop4): use no compression
[ 1545.634421][T22740] BTRFS info (device loop4): force clearing of disk cache
[ 1545.658184][T18074] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[ 1545.706184][T22740] BTRFS info (device loop4): turning on async discard
[ 1545.745736][T22740] BTRFS info (device loop4): max_inline at 5
[ 1545.784700][T22740] BTRFS info (device loop4): force zlib compression, level 3
[ 1545.817649][T22740] BTRFS info (device loop4): using free space tree
[ 1545.872924][T18074] usb 9-1: Using ep0 maxpacket: 16
[ 1545.879728][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[ 1545.887792][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[ 1545.928067][T22740] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[ 1545.928871][T22740] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[ 1545.966862][T18074] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1545.995889][T22740] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[ 1545.996534][T22740] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[ 1546.008878][T22740] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[ 1546.020439][T22740] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[ 1546.032264][T22740] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[ 1546.054763][T22740] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[ 1546.055136][T18074] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1546.066806][T22740] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[ 1546.107963][T18074] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1546.162419][T22740] BTRFS error (device loop4): open_ctree failed: -12
[ 1546.214453][T18074] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1546.272429][T18074] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1546.334627][T18074] usb 9-1: config 0 descriptor??
[ 1546.482632][T22810] loop4: detected capacity change from 0 to 2048
[ 1546.528026][T22810] EXT4-fs: Ignoring removed bh option
[ 1546.647336][T22810] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1546.776296][   T28] audit: type=1800 audit(1750338722.702:317): pid=22810 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4475" name="file1" dev="loop4" ino=15 res=0 errno=0
[ 1546.834762][T22810] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 1546.850877][T18074] shield 0003:0955:7214.000D: unknown main item tag 0x0
[ 1546.866533][T18074] shield 0003:0955:7214.000D: unknown main item tag 0x0
[ 1546.868189][T22810] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[ 1546.886657][T18074] shield 0003:0955:7214.000D: unknown main item tag 0x0
[ 1546.886697][T18074] shield 0003:0955:7214.000D: unknown main item tag 0x0
[ 1546.886724][T18074] shield 0003:0955:7214.000D: unknown main item tag 0x0
[ 1546.902705][T18074] input: HID 0955:7214 Haptics as /devices/virtual/input/input30
[ 1546.944497][T22810] EXT4-fs (loop4): This should not happen!! Data will be lost
[ 1546.944497][T22810] 
[ 1546.984480][T22810] EXT4-fs (loop4): Total free blocks count 0
[ 1547.008925][T22765] random: crng reseeded on system resumption
[ 1547.020010][T22810] EXT4-fs (loop4): Free/Dirty block details
[ 1547.051717][T22810] EXT4-fs (loop4): free_blocks=2415919104
[ 1547.093319][T22810] EXT4-fs (loop4): dirty_blocks=16
[ 1547.102789][T22810] EXT4-fs (loop4): Block reservation details
[ 1547.136000][T22810] EXT4-fs (loop4): i_reserved_data_blocks=1
[ 1547.197143][T18074] shield 0003:0955:7214.000D: Registered Thunderstrike controller
[ 1547.261191][T18074] shield 0003:0955:7214.000D: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.8-1/input0
[ 1547.288681][T22810] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28
[ 1548.063391][T22833] loop5: detected capacity change from 0 to 32768
[ 1548.093375][T22833] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[ 1548.133002][T22833] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[ 1549.351939][T15556] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -ESHUTDOWN
[ 1549.453416][T15556] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[ 1549.530375][T15556] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -EPIPE
[ 1549.549717][T15556] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -EPIPE
[ 1549.589142][T18074] usb 9-1: reset high-speed USB device number 4 using dummy_hcd
[ 1550.037722][T18074] usb 9-1: device descriptor read/64, error -32
[ 1550.321866][T17946] ocfs2: Unmounting device (7,5) on (node local)
[ 1551.197227][    T8] usb 9-1: USB disconnect, device number 4
[ 1551.649009][T22877] futex_wake_op: syz.7.4487 tries to shift op by -1; fix this program
[ 1553.094907][T17773] Bluetooth: hci2: unexpected event for opcode 0x2041
[ 1553.268689][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888064609400: rx timeout, send abort
[ 1553.537930][ T5806] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[ 1553.768237][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888064609800: rx timeout, send abort
[ 1553.777330][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888064609400: abort rx timeout. Force session deactivation
[ 1553.799219][ T5806] usb 9-1: Using ep0 maxpacket: 8
[ 1553.864965][ T5806] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[ 1553.877620][ T5806] usb 9-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 1553.894592][ T5806] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1553.905247][ T5806] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1553.916391][ T5806] usb 9-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1553.931135][ T5806] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1553.946838][ T5806] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1554.010535][ T5806] usbtmc 9-1:16.0: bulk endpoints not found
[ 1554.179530][T22875] loop5: detected capacity change from 0 to 32768
[ 1554.200758][T22875] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.4483 (22875)
[ 1554.276662][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888064609800: abort rx timeout. Force session deactivation
[ 1554.327015][T22875] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1554.359087][T22875] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[ 1554.374808][T22875] BTRFS info (device loop5): enabling auto defrag
[ 1554.382211][T22875] BTRFS info (device loop5): use no compression
[ 1554.391218][T22875] BTRFS info (device loop5): force clearing of disk cache
[ 1554.399741][T22875] BTRFS info (device loop5): turning on async discard
[ 1554.406756][T22875] BTRFS info (device loop5): max_inline at 5
[ 1554.415274][T22875] BTRFS info (device loop5): force zlib compression, level 3
[ 1554.423635][T22875] BTRFS info (device loop5): using free space tree
[ 1554.517171][T22875] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[ 1554.546581][T22875] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[ 1554.619157][T22875] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[ 1554.700017][T22875] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[ 1554.744118][T22875] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[ 1554.883651][T22875] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[ 1554.992070][T22875] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[ 1555.242753][T22875] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[ 1555.545624][T22875] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[ 1555.633108][T22875] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[ 1555.673632][T22875] BTRFS error (device loop5): open_ctree failed: -12
[ 1555.905418][ T7847] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by udevd (7847)
[ 1556.007217][T22943] futex_wake_op: syz.5.4501 tries to shift op by -1; fix this program
[ 1556.376553][T18950] usb 9-1: USB disconnect, device number 5
[ 1556.710374][    C1] vxcan1: j1939_tp_rxtimer: 0xffff88802f6d6000: rx timeout, send abort
[ 1557.210535][    C1] vxcan1: j1939_tp_rxtimer: 0xffff88802f6d5c00: rx timeout, send abort
[ 1557.219763][    C1] vxcan1: j1939_tp_rxtimer: 0xffff88802f6d6000: abort rx timeout. Force session deactivation
[ 1557.719012][    C1] vxcan1: j1939_tp_rxtimer: 0xffff88802f6d5c00: abort rx timeout. Force session deactivation
[ 1560.850888][T22995] futex_wake_op: syz.4.4512 tries to shift op by -1; fix this program
[ 1560.971962][T22992] loop7: detected capacity change from 0 to 2048
[ 1562.029141][T23005] loop8: detected capacity change from 0 to 2048
[ 1562.048569][T23004] syzkaller1: entered promiscuous mode
[ 1562.054106][T23004] syzkaller1: entered allmulticast mode
[ 1562.097779][T23005] NILFS (loop8): invalid segment: Magic number mismatch
[ 1562.122574][T23005] NILFS (loop8): trying rollback from an earlier position
[ 1562.203758][T23005] NILFS (loop8): recovery complete
[ 1562.249065][T23012] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1562.503118][   T28] audit: type=1800 audit(1750338738.432:318): pid=23005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.4515" name="bus" dev="loop8" ino=12 res=0 errno=0
[ 1564.709478][T23039] futex_wake_op: syz.5.4524 tries to shift op by -1; fix this program
[ 1565.830190][T23049] loop7: detected capacity change from 0 to 2048
[ 1566.129040][T23049] NILFS (loop7): invalid segment: Magic number mismatch
[ 1566.278788][T23049] NILFS (loop7): trying rollback from an earlier position
[ 1566.745307][T23049] NILFS (loop7): recovery complete
[ 1566.760456][T19117] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1566.806565][T23061] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1566.868020][   T28] audit: type=1800 audit(1750338742.772:319): pid=23049 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.4527" name="bus" dev="loop7" ino=12 res=0 errno=0
[ 1566.935500][   T28] audit: type=1800 audit(1750338742.772:320): pid=23049 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.4527" name="bus" dev="loop7" ino=12 res=0 errno=0
[ 1568.219944][T23081] futex_wake_op: syz.8.4536 tries to shift op by -1; fix this program
[ 1570.506769][T23112] loop4: detected capacity change from 0 to 2048
[ 1570.588704][T23112] NILFS (loop4): invalid segment: Magic number mismatch
[ 1570.624754][T23112] NILFS (loop4): trying rollback from an earlier position
[ 1571.130467][T23112] NILFS (loop4): recovery complete
[ 1571.538363][T23118] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1571.747972][   T28] audit: type=1800 audit(1750338747.672:321): pid=23112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4544" name="bus" dev="loop4" ino=12 res=0 errno=0
[ 1572.366202][T23136] netlink: 5128 bytes leftover after parsing attributes in process `syz.7.4550'.
[ 1572.441435][T23136] netlink: 584 bytes leftover after parsing attributes in process `syz.7.4550'.
[ 1572.790268][T18254] usb 8-1: new high-speed USB device number 53 using dummy_hcd
[ 1573.014332][T18254] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1573.077042][T18254] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1573.305899][T18254] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1573.327831][T18254] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1573.336003][T18254] usb 8-1: SerialNumber: syz
[ 1573.944932][T18254] usb 8-1: 0:2 : does not exist
[ 1573.951724][T18254] usb 8-1: unit 255 not found!
[ 1573.964527][T18254] usb 8-1: 5:0: cannot get min/max values for control 2 (id 5)
[ 1574.032235][T18254] usb 8-1: USB disconnect, device number 53
[ 1574.144538][ T7847] udevd[7847]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1574.461373][T23165] loop4: detected capacity change from 0 to 2048
[ 1574.619256][T23165] NILFS (loop4): invalid segment: Magic number mismatch
[ 1574.648485][T23165] NILFS (loop4): trying rollback from an earlier position
[ 1575.229013][T23165] NILFS (loop4): recovery complete
[ 1575.251252][T23183] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1575.337470][   T28] audit: type=1800 audit(1750338751.262:322): pid=23165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4557" name="bus" dev="loop4" ino=12 res=0 errno=0
[ 1575.404316][   T28] audit: type=1800 audit(1750338751.312:323): pid=23165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4557" name="bus" dev="loop4" ino=12 res=0 errno=0
[ 1575.721498][T23188] 9pnet_virtio: no channels available for device syz
[ 1575.909131][    T8] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[ 1576.957735][    T8] usb 9-1: device descriptor read/64, error -71
[ 1578.248256][    T8] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[ 1578.523717][    T8] usb 9-1: device descriptor read/64, error -71
[ 1578.658089][    T8] usb usb9-port1: attempt power cycle
[ 1578.775820][T23219] 9pnet_virtio: no channels available for device syz
[ 1581.491724][T23258] loop4: detected capacity change from 0 to 2048
[ 1581.711911][    T8] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[ 1581.908775][    T8] usb 9-1: device descriptor read/64, error -71
[ 1582.132412][T23274] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1582.177651][    T8] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[ 1582.357708][    T8] usb 9-1: device descriptor read/64, error -71
[ 1582.512911][    T8] usb usb9-port1: attempt power cycle
[ 1583.643522][T23298] loop5: detected capacity change from 0 to 2048
[ 1583.722485][T23298] NILFS (loop5): invalid segment: Magic number mismatch
[ 1583.747831][T23298] NILFS (loop5): trying rollback from an earlier position
[ 1583.792250][    T8] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[ 1583.859860][T23298] NILFS (loop5): recovery complete
[ 1583.895042][    T8] usb 9-1: device descriptor read/8, error -71
[ 1583.917862][T23302] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1584.158563][   T28] audit: type=1800 audit(1750338760.092:324): pid=23298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.4594" name="bus" dev="loop5" ino=12 res=0 errno=0
[ 1584.255699][    T8] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[ 1584.324644][    T8] usb 9-1: device descriptor read/8, error -71
[ 1584.498420][    T8] usb usb9-port1: unable to enumerate USB device
[ 1584.523785][T23310] loop5: detected capacity change from 0 to 1024
[ 1584.562563][T23310] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1584.943846][T23324] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4601'.
[ 1585.888639][T17946] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1586.131327][T23336] loop4: detected capacity change from 0 to 2048
[ 1586.167361][T23336] NILFS (loop4): invalid segment: Magic number mismatch
[ 1586.202161][T23336] NILFS (loop4): trying rollback from an earlier position
[ 1586.246130][T23336] NILFS (loop4): recovery complete
[ 1586.281466][T23343] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1586.477741][T18254] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[ 1586.666511][T18254] usb 9-1: device descriptor read/64, error -71
[ 1586.947728][T18254] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[ 1587.147706][T18254] usb 9-1: device descriptor read/64, error -71
[ 1587.268588][T18254] usb usb9-port1: attempt power cycle
[ 1587.440693][T23366] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4613'.
[ 1587.471697][T23370] loop5: detected capacity change from 0 to 1024
[ 1587.541182][T23370] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1587.697992][T18254] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[ 1587.750855][T18254] usb 9-1: device descriptor read/8, error -71
[ 1588.070505][T18254] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[ 1588.110132][T18254] usb 9-1: device descriptor read/8, error -71
[ 1588.238874][T18254] usb usb9-port1: unable to enumerate USB device
[ 1588.346605][T17946] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1588.591032][T23386] loop5: detected capacity change from 0 to 2048
[ 1588.653177][    C1] vxcan1: j1939_tp_rxtimer: 0xffff88806501dc00: rx timeout, send abort
[ 1588.660072][T23386] NILFS (loop5): invalid segment: Magic number mismatch
[ 1588.677713][T23386] NILFS (loop5): trying rollback from an earlier position
[ 1588.758302][T23386] NILFS (loop5): recovery complete
[ 1588.774512][T23391] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1589.153316][    C1] vxcan1: j1939_tp_rxtimer: 0xffff88806501ec00: rx timeout, send abort
[ 1589.161868][    C1] vxcan1: j1939_tp_rxtimer: 0xffff88806501dc00: abort rx timeout. Force session deactivation
[ 1589.333370][T23404] loop5: detected capacity change from 0 to 2048
[ 1589.407150][T23407] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4623'.
[ 1589.661761][    C1] vxcan1: j1939_tp_rxtimer: 0xffff88806501ec00: abort rx timeout. Force session deactivation
[ 1589.759674][T23414] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1590.921498][    C1] vxcan1: j1939_tp_rxtimer: 0xffff88805e5ed000: rx timeout, send abort
[ 1591.027888][   T27] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[ 1591.089724][T23431] loop7: detected capacity change from 0 to 32768
[ 1591.123835][T23431] ocfs2: Slot 0 on device (7,7) was already allocated to this node!
[ 1591.148540][T23431] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[ 1591.156031][T23439] futex_wake_op: syz.4.4636 tries to shift op by -1; fix this program
[ 1591.360772][   T27] usb 6-1: Using ep0 maxpacket: 16
[ 1591.379921][   T27] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1591.421645][    C1] vxcan1: j1939_tp_rxtimer: 0xffff8880426f6800: rx timeout, send abort
[ 1591.430763][    C1] vxcan1: j1939_tp_rxtimer: 0xffff88805e5ed000: abort rx timeout. Force session deactivation
[ 1591.450697][   T27] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1591.561750][   T27] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1591.651432][   T27] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1591.717494][   T27] usb 6-1: Product: syz
[ 1591.759880][   T27] usb 6-1: Manufacturer: syz
[ 1591.791642][   T27] usb 6-1: SerialNumber: syz
[ 1591.930421][    C1] vxcan1: j1939_tp_rxtimer: 0xffff8880426f6800: abort rx timeout. Force session deactivation
[ 1593.075479][   T27] usb 6-1: 0:2 : does not exist
[ 1593.124228][   T27] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[ 1593.251713][   T27] usb 6-1: USB disconnect, device number 45
[ 1593.644801][ T7847] udevd[7847]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1593.848026][T18349] ocfs2: Unmounting device (7,7) on (node local)
[ 1594.367368][T23463] loop7: detected capacity change from 0 to 2048
[ 1594.385951][T23464] futex_wake_op: syz.8.4645 tries to shift op by -1; fix this program
[ 1594.461230][T23466] loop5: detected capacity change from 0 to 512
[ 1594.515428][T23466] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1594.596967][T23466] EXT4-fs (loop5): revision level too high, forcing read-only mode
[ 1594.632368][T23466] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01d, mo2=0102]
[ 1594.659220][T23466] EXT4-fs (loop5): couldn't mount RDWR because of unsupported optional features (80)
[ 1594.677401][T23466] EXT4-fs (loop5): Skipping orphan cleanup due to unknown ROCOMPAT features
[ 1594.728822][T23466] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[ 1594.909692][T17946] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1596.563526][T23494] futex_wake_op: syz.5.4656 tries to shift op by -1; fix this program
[ 1596.924308][T23496] loop4: detected capacity change from 0 to 2048
[ 1597.259461][T23507] loop4: detected capacity change from 0 to 512
[ 1597.288935][T23507] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1597.418244][T23507] EXT4-fs (loop4): revision level too high, forcing read-only mode
[ 1597.426262][T23507] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01d, mo2=0102]
[ 1597.455132][T23507] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (80)
[ 1597.496104][T23507] EXT4-fs (loop4): Skipping orphan cleanup due to unknown ROCOMPAT features
[ 1597.540939][T23507] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[ 1597.582881][T23511] loop5: detected capacity change from 0 to 2048
[ 1597.650601][T23511] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1597.699349][T17771] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1597.879355][T19117] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1598.757926][   T27] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[ 1598.960028][   T27] usb 6-1: Using ep0 maxpacket: 8
[ 1598.968927][   T27] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 1598.969522][T23526] loop8: detected capacity change from 0 to 2048
[ 1598.990371][   T27] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1599.007634][   T27] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1599.026541][   T27] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[ 1599.042374][   T27] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[ 1599.072756][   T27] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1599.106383][   T27] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1599.137443][   T27] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1599.169505][   T27] usbtmc: probe of 6-1:16.0 failed with error -22
[ 1599.262784][T23528] futex_wake_op: syz.8.4668 tries to shift op by -1; fix this program
[ 1599.825253][T23535] loop7: detected capacity change from 0 to 2048
[ 1599.867656][T23535] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1601.013148][T23550] loop8: detected capacity change from 0 to 2048
[ 1602.186023][ T5827] usb 6-1: USB disconnect, device number 46
[ 1605.110022][T23577] loop5: detected capacity change from 0 to 32768
[ 1605.145298][T23577] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[ 1605.216411][T23577] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[ 1605.447657][T15556] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[ 1605.594535][T17946] ocfs2: Unmounting device (7,5) on (node local)
[ 1605.657830][T15556] usb 5-1: Using ep0 maxpacket: 8
[ 1605.703447][T15556] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[ 1605.723122][T15556] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1605.751916][T15556] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1605.778460][T15556] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1605.799543][T15556] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1605.839422][T15556] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1605.877918][T15556] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1606.138051][T15556] usb 5-1: usb_control_msg returned -32
[ 1606.165672][T15556] usbtmc 5-1:16.0: can't read capabilities
[ 1606.207768][T15556] usb 5-1: USB disconnect, device number 69
[ 1606.718880][ T5827] usb 8-1: new high-speed USB device number 54 using dummy_hcd
[ 1607.088639][ T5827] usb 8-1: Using ep0 maxpacket: 16
[ 1607.172925][ T5827] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1607.251247][ T5827] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1607.312830][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.415693][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[ 1607.449310][ T5827] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1607.482735][ T5827] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1607.507822][ T5827] usb 8-1: Product: syz
[ 1607.512195][ T5827] usb 8-1: Manufacturer: syz
[ 1607.516849][ T5827] usb 8-1: SerialNumber: syz
[ 1607.713076][T23615] netlink: 36 bytes leftover after parsing attributes in process `syz.5.4697'.
[ 1607.740832][ T5827] usb 8-1: 0:2 : does not exist
[ 1607.747581][T23615] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4697'.
[ 1607.786963][ T5827] usb 8-1: 5:0: failed to get current value for ch 0 (-22)
[ 1608.267145][T23620] loop4: detected capacity change from 0 to 32768
[ 1608.309078][ T5827] usb 8-1: USB disconnect, device number 54
[ 1608.482324][T23620] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[ 1608.617305][T23620] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[ 1608.815469][ T7847] udevd[7847]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1609.338975][T17771] ocfs2: Unmounting device (7,4) on (node local)
[ 1609.569599][T23634] loop7: detected capacity change from 0 to 2048
[ 1610.827364][T23655] loop8: detected capacity change from 0 to 32768
[ 1610.885045][T23655] ocfs2: Slot 0 on device (7,8) was already allocated to this node!
[ 1610.916380][T23655] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[ 1611.467772][T23671] block nbd4: NBD_DISCONNECT
[ 1611.662299][T21474] ocfs2: Unmounting device (7,8) on (node local)
[ 1613.715347][T23679] loop5: detected capacity change from 0 to 2048
[ 1614.983278][T23696] loop8: detected capacity change from 0 to 32768
[ 1615.008255][T23696] ocfs2: Slot 0 on device (7,8) was already allocated to this node!
[ 1615.024975][T23696] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[ 1615.502216][T21474] ocfs2: Unmounting device (7,8) on (node local)
[ 1615.527320][T23690] loop5: detected capacity change from 0 to 32768
[ 1615.568876][T23690] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1615.616891][T23690] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[ 1615.652855][T23690] BTRFS info (device loop5): enabling auto defrag
[ 1615.676920][T23690] BTRFS info (device loop5): use no compression
[ 1615.728726][T23690] BTRFS info (device loop5): force clearing of disk cache
[ 1615.739000][T23690] BTRFS info (device loop5): turning on async discard
[ 1615.746020][T23690] BTRFS info (device loop5): max_inline at 5
[ 1615.752590][T23690] BTRFS info (device loop5): force zlib compression, level 3
[ 1615.762169][T23690] BTRFS info (device loop5): using free space tree
[ 1615.937640][T23719] fuse: Unknown parameter '0x0000000000000004'
[ 1615.968344][T23690] BTRFS info (device loop5): enabling ssd optimizations
[ 1616.008526][T23690] BTRFS info (device loop5): rebuilding free space tree
[ 1616.109158][T23724] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4728'.
[ 1616.141415][T23724] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4728'.
[ 1616.183697][T17946] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1616.602587][T23735] loop7: detected capacity change from 0 to 2048
[ 1616.627962][T23738] loop4: detected capacity change from 0 to 512
[ 1616.635332][T23738] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1616.635429][T23735] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1616.728480][T23738] EXT4-fs (loop4): revision level too high, forcing read-only mode
[ 1616.790486][T23738] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01d, mo2=0102]
[ 1616.820366][T23738] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (80)
[ 1616.877662][T23738] EXT4-fs (loop4): Skipping orphan cleanup due to unknown ROCOMPAT features
[ 1616.910487][T23738] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[ 1617.186886][T23738] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (80)
[ 1617.989437][T17771] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1620.272610][T23776] loop7: detected capacity change from 0 to 512
[ 1620.313191][T23776] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1620.623469][T23776] EXT4-fs (loop7): revision level too high, forcing read-only mode
[ 1620.740484][T23776] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01d, mo2=0102]
[ 1621.018487][T23776] EXT4-fs (loop7): couldn't mount RDWR because of unsupported optional features (80)
[ 1621.068260][T23776] EXT4-fs (loop7): Skipping orphan cleanup due to unknown ROCOMPAT features
[ 1621.073996][T23753] loop5: detected capacity change from 0 to 32768
[ 1621.103973][T23753] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.4737 (23753)
[ 1621.128450][T23776] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[ 1621.185452][T23753] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1621.229156][T23753] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[ 1621.257851][T23753] BTRFS info (device loop5): enabling auto defrag
[ 1621.297662][T23753] BTRFS info (device loop5): use no compression
[ 1621.304094][T23753] BTRFS info (device loop5): force clearing of disk cache
[ 1621.322366][T18349] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1621.359448][T23753] BTRFS info (device loop5): turning on async discard
[ 1621.383544][T23753] BTRFS info (device loop5): max_inline at 5
[ 1621.415549][T23753] BTRFS info (device loop5): force zlib compression, level 3
[ 1621.477823][T23753] BTRFS info (device loop5): using free space tree
[ 1621.534092][T23753] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[ 1621.535703][T23753] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[ 1621.746677][T23753] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[ 1621.756757][T23753] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[ 1621.904715][T23753] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[ 1621.972723][T23753] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[ 1622.054665][T23753] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[ 1622.128657][T23753] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[ 1622.157240][T23753] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[ 1622.179039][T23753] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[ 1622.211845][T23753] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[ 1622.233808][T23802] netlink: 5128 bytes leftover after parsing attributes in process `syz.8.4752'.
[ 1622.273021][T23753] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[ 1622.273672][T23753] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[ 1622.274049][T23802] netlink: 584 bytes leftover after parsing attributes in process `syz.8.4752'.
[ 1622.330851][T23753] BTRFS error (device loop5): open_ctree failed: -12
[ 1622.707686][T15556] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[ 1622.949497][T15556] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1623.883681][T15556] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1623.895006][T15556] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1623.909264][T15556] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1623.976225][T15556] usb 9-1: SerialNumber: syz
[ 1624.237742][T14826] usb 8-1: new high-speed USB device number 55 using dummy_hcd
[ 1624.417734][T14826] usb 8-1: device descriptor read/64, error -71
[ 1624.562587][T15556] usb 9-1: 0:2 : does not exist
[ 1624.588456][T15556] usb 9-1: unit 255 not found!
[ 1624.641701][T15556] usb 9-1: 5:0: cannot get min/max values for control 2 (id 5)
[ 1624.702988][T15556] usb 9-1: USB disconnect, device number 17
[ 1624.830377][T23822] loop5: detected capacity change from 0 to 512
[ 1624.868090][T23822] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1624.874225][T14826] usb 8-1: new high-speed USB device number 56 using dummy_hcd
[ 1624.926199][T23822] EXT4-fs (loop5): revision level too high, forcing read-only mode
[ 1624.934348][T23822] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01d, mo2=0102]
[ 1624.944741][T23822] EXT4-fs (loop5): couldn't mount RDWR because of unsupported optional features (80)
[ 1625.034775][T23822] EXT4-fs (loop5): Skipping orphan cleanup due to unknown ROCOMPAT features
[ 1625.063215][T14826] usb 8-1: device descriptor read/64, error -71
[ 1625.129990][T23822] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[ 1625.239484][T14826] usb usb8-port1: attempt power cycle
[ 1625.767705][T14826] usb 8-1: new high-speed USB device number 57 using dummy_hcd
[ 1625.850988][T17946] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1625.876865][T14826] usb 8-1: device descriptor read/8, error -71
[ 1626.315459][T23831] loop8: detected capacity change from 0 to 32768
[ 1626.328681][T23831] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop8 scanned by syz.8.4762 (23831)
[ 1626.362117][T23831] BTRFS info (device loop8): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1626.373747][T23831] BTRFS info (device loop8): using sha256 (sha256-avx2) checksum algorithm
[ 1626.384059][T23831] BTRFS info (device loop8): enabling auto defrag
[ 1626.392593][T23831] BTRFS info (device loop8): use no compression
[ 1626.399807][T23831] BTRFS info (device loop8): force clearing of disk cache
[ 1626.407170][T23831] BTRFS info (device loop8): turning on async discard
[ 1626.414544][T23831] BTRFS info (device loop8): max_inline at 5
[ 1626.422497][T23831] BTRFS info (device loop8): force zlib compression, level 3
[ 1626.430577][T23831] BTRFS info (device loop8): using free space tree
[ 1626.494885][T23831] BTRFS info (device loop8): enabling ssd optimizations
[ 1626.516365][T23831] BTRFS info (device loop8): rebuilding free space tree
[ 1626.660421][T21474] BTRFS info (device loop8): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1627.130802][T23852] syzkaller1: entered promiscuous mode
[ 1627.154163][T23852] syzkaller1: entered allmulticast mode
[ 1628.367662][T23862] loop7: detected capacity change from 0 to 512
[ 1628.375133][T23862] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1628.452834][T23862] EXT4-fs (loop7): revision level too high, forcing read-only mode
[ 1628.488946][T23862] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01d, mo2=0102]
[ 1628.535109][T23862] EXT4-fs (loop7): couldn't mount RDWR because of unsupported optional features (80)
[ 1628.564834][T23862] EXT4-fs (loop7): Skipping orphan cleanup due to unknown ROCOMPAT features
[ 1628.575642][T23862] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[ 1628.640487][T18349] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1629.575883][T15556] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[ 1629.595755][T19129] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1629.767628][T15556] usb 5-1: device descriptor read/64, error -71
[ 1629.983569][T23878] loop8: detected capacity change from 0 to 32768
[ 1630.017614][T23878] ocfs2: Slot 0 on device (7,8) was already allocated to this node!
[ 1630.047673][T15556] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[ 1630.107988][T23878] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[ 1630.341430][T15556] usb 5-1: device descriptor read/64, error -71
[ 1630.488290][T15556] usb usb5-port1: attempt power cycle
[ 1631.188527][T15556] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[ 1631.605084][T15556] usb 5-1: device descriptor read/8, error -71
[ 1631.613259][T21474] ocfs2: Unmounting device (7,8) on (node local)
[ 1632.915053][T23905] futex_wake_op: syz.8.4783 tries to shift op by -1; fix this program
[ 1633.685350][T23919] loop4: detected capacity change from 0 to 2048
[ 1633.842515][T23919] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1633.867928][T15556] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[ 1633.981125][T23921] loop7: detected capacity change from 0 to 32768
[ 1634.004714][T23921] ocfs2: Slot 0 on device (7,7) was already allocated to this node!
[ 1634.068152][T15556] usb 6-1: device descriptor read/64, error -71
[ 1634.092036][T23921] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[ 1634.427998][T15556] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[ 1634.692462][T15556] usb 6-1: device descriptor read/64, error -71
[ 1635.124018][T18349] ocfs2: Unmounting device (7,7) on (node local)
[ 1635.158442][T15556] usb usb6-port1: attempt power cycle
[ 1635.619835][T15556] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[ 1635.668695][T15556] usb 6-1: device descriptor read/8, error -71
[ 1635.718954][T23933] syzkaller1: entered promiscuous mode
[ 1635.735732][T23933] syzkaller1: entered allmulticast mode
[ 1635.977645][T15556] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[ 1636.045858][T15556] usb 6-1: device descriptor read/8, error -71
[ 1636.278688][T15556] usb usb6-port1: unable to enumerate USB device
[ 1637.013644][T23939] loop4: detected capacity change from 0 to 32768
[ 1637.031027][T23951] futex_wake_op: syz.8.4801 tries to shift op by -1; fix this program
[ 1637.117975][T23939] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.4796 (23939)
[ 1637.298772][T23939] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1637.379079][T23939] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[ 1637.418121][T23939] BTRFS info (device loop4): enabling auto defrag
[ 1637.426993][T23939] BTRFS info (device loop4): use no compression
[ 1637.434760][T23939] BTRFS info (device loop4): force clearing of disk cache
[ 1637.442795][T23939] BTRFS info (device loop4): turning on async discard
[ 1637.449943][T23939] BTRFS info (device loop4): max_inline at 5
[ 1637.456280][T23939] BTRFS info (device loop4): force zlib compression, level 3
[ 1637.465137][T23939] BTRFS info (device loop4): using free space tree
[ 1637.613690][T23939] BTRFS info (device loop4): enabling ssd optimizations
[ 1637.655115][T23939] BTRFS info (device loop4): rebuilding free space tree
[ 1637.772168][T23976] loop5: detected capacity change from 0 to 2048
[ 1638.056753][T17771] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1638.498352][ T7847] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 10 /dev/loop4 scanned by udevd (7847)
[ 1638.848117][T22440] usb 8-1: new high-speed USB device number 59 using dummy_hcd
[ 1639.477632][T22440] usb 8-1: device descriptor read/64, error -71
[ 1639.767714][T22440] usb 8-1: new high-speed USB device number 60 using dummy_hcd
[ 1639.967663][T22440] usb 8-1: device descriptor read/64, error -71
[ 1640.248533][T22440] usb usb8-port1: attempt power cycle
[ 1640.667844][T22440] usb 8-1: new high-speed USB device number 61 using dummy_hcd
[ 1640.708304][T22440] usb 8-1: device descriptor read/8, error -71
[ 1640.761395][T24008] 9pnet_virtio: no channels available for device syz
[ 1640.977888][T22440] usb 8-1: new high-speed USB device number 62 using dummy_hcd
[ 1641.058698][T22440] usb 8-1: device descriptor read/8, error -71
[ 1641.187623][T22440] usb usb8-port1: unable to enumerate USB device
[ 1641.602452][T24012] loop8: detected capacity change from 0 to 32768
[ 1641.612572][T24012] BTRFS error: device /dev/loop8 already registered with a higher generation, found 8 expect 10
[ 1641.677908][ T5773] I/O error, dev loop8, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1643.021188][T17773] Bluetooth: min 257 > max 12
[ 1645.091797][T17773] Bluetooth: hci1: command 0x0406 tx timeout
[ 1645.202238][T24041] futex_wake_op: syz.8.4822 tries to shift op by -1; fix this program
[ 1646.792633][T17773] Bluetooth: min 257 > max 12
[ 1646.908065][T24061] capability: warning: `syz.7.4829' uses 32-bit capabilities (legacy support in use)
[ 1647.510704][T24059] loop4: detected capacity change from 0 to 32768
[ 1647.540549][T24059] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1647.566251][T24059] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[ 1647.592532][T24059] BTRFS info (device loop4): enabling auto defrag
[ 1647.659069][T24059] BTRFS info (device loop4): use no compression
[ 1647.688224][   T23] usb 8-1: new high-speed USB device number 63 using dummy_hcd
[ 1647.705229][T24059] BTRFS info (device loop4): force clearing of disk cache
[ 1647.830697][T24059] BTRFS info (device loop4): turning on async discard
[ 1647.928004][   T23] usb 8-1: Using ep0 maxpacket: 32
[ 1647.935900][T24059] BTRFS info (device loop4): max_inline at 5
[ 1647.994417][   T23] usb 8-1: config 0 has an invalid interface number: 184 but max is 0
[ 1648.007746][   T23] usb 8-1: config 0 has no interface number 0
[ 1648.014255][   T23] usb 8-1: config 0 interface 184 has no altsetting 0
[ 1648.029645][T24059] BTRFS info (device loop4): force zlib compression, level 3
[ 1648.041449][T24059] BTRFS info (device loop4): using free space tree
[ 1648.058029][   T23] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1648.068285][   T23] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1648.076432][   T23] usb 8-1: Product: syz
[ 1648.086515][   T23] usb 8-1: Manufacturer: syz
[ 1648.092996][   T23] usb 8-1: SerialNumber: syz
[ 1648.116910][   T23] usb 8-1: config 0 descriptor??
[ 1648.137668][   T23] smsc75xx v1.0.0
[ 1648.457787][T24059] BTRFS info (device loop4): enabling ssd optimizations
[ 1648.494903][T24059] BTRFS info (device loop4): rebuilding free space tree
[ 1648.708233][T17771] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1648.829373][T17773] Bluetooth: hci2: command 0x0406 tx timeout
[ 1649.015270][T24091] netlink: 5128 bytes leftover after parsing attributes in process `syz.5.4835'.
[ 1649.059537][ T5773] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 10 /dev/loop4 scanned by udevd (5773)
[ 1649.092915][T24091] netlink: 584 bytes leftover after parsing attributes in process `syz.5.4835'.
[ 1649.188530][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1649.387836][T18074] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[ 1649.552486][   T23] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -32
[ 1649.581156][   T23] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA
[ 1649.618731][   T23] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[ 1649.630926][T18074] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1649.650472][   T23] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[ 1649.661913][T18074] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1649.668376][   T23] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[ 1649.712380][T18074] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1649.717570][   T23] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[ 1649.730193][T18074] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1649.765895][   T23] smsc75xx: probe of 8-1:0.184 failed with error -71
[ 1649.768095][T18074] usb 6-1: SerialNumber: syz
[ 1649.836083][   T23] usb 8-1: USB disconnect, device number 63
[ 1650.006339][T18074] usb 6-1: 0:2 : does not exist
[ 1651.160868][T18074] usb 6-1: unit 255 not found!
[ 1651.180176][T18074] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5)
[ 1651.212764][T18074] usb 6-1: USB disconnect, device number 51
[ 1651.401080][ T7847] udevd[7847]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1651.606810][T24118] futex_wake_op: syz.5.4844 tries to shift op by -1; fix this program
[ 1653.981083][T24112] loop7: detected capacity change from 0 to 32768
[ 1654.002132][T24112] BTRFS error: device /dev/loop7 already registered with a higher generation, found 8 expect 10
[ 1654.232145][ T7847] BTRFS error: device /dev/loop7 already registered with a higher generation, found 8 expect 10
[ 1655.389221][T24145] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4854'.
[ 1655.400688][T24145] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4854'.
[ 1655.583629][T24151] loop7: detected capacity change from 0 to 1024
[ 1655.695721][T24151] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1656.596386][T24162] loop5: detected capacity change from 0 to 32768
[ 1656.657267][T24162] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[ 1656.683595][T24162] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[ 1657.664680][T24168] netlink: 'syz.8.4859': attribute type 1 has an invalid length.
[ 1657.787286][T24168] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1657.801872][T24171] netlink: 28 bytes leftover after parsing attributes in process `syz.8.4859'.
[ 1657.829720][T18349] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1657.851710][T17946] ocfs2: Unmounting device (7,5) on (node local)
[ 1658.008981][T24175] loop7: detected capacity change from 0 to 128
[ 1658.983749][T19127] kworker/u4:20: attempt to access beyond end of device
[ 1658.983749][T19127] loop7: rw=1, sector=145, nr_sectors = 896 limit=128
[ 1661.023472][T19123] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1662.014532][T24196] loop7: detected capacity change from 0 to 32768
[ 1662.144538][T24196] ocfs2: Slot 0 on device (7,7) was already allocated to this node!
[ 1662.168716][T24196] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[ 1664.138136][T24214] loop8: detected capacity change from 0 to 32768
[ 1664.588125][T24214] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present!
[ 1664.599357][T24214] ocfs2: Slot 0 on device (7,8) was already allocated to this node!
[ 1664.613537][T18349] ocfs2: Unmounting device (7,7) on (node local)
[ 1664.630454][T24214] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[ 1666.237804][T24236] futex_wake_op: syz.5.4881 tries to shift op by -1; fix this program
[ 1666.395592][T24241] loop4: detected capacity change from 0 to 1024
[ 1666.952194][T21474] ocfs2: Unmounting device (7,8) on (node local)
[ 1668.249612][T24241] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1668.880595][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[ 1669.019770][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[ 1669.336818][T17771] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1671.596994][T24264] loop8: detected capacity change from 0 to 32768
[ 1671.662457][T24264] ocfs2: Slot 0 on device (7,8) was already allocated to this node!
[ 1671.720801][T24264] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[ 1671.775541][T24274] syzkaller1: entered promiscuous mode
[ 1671.781821][T24274] syzkaller1: entered allmulticast mode
[ 1673.532052][T24281] netlink: 'syz.4.4892': attribute type 1 has an invalid length.
[ 1673.593205][T24281] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1673.601789][T24283] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4892'.
[ 1673.639672][T24285] futex_wake_op: syz.5.4893 tries to shift op by -1; fix this program
[ 1673.804493][T21474] ocfs2: Unmounting device (7,8) on (node local)
[ 1675.846738][T24313] syzkaller1: entered promiscuous mode
[ 1675.852558][T24313] syzkaller1: entered allmulticast mode
[ 1676.138153][T24315] loop7: detected capacity change from 0 to 32768
[ 1676.177851][T24315] ocfs2: Slot 0 on device (7,7) was already allocated to this node!
[ 1676.212712][T24315] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[ 1677.268322][T24330] futex_wake_op: syz.8.4905 tries to shift op by -1; fix this program
[ 1678.406518][T18349] ocfs2: Unmounting device (7,7) on (node local)
[ 1678.806270][T24347] loop7: detected capacity change from 0 to 32768
[ 1678.848099][T24347] ocfs2: Slot 0 on device (7,7) was already allocated to this node!
[ 1678.869468][T24347] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[ 1680.616372][T24354] loop8: detected capacity change from 0 to 40427
[ 1680.642427][T24354] F2FS-fs (loop8): invalid crc value
[ 1680.697947][T24354] F2FS-fs (loop8): Found nat_bits in checkpoint
[ 1680.769040][T24354] F2FS-fs (loop8): Start checkpoint disabled!
[ 1680.817631][T24354] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[ 1680.977996][T18349] ocfs2: Unmounting device (7,7) on (node local)
[ 1682.866470][T19123] kworker/u4:18: attempt to access beyond end of device
[ 1682.866470][T19123] loop8: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[ 1682.934125][T19123] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[ 1683.300878][T24381] futex_wake_op: syz.7.4916 tries to shift op by -1; fix this program
[ 1685.190494][T24402] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4922'.
[ 1685.895006][T24404] loop8: detected capacity change from 0 to 2048
[ 1686.727907][T22440] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[ 1687.151291][T22440] usb 5-1: Using ep0 maxpacket: 32
[ 1687.784502][T22440] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[ 1687.793511][T22440] usb 5-1: config 0 has no interface number 0
[ 1687.800191][T22440] usb 5-1: config 0 interface 184 has no altsetting 0
[ 1687.848191][T22440] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1687.867653][T22440] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1687.876867][T22440] usb 5-1: Product: syz
[ 1687.883249][T22440] usb 5-1: Manufacturer: syz
[ 1687.888360][T22440] usb 5-1: SerialNumber: syz
[ 1687.897274][T22440] usb 5-1: config 0 descriptor??
[ 1687.911624][T22440] smsc75xx v1.0.0
[ 1688.445376][T24447] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4932'.
[ 1688.803453][T24453] loop7: detected capacity change from 0 to 2048
[ 1689.141687][T22440] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -61
[ 1689.177688][T22440] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA
[ 1689.354640][T22440] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[ 1689.375762][T22440] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[ 1689.407253][T22440] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[ 1689.485121][T22440] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[ 1689.513815][T22440] smsc75xx: probe of 5-1:0.184 failed with error -71
[ 1689.543783][T22440] usb 5-1: USB disconnect, device number 74
[ 1692.247269][T24476] netlink: 20 bytes leftover after parsing attributes in process `syz.8.4943'.
[ 1692.377755][   T27] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[ 1692.391443][ T2929] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1692.617632][   T27] usb 6-1: Using ep0 maxpacket: 16
[ 1692.631638][   T27] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1692.641966][   T27] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1692.654359][   T27] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1692.668821][   T27] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1692.677902][   T27] usb 6-1: Product: syz
[ 1692.682384][   T27] usb 6-1: Manufacturer: syz
[ 1692.690926][   T27] usb 6-1: SerialNumber: syz
[ 1693.180640][   T27] usb 6-1: 0:2 : does not exist
[ 1693.231388][   T27] usb 6-1: USB disconnect, device number 52
[ 1693.260332][ T7847] udevd[7847]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1694.331095][T24504] loop7: detected capacity change from 0 to 512
[ 1694.343822][T24504] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[ 1695.332700][T24504] EXT4-fs warning (device loop7): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck.
[ 1695.379167][T24504] EXT4-fs (loop7): 1 truncate cleaned up
[ 1695.386294][T24504] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1695.440050][T24510] futex_wake_op: syz.5.4953 tries to shift op by -1; fix this program
[ 1695.477874][T24513] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4954'.
[ 1696.161803][T18349] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1697.252351][T24521] loop4: detected capacity change from 0 to 32768
[ 1697.260976][T24521] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.4956 (24521)
[ 1697.305116][T24521] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1697.382262][T24521] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[ 1697.393539][   T28] audit: type=1326 audit(1750338873.322:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24530 comm="syz.8.4959" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f848098e929 code=0x0
[ 1697.394038][T24521] BTRFS info (device loop4): using free space tree
[ 1697.596761][T24521] BTRFS info (device loop4): enabling ssd optimizations
[ 1697.628315][T24521] BTRFS info (device loop4): auto enabling async discard
[ 1698.545501][T17771] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1699.238900][ T7847] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop4 scanned by udevd (7847)
[ 1699.486905][ T5827] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[ 1699.707574][ T5827] usb 9-1: Using ep0 maxpacket: 16
[ 1699.739622][ T5827] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1699.758708][ T5827] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1699.829454][ T5827] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1699.839089][ T5827] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1699.847148][ T5827] usb 9-1: Product: syz
[ 1699.893129][ T5827] usb 9-1: Manufacturer: syz
[ 1699.907862][ T5827] usb 9-1: SerialNumber: syz
[ 1700.144544][ T5827] usb 9-1: 0:2 : does not exist
[ 1700.159428][ T5827] usb 9-1: unit 7 not found!
[ 1700.346915][ T5827] usb 9-1: USB disconnect, device number 18
[ 1700.365792][T24565] loop5: detected capacity change from 0 to 32768
[ 1700.453230][ T5773] udevd[5773]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1700.769535][T24574] futex_wake_op: syz.8.4968 tries to shift op by -1; fix this program
[ 1701.363496][T24581] loop7: detected capacity change from 0 to 40427
[ 1701.388695][T24581] F2FS-fs (loop7): invalid crc value
[ 1701.406928][T24581] F2FS-fs (loop7): Found nat_bits in checkpoint
[ 1701.478690][T24581] F2FS-fs (loop7): Start checkpoint disabled!
[ 1701.506536][T24581] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[ 1702.435325][T24595] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4974'.
[ 1703.681175][T19125] kworker/u4:19: attempt to access beyond end of device
[ 1703.681175][T19125] loop7: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[ 1703.756686][T19125] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[ 1703.779217][T19125] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[ 1703.844806][T19125] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[ 1704.058883][T24614] loop8: detected capacity change from 0 to 2048
[ 1704.136775][T24614] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1705.298251][   T27] usb 8-1: new high-speed USB device number 64 using dummy_hcd
[ 1705.723072][   T27] usb 8-1: Using ep0 maxpacket: 16
[ 1706.098204][   T27] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1706.168217][   T27] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1706.234457][   T27] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1706.245800][   T27] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1706.264493][   T27] usb 8-1: Product: syz
[ 1706.275278][   T27] usb 8-1: Manufacturer: syz
[ 1706.286157][   T27] usb 8-1: SerialNumber: syz
[ 1706.459055][T24643] netlink: 'syz.8.4987': attribute type 1 has an invalid length.
[ 1706.461706][T24645] netlink: 5128 bytes leftover after parsing attributes in process `syz.5.4986'.
[ 1706.497921][T24645] netlink: 584 bytes leftover after parsing attributes in process `syz.5.4986'.
[ 1706.516346][T24643] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1706.554416][T24643] netlink: 28 bytes leftover after parsing attributes in process `syz.8.4987'.
[ 1706.560794][   T27] usb 8-1: 0:2 : does not exist
[ 1706.586894][   T27] usb 8-1: unit 7 not found!
[ 1706.604887][T24643] vlan2: entered allmulticast mode
[ 1706.610714][T24643] veth1: entered allmulticast mode
[ 1706.626542][T24643] bond2: (slave vlan2): making interface the new active one
[ 1706.637147][T24643] bond2: (slave vlan2): Enslaving as an active interface with an up link
[ 1706.667440][   T27] usb 8-1: USB disconnect, device number 64
[ 1706.818456][ T5827] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[ 1707.194165][T24658] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[ 1707.204393][T24658] ubi31: attaching mtd0
[ 1707.214716][T24658] ubi31: scanning is finished
[ 1707.219568][T24658] ubi31: empty MTD device detected
[ 1707.397764][T24657] 9pnet_fd: Insufficient options for proto=fd
[ 1707.516421][ T5827] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1707.589533][ T5827] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1707.598609][T24658] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[ 1707.606170][T24658] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[ 1707.613572][T24658] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[ 1707.620705][T24658] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[ 1707.628189][T24658] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[ 1707.635128][T24658] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[ 1707.643723][T24658] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1809673222
[ 1707.654014][T24658] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[ 1707.667227][T24659] ubi31: background thread "ubi_bgt31d" started, PID 24659
[ 1707.693450][ T5827] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1707.743285][ T5827] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1707.927683][ T5827] usb 6-1: SerialNumber: syz
[ 1708.198697][ T5827] usb 6-1: 0:2 : does not exist
[ 1708.229717][ T5827] usb 6-1: unit 5 not found!
[ 1708.420525][ T5827] usb 6-1: USB disconnect, device number 53
[ 1709.533551][ T5773] udevd[5773]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1710.276272][T24682] loop8: detected capacity change from 0 to 40427
[ 1710.289779][T24682] F2FS-fs (loop8): invalid crc value
[ 1710.303471][T24682] F2FS-fs (loop8): Found nat_bits in checkpoint
[ 1710.357205][T24682] F2FS-fs (loop8): Start checkpoint disabled!
[ 1710.367106][T24682] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[ 1711.972021][T19125] kworker/u4:19: attempt to access beyond end of device
[ 1711.972021][T19125] loop8: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[ 1712.008844][T19125] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[ 1712.016431][T19125] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[ 1712.047656][T19125] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[ 1713.122510][T24705] netlink: 5128 bytes leftover after parsing attributes in process `syz.7.5004'.
[ 1713.147837][T24705] netlink: 584 bytes leftover after parsing attributes in process `syz.7.5004'.
[ 1713.394629][T24697] loop4: detected capacity change from 0 to 32768
[ 1713.437706][   T27] usb 8-1: new high-speed USB device number 65 using dummy_hcd
[ 1713.650044][   T27] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1714.365466][   T27] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1714.377261][   T27] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1714.399349][   T27] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1714.408352][   T27] usb 8-1: SerialNumber: syz
[ 1714.786185][   T27] usb 8-1: 0:2 : does not exist
[ 1714.791279][   T27] usb 8-1: unit 5 not found!
[ 1714.889996][T24722] loop8: detected capacity change from 0 to 256
[ 1714.941301][T24722] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[ 1715.193407][   T27] usb 8-1: USB disconnect, device number 65
[ 1715.478184][ T5773] udevd[5773]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1716.238961][T24739] loop4: detected capacity change from 0 to 1024
[ 1717.871901][T24754] netlink: 5128 bytes leftover after parsing attributes in process `syz.4.5019'.
[ 1717.907774][T24754] netlink: 584 bytes leftover after parsing attributes in process `syz.4.5019'.
[ 1718.188036][ T5827] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[ 1718.400780][ T5827] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1718.423532][ T5827] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1718.469741][ T5827] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1718.489265][ T5827] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1718.501773][ T5827] usb 5-1: SerialNumber: syz
[ 1718.722459][ T5827] usb 5-1: 0:2 : does not exist
[ 1718.760279][ T5827] usb 5-1: unit 5 not found!
[ 1718.868102][ T5827] usb 5-1: USB disconnect, device number 75
[ 1718.971651][ T7847] udevd[7847]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1721.266500][T24783] loop7: detected capacity change from 0 to 32768
[ 1721.316832][T24783] ocfs2: Slot 0 on device (7,7) was already allocated to this node!
[ 1721.367978][T24783] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[ 1722.830705][T18349] ocfs2: Unmounting device (7,7) on (node local)
[ 1723.300264][T24791] loop5: detected capacity change from 0 to 32768
[ 1725.268030][ T1097] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1725.921886][T24831] loop8: detected capacity change from 0 to 32768
[ 1725.959315][T24831] ocfs2: Slot 0 on device (7,8) was already allocated to this node!
[ 1726.009571][T24831] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[ 1727.502710][T21474] ocfs2: Unmounting device (7,8) on (node local)
[ 1730.214433][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[ 1730.243334][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[ 1731.510589][T24896] 9pnet_virtio: no channels available for device syz
[ 1732.298672][T24903] loop5: detected capacity change from 0 to 2048
[ 1734.718562][T24931] 9pnet_virtio: no channels available for device syz
[ 1739.466081][T24962] loop4: detected capacity change from 0 to 2048
[ 1740.616583][T24948] loop5: detected capacity change from 0 to 32768
[ 1740.777953][T24948] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[ 1740.904090][T24948] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[ 1741.165487][T24977] loop8: detected capacity change from 0 to 40427
[ 1741.189455][T24977] F2FS-fs (loop8): invalid crc value
[ 1742.216157][T24977] F2FS-fs (loop8): Found nat_bits in checkpoint
[ 1742.262567][T24977] F2FS-fs (loop8): Start checkpoint disabled!
[ 1742.326280][T24977] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[ 1743.219454][T17946] ocfs2: Unmounting device (7,5) on (node local)
[ 1743.386574][T19125] kworker/u4:19: attempt to access beyond end of device
[ 1743.386574][T19125] loop8: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[ 1743.454403][T19125] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[ 1743.636478][T24971] loop7: detected capacity change from 0 to 32768
[ 1743.835554][T24994] loop5: detected capacity change from 0 to 1024
[ 1743.893163][T24994] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1746.784195][T25008] loop4: detected capacity change from 0 to 32768
[ 1746.838488][T25008] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[ 1746.902844][T25008] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[ 1748.416041][T17946] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1748.671739][T17771] ocfs2: Unmounting device (7,4) on (node local)
[ 1749.049347][T25037] kAFS: No cell specified
[ 1750.075289][T25039] netlink: 'syz.7.5107': attribute type 1 has an invalid length.
[ 1750.195759][T25039] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1750.235095][T25042] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5107'.
[ 1750.355166][T25039] vlan2: entered allmulticast mode
[ 1750.364413][T25039] veth1: entered allmulticast mode
[ 1750.398784][T25039] bond1: (slave vlan2): making interface the new active one
[ 1750.445026][T25039] bond1: (slave vlan2): Enslaving as an active interface with an up link
[ 1751.137735][T25044] loop4: detected capacity change from 0 to 32768
[ 1751.286902][T25056] Bluetooth: MGMT ver 1.22
[ 1752.459183][T25061] loop8: detected capacity change from 0 to 1024
[ 1752.580848][T25061] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1754.201792][T25084] netlink: 'syz.5.5118': attribute type 1 has an invalid length.
[ 1754.269997][T25084] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1754.352457][T25084] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5118'.
[ 1754.390627][T25084] vlan2: entered allmulticast mode
[ 1754.420304][T25084] veth1: entered allmulticast mode
[ 1754.455945][T25084] bond1: (slave vlan2): making interface the new active one
[ 1754.522094][T25084] bond1: (slave vlan2): Enslaving as an active interface with an up link
[ 1754.627628][T21474] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1755.004162][T25082] loop7: detected capacity change from 0 to 32768
[ 1755.096214][T25082] ocfs2: Slot 0 on device (7,7) was already allocated to this node!
[ 1755.182744][T25095] afs: Bad value for 'source'
[ 1755.583477][T25082] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[ 1757.322808][T19127] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1757.751571][T18349] ocfs2: Unmounting device (7,7) on (node local)
[ 1758.948315][T25117] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5128'.
[ 1759.066249][T25104] loop8: detected capacity change from 0 to 32768
[ 1759.263019][T25123] syzkaller1: entered promiscuous mode
[ 1759.314750][T25123] syzkaller1: entered allmulticast mode
[ 1760.790334][T25127] loop8: detected capacity change from 0 to 32768
[ 1760.849243][T25146] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5139'.
[ 1761.393286][T25127] ocfs2: Slot 0 on device (7,8) was already allocated to this node!
[ 1761.495369][T25127] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[ 1761.544579][T25155] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5142'.
[ 1762.884302][T21474] ocfs2: Unmounting device (7,8) on (node local)
[ 1764.031244][T25150] loop5: detected capacity change from 0 to 32768
[ 1765.589623][T25186] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5151'.
[ 1767.724431][T25190] loop7: detected capacity change from 0 to 32768
[ 1767.775453][T25203] syzkaller1: entered promiscuous mode
[ 1767.789900][T25190] ocfs2: Slot 0 on device (7,7) was already allocated to this node!
[ 1767.810118][T25203] syzkaller1: entered allmulticast mode
[ 1767.876376][T25190] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[ 1769.844915][T25220] loop8: detected capacity change from 0 to 16384
[ 1769.908291][T18349] ocfs2: Unmounting device (7,7) on (node local)
[ 1770.447852][T25220] loop8: detected capacity change from 16384 to 0
[ 1771.077380][T25234] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5161'.
[ 1771.489347][T25241] syzkaller1: entered promiscuous mode
[ 1771.495234][T25241] syzkaller1: entered allmulticast mode
[ 1771.612645][T25230] loop7: detected capacity change from 0 to 32768
[ 1772.052765][T25246] loop5: detected capacity change from 0 to 32768
[ 1772.165554][T25246] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[ 1772.183779][T25246] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[ 1772.353352][T25248] loop7: detected capacity change from 0 to 1024
[ 1773.920814][T17946] ocfs2: Unmounting device (7,5) on (node local)
[ 1774.792144][T25266] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5173'.
[ 1774.827200][T25266] vlan2: entered allmulticast mode
[ 1774.846508][T25266] veth1: entered allmulticast mode
[ 1775.890358][T25272] loop5: detected capacity change from 0 to 1024
[ 1775.932925][T25263] loop8: detected capacity change from 0 to 32768
[ 1775.960555][T25272] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1775.998797][T25263] ocfs2: Slot 0 on device (7,8) was already allocated to this node!
[ 1776.032722][T25263] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[ 1777.575948][T21474] ocfs2: Unmounting device (7,8) on (node local)
[ 1777.634214][T25274] loop4: detected capacity change from 0 to 32768
[ 1777.951065][T25285] loop8: detected capacity change from 0 to 1024
[ 1778.232882][T25287] syz.4.5178[25287] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1778.233033][T25287] syz.4.5178[25287] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1779.664128][T25307] netlink: 'syz.4.5185': attribute type 1 has an invalid length.
[ 1779.735025][T25307] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1779.817251][T25307] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5185'.
[ 1779.841580][T17946] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1782.012384][T25340] loop8: detected capacity change from 0 to 32768
[ 1782.043382][T25342] loop7: detected capacity change from 0 to 1024
[ 1782.058634][T25340] ocfs2: Slot 0 on device (7,8) was already allocated to this node!
[ 1782.087742][T25342] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1782.218871][T25340] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[ 1783.371264][T18349] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1783.805906][T21474] ocfs2: Unmounting device (7,8) on (node local)
[ 1783.971383][T25354] loop7: detected capacity change from 0 to 128
[ 1784.047693][T25354] EXT4-fs (loop7): Test dummy encryption mode enabled
[ 1784.116673][T25354] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1784.239947][T25354] ext4 filesystem being mounted at /496/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1785.501469][T18349] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1786.039069][T25381] loop4: detected capacity change from 0 to 32768
[ 1786.071858][T25381] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[ 1786.092451][T25381] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[ 1788.169558][T17771] ocfs2: Unmounting device (7,4) on (node local)
[ 1788.376834][T25405] vivid-000: kernel_thread() failed
[ 1788.749567][T19121] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1790.072208][T25429] loop8: detected capacity change from 0 to 1024
[ 1790.123125][T25429] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1790.384206][T25432] loop7: detected capacity change from 0 to 32768
[ 1790.440845][T25432] ocfs2: Slot 0 on device (7,7) was already allocated to this node!
[ 1790.455056][T25432] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[ 1791.633739][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[ 1791.640450][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[ 1791.650505][T21474] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1791.728486][T25443] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[ 1791.735865][T25443] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1791.783622][T18349] ocfs2: Unmounting device (7,7) on (node local)
[ 1791.804020][T25443] vhci_hcd vhci_hcd.0: Device attached
[ 1792.569153][   T23] usb 41-1: new high-speed USB device number 2 using vhci_hcd
[ 1792.682998][T25444] vhci_hcd: connection closed
[ 1792.768485][T19117] vhci_hcd: stop threads
[ 1792.959663][T19117] vhci_hcd: release socket
[ 1793.049201][T19117] vhci_hcd: disconnect device
[ 1793.200710][   T23] usb 41-1: enqueue for inactive port 0
[ 1793.287548][   T23] vhci_hcd: vhci_device speed not set
[ 1795.234683][T25469] netlink: 28 bytes leftover after parsing attributes in process `syz.8.5233'.
[ 1795.263609][T25468] loop5: detected capacity change from 0 to 1024
[ 1795.317914][T25468] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1796.127653][T17946] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1796.590607][T25493] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5242'.
[ 1797.061966][T25505] loop7: detected capacity change from 0 to 1024
[ 1797.103756][T25505] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1797.147758][T25465] Bluetooth: hci3: command 0x0406 tx timeout
[ 1797.914481][T25523] kAFS: No cell specified
[ 1799.534172][T18349] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1799.932703][T25526] loop7: detected capacity change from 0 to 40427
[ 1799.946937][T25526] F2FS-fs (loop7): invalid crc value
[ 1799.958781][T25526] F2FS-fs (loop7): Found nat_bits in checkpoint
[ 1799.983078][T25526] F2FS-fs (loop7): Start checkpoint disabled!
[ 1799.993441][T25526] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[ 1803.025575][T25547] loop5: detected capacity change from 0 to 1024
[ 1803.077131][T25547] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1803.134825][T19117] kworker/u4:15: attempt to access beyond end of device
[ 1803.134825][T19117] loop7: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[ 1803.160310][T25552] loop8: detected capacity change from 0 to 16384
[ 1803.188993][T19117] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[ 1803.277813][T25556] loop8: detected capacity change from 16384 to 0
[ 1804.234362][T17946] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1804.770213][T25574] loop5: detected capacity change from 0 to 40427
[ 1804.833774][T25574] F2FS-fs (loop5): invalid crc value
[ 1805.019678][T25574] F2FS-fs (loop5): Found nat_bits in checkpoint
[ 1805.045338][T25574] F2FS-fs (loop5): Start checkpoint disabled!
[ 1805.058508][T25574] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[ 1806.978965][T25588] loop8: detected capacity change from 0 to 32768
[ 1807.048102][T25588] ocfs2: Slot 0 on device (7,8) was already allocated to this node!
[ 1807.088156][T25588] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[ 1807.125183][T19123] kworker/u4:18: attempt to access beyond end of device
[ 1807.125183][T19123] loop5: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[ 1807.277123][T19123] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[ 1807.366301][T19123] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[ 1808.401774][T21474] ocfs2: Unmounting device (7,8) on (node local)
[ 1808.611919][T25600] futex_wake_op: syz.7.5275 tries to shift op by -1; fix this program
[ 1809.398170][T25608] fuse: Bad value for 'fd'
[ 1810.078648][T25617] loop4: detected capacity change from 0 to 40427
[ 1810.441252][T25617] F2FS-fs (loop4): invalid crc value
[ 1810.452324][T25617] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1810.546016][T25617] F2FS-fs (loop4): Start checkpoint disabled!
[ 1810.568932][T25617] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[ 1813.153800][ T1143] kworker/u4:7: attempt to access beyond end of device
[ 1813.153800][ T1143] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[ 1813.175322][ T1143] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[ 1813.322974][T25639] macvlan0: entered allmulticast mode
[ 1813.358456][T25639] netlink: 96 bytes leftover after parsing attributes in process `syz.8.5287'.
[ 1815.578367][T25655] futex_wake_op: syz.4.5286 tries to shift op by -1; fix this program
[ 1816.331284][T25665] loop7: detected capacity change from 0 to 40427
[ 1816.377780][T25665] F2FS-fs (loop7): invalid crc value
[ 1816.395482][T25665] F2FS-fs (loop7): Found nat_bits in checkpoint
[ 1816.465330][T25665] F2FS-fs (loop7): Start checkpoint disabled!
[ 1816.501375][T25665] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[ 1816.511046][T14826] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[ 1816.771388][T14826] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1816.817828][T14826] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1816.827047][T14826] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1816.858314][T14826] usb 6-1: config 0 descriptor??
[ 1816.897766][T14826] pwc: Askey VC010 type 2 USB webcam detected.
[ 1817.952858][T14826] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1817.993670][T14826] pwc: recv_control_msg error -32 req 02 val 2700
[ 1818.027692][T14826] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1818.053149][T14826] pwc: recv_control_msg error -32 req 04 val 1000
[ 1818.197971][T25686] futex_wake_op: syz.4.5301 tries to shift op by -1; fix this program
[ 1818.348891][T14826] pwc: recv_control_msg error -32 req 04 val 1400
[ 1818.394681][T14826] pwc: recv_control_msg error -32 req 02 val 2000
[ 1818.549153][T14826] pwc: recv_control_msg error -32 req 02 val 2100
[ 1818.669739][T14826] pwc: recv_control_msg error -32 req 04 val 1500
[ 1818.873518][T14826] pwc: recv_control_msg error -32 req 02 val 2500
[ 1818.921492][T14826] pwc: recv_control_msg error -32 req 02 val 2400
[ 1818.956007][T14826] pwc: recv_control_msg error -32 req 02 val 2600
[ 1819.004023][T14826] pwc: recv_control_msg error -32 req 02 val 2900
[ 1819.045632][T19117] kworker/u4:15: attempt to access beyond end of device
[ 1819.045632][T19117] loop7: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[ 1819.073561][T14826] pwc: recv_control_msg error -32 req 02 val 2800
[ 1819.102260][T14826] pwc: recv_control_msg error -32 req 04 val 1100
[ 1819.113141][T19117] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[ 1819.188136][T14826] pwc: Registered as video103.
[ 1819.249656][T19117] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[ 1819.300841][T14826] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input31
[ 1819.556539][T14826] usb 6-1: USB disconnect, device number 54
[ 1820.092700][T19123] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1823.177955][T25719] loop4: detected capacity change from 0 to 40427
[ 1823.272341][T25719] F2FS-fs (loop4): invalid crc value
[ 1823.289233][T25719] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1823.368147][T25719] F2FS-fs (loop4): Start checkpoint disabled!
[ 1823.392446][T25719] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[ 1823.590390][T25724] futex_wake_op: syz.8.5311 tries to shift op by -1; fix this program
[ 1825.102319][T25741] fuse: Unknown parameter 'use00000000000000000000'
[ 1825.828525][T19111] kworker/u4:12: attempt to access beyond end of device
[ 1825.828525][T19111] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[ 1825.883304][T19111] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[ 1826.198011][T18950] usb 6-1: new high-speed USB device number 55 using dummy_hcd
[ 1826.427988][T18950] usb 6-1: Using ep0 maxpacket: 32
[ 1826.476933][T18950] usb 6-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[ 1826.486444][T18950] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1826.494628][T18950] usb 6-1: Product: syz
[ 1826.499296][T18950] usb 6-1: Manufacturer: syz
[ 1826.504099][T18950] usb 6-1: SerialNumber: syz
[ 1826.527134][T18950] usb 6-1: config 0 descriptor??
[ 1826.558208][T18950] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[ 1826.766141][T25752] syz.7.5319[25752] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1826.766262][T25752] syz.7.5319[25752] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1826.975703][T25755] futex_wake_op: syz.7.5321 tries to shift op by -1; fix this program
[ 1828.226503][T18950] gspca_topro: reg_w err -110
[ 1828.267860][T18950] gspca_topro: Sensor soi763a
[ 1829.462155][T25773] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5315'.
[ 1829.577585][T25776] usb 6-1: USB disconnect, device number 55
[ 1830.441204][T25793] loop4: detected capacity change from 0 to 1024
[ 1830.516718][T25793] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1830.531008][T25801] futex_wake_op: syz.7.5330 tries to shift op by -1; fix this program
[ 1830.653304][T25802] syz.8.5329[25802] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1830.653448][T25802] syz.8.5329[25802] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1830.685956][T25793] ext4 filesystem being mounted at /558/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1830.821867][T25793] EXT4-fs error (device loop4): ext4_map_blocks:718: inode #15: block 3: comm syz.4.5328: lblock 3 mapped to illegal pblock 3 (length 5)
[ 1830.939227][T25793] EXT4-fs (loop4): Remounting filesystem read-only
[ 1831.285401][T17771] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1832.038902][T25824] hub 6-0:1.0: USB hub found
[ 1832.047537][T25824] hub 6-0:1.0: 1 port detected
[ 1834.504322][T25830] netlink: 'syz.8.5336': attribute type 1 has an invalid length.
[ 1834.888002][T15556] usb 6-1: new high-speed USB device number 56 using dummy_hcd
[ 1835.176247][T15556] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1835.280742][T15556] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1835.325603][T25830] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1835.360143][T15556] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1835.373793][T25831] netlink: 28 bytes leftover after parsing attributes in process `syz.8.5336'.
[ 1835.373821][T15556] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1835.397522][T15556] usb 6-1: SerialNumber: syz
[ 1835.630484][T25846] syz.7.5340[25846] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1835.630682][T25846] syz.7.5340[25846] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1835.657379][T15556] usb 6-1: 0:2 : does not exist
[ 1835.730170][T15556] usb 6-1: unit 255 not found!
[ 1835.811120][T15556] usb 6-1: USB disconnect, device number 56
[ 1835.891144][T25849] futex_wake_op: syz.4.5342 tries to shift op by -1; fix this program
[ 1836.178939][T25851] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5341'.
[ 1836.206432][T25851] xt_connbytes: Forcing CT accounting to be enabled
[ 1836.213765][T25851] Cannot find add_set index 0 as target
[ 1836.489229][ T7847] udevd[7847]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1838.104158][T25875] netlink: 'syz.5.5349': attribute type 1 has an invalid length.
[ 1838.316470][T25880] syz.8.5351[25880] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1838.316614][T25880] syz.8.5351[25880] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1838.442581][T25875] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1838.489800][T25879] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5349'.
[ 1838.504728][T25886] futex_wake_op: syz.7.5353 tries to shift op by -1; fix this program
[ 1839.179030][T15556] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[ 1840.638185][T15556] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1840.709534][T15556] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1840.834935][T15556] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1840.854748][T15556] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1840.877587][T15556] usb 9-1: SerialNumber: syz
[ 1841.063880][T25912] loop5: detected capacity change from 0 to 1024
[ 1841.113635][T25912] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1841.133513][T15556] usb 9-1: 0:2 : does not exist
[ 1841.178788][T15556] usb 9-1: unit 255 not found!
[ 1841.195928][T25920] syz.4.5364[25920] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1841.196045][T25920] syz.4.5364[25920] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1841.294024][T15556] usb 9-1: USB disconnect, device number 19
[ 1841.388792][ T5773] udevd[5773]: setting owner of /dev/mixer3 to uid=0, gid=29 failed: No such file or directory
[ 1842.119105][T25927] netlink: 'syz.7.5366': attribute type 1 has an invalid length.
[ 1842.143190][T17946] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1842.219997][T25927] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1842.293700][T25934] loop8: detected capacity change from 0 to 16384
[ 1842.359389][T25936] futex_wake_op: syz.5.5368 tries to shift op by -1; fix this program
[ 1842.685814][T25938] loop8: detected capacity change from 16384 to 0
[ 1842.883038][T25929] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5366'.
[ 1843.968301][T25954] loop4: detected capacity change from 0 to 32768
[ 1844.010384][T25954] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[ 1844.032066][T25954] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[ 1845.421979][T25967] loop8: detected capacity change from 0 to 1024
[ 1846.292700][T17771] ocfs2: Unmounting device (7,4) on (node local)
[ 1846.318471][T25967] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1846.414303][T25975] netlink: 'syz.5.5379': attribute type 1 has an invalid length.
[ 1846.454664][   T28] audit: type=1326 audit(1750339022.386:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25973 comm="syz.7.5378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9e7b8e929 code=0x7ffc0000
[ 1846.497636][   T28] audit: type=1326 audit(1750339022.386:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25973 comm="syz.7.5378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9e7b8e929 code=0x7ffc0000
[ 1846.521012][   T28] audit: type=1326 audit(1750339022.416:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25973 comm="syz.7.5378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7fe9e7b8e929 code=0x7ffc0000
[ 1846.548461][   T28] audit: type=1326 audit(1750339022.416:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25973 comm="syz.7.5378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9e7b8e929 code=0x7ffc0000
[ 1846.616385][T21474] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1846.630931][   T28] audit: type=1326 audit(1750339022.416:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25973 comm="syz.7.5378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9e7b8e929 code=0x7ffc0000
[ 1846.655146][T25975] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1846.678599][T25979] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5379'.
[ 1846.723486][   T28] audit: type=1326 audit(1750339022.416:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25973 comm="syz.7.5378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7fe9e7b8e929 code=0x7ffc0000
[ 1846.846003][   T28] audit: type=1326 audit(1846.465:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25973 comm="syz.7.5378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9e7b8e929 code=0x7ffc0000
[ 1846.868482][ T5806] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[ 1847.127914][ T5806] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1847.139049][ T5806] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1847.156176][ T5806] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1847.168169][ T5806] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1847.176364][ T5806] usb 5-1: SerialNumber: syz
[ 1847.581216][ T5806] usb 5-1: 0:2 : does not exist
[ 1847.587023][ T5806] usb 5-1: unit 255 not found!
[ 1847.617380][ T5806] usb 5-1: USB disconnect, device number 76
[ 1847.685936][ T5773] udevd[5773]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1848.054098][T25998] futex_wake_op: syz.5.5384 tries to shift op by -1; fix this program
[ 1849.061479][T26002] loop8: detected capacity change from 0 to 32768
[ 1849.098298][T26002] ocfs2: Slot 0 on device (7,8) was already allocated to this node!
[ 1849.114011][T26002] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[ 1851.137022][T19121] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1851.381570][T26021] netlink: 'syz.7.5390': attribute type 1 has an invalid length.
[ 1851.765229][T26021] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1851.784699][T26026] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5390'.
[ 1852.069816][T21474] ocfs2: Unmounting device (7,8) on (node local)
[ 1852.420706][T17773] Bluetooth: hci3: SCO packet for unknown connection handle 0
[ 1852.549086][T26040] futex_wake_op: syz.7.5396 tries to shift op by -1; fix this program
[ 1853.073187][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[ 1853.079720][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[ 1853.519826][T26050] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5399'.
[ 1854.036533][T26054] loop4: detected capacity change from 0 to 32768
[ 1854.091857][T26054] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[ 1854.121235][T26054] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[ 1856.880190][T26074] futex_wake_op: syz.8.5407 tries to shift op by -1; fix this program
[ 1856.886694][T17771] ocfs2: Unmounting device (7,4) on (node local)
[ 1858.893170][T26080] loop5: detected capacity change from 0 to 1024
[ 1859.013300][T26076] loop7: detected capacity change from 0 to 40427
[ 1859.046565][T26076] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[ 1859.054420][T26076] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[ 1859.206680][T26076] F2FS-fs (loop7): Found nat_bits in checkpoint
[ 1859.231539][T26076] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[ 1859.238668][T26076] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[ 1859.453575][T26080] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1860.671652][T17946] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1860.946501][T26102] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5411'.
[ 1862.018626][T26111] loop8: detected capacity change from 0 to 32768
[ 1862.072066][T26111] ocfs2: Slot 0 on device (7,8) was already allocated to this node!
[ 1862.110459][T26111] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[ 1862.214759][T26115] futex_wake_op: syz.5.5418 tries to shift op by -1; fix this program
[ 1863.357818][T26117] loop4: detected capacity change from 0 to 1024
[ 1864.431210][T26117] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1865.048320][T26117] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[ 1865.135377][T26117] EXT4-fs (loop4): Remounting filesystem read-only
[ 1865.198313][T26132] loop7: detected capacity change from 0 to 1024
[ 1865.259550][T26132] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1865.791331][T17771] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1865.826454][T21474] ocfs2: Unmounting device (7,8) on (node local)
[ 1866.061188][T18349] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1866.407774][T26145] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5424'.
[ 1867.155152][T26159] futex_wake_op: syz.5.5428 tries to shift op by -1; fix this program
[ 1869.803603][T26174] loop4: detected capacity change from 0 to 1024
[ 1869.880559][T26174] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1870.705013][T17771] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1871.488458][T26188] loop7: detected capacity change from 0 to 32768
[ 1871.507821][T26188] ocfs2: Slot 0 on device (7,7) was already allocated to this node!
[ 1871.546976][T26188] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[ 1873.157206][T26196] futex_wake_op: syz.5.5438 tries to shift op by -1; fix this program
[ 1874.678728][T18349] ocfs2: Unmounting device (7,7) on (node local)
[ 1878.422328][T26228] futex_wake_op: syz.8.5448 tries to shift op by -1; fix this program
[ 1880.049296][T26234] syz.4.5450[26234] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1880.049449][T26234] syz.4.5450[26234] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1880.396621][T26235] loop5: detected capacity change from 0 to 32768
[ 1880.436800][T26235] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[ 1880.483912][T26235] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[ 1882.882696][T19125] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1883.956620][T17946] ocfs2: Unmounting device (7,5) on (node local)
[ 1884.305426][T26258] loop5: detected capacity change from 0 to 1024
[ 1884.333867][T26258] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1884.497798][T26261] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5458'.
[ 1885.289532][T17946] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1885.508889][T26273] futex_wake_op: syz.8.5460 tries to shift op by -1; fix this program
[ 1886.330765][T26276] syz.5.5461[26276] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1886.330908][T26276] syz.5.5461[26276] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1886.848591][T26282] loop5: detected capacity change from 0 to 32768
[ 1887.937925][T26282] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[ 1888.049647][T26282] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[ 1890.016543][T17946] ocfs2: Unmounting device (7,5) on (node local)
[ 1890.896460][T26308] loop7: detected capacity change from 0 to 256
[ 1891.329536][T26314] futex_wake_op: syz.7.5475 tries to shift op by -1; fix this program
[ 1896.741764][T26335] loop7: detected capacity change from 0 to 1024
[ 1896.880640][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1897.764624][T25465] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1897.843666][T25465] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1897.856170][T25465] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1897.867140][T25465] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1897.877775][T25465] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1897.885383][T25465] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1898.077463][T26359] netlink: 5128 bytes leftover after parsing attributes in process `syz.7.5486'.
[ 1898.094663][T26359] netlink: 640 bytes leftover after parsing attributes in process `syz.7.5486'.
[ 1898.285530][T26365] futex_wake_op: syz.8.5487 tries to shift op by -1; fix this program
[ 1898.524534][T26350] chnl_net:caif_netlink_parms(): no params data found
[ 1898.577867][T18950] usb 8-1: new high-speed USB device number 66 using dummy_hcd
[ 1898.805807][T18950] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1898.949099][T18950] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1899.100616][T18950] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1899.226310][T18950] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1899.257655][T18950] usb 8-1: SerialNumber: syz
[ 2004.517360][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 2004.524358][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P26358/1:b..l
[ 2004.533281][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=183565, q=73 ncpus=2)
[ 2004.541023][    C0] task:syz.7.5486      state:R  running task     stack:26984 pid:26358 ppid:18349  flags:0x00004000
[ 2004.554120][    C0] Call Trace:
[ 2004.557433][    C0]  <TASK>
[ 2004.560393][    C0]  __schedule+0x14e2/0x4580
[ 2004.564958][    C0]  ? mark_lock+0x40/0x320
[ 2004.569347][    C0]  ? asan.module_dtor+0x20/0x20
[ 2004.574243][    C0]  ? mark_lock+0x94/0x320
[ 2004.578633][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[ 2004.584655][    C0]  ? preempt_schedule_irq+0xaa/0x140
[ 2004.589981][    C0]  preempt_schedule_irq+0xb5/0x140
[ 2004.595131][    C0]  ? preempt_schedule_notrace+0x110/0x110
[ 2004.600895][    C0]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[ 2004.606745][    C0]  irqentry_exit+0x67/0x70
[ 2004.611188][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2004.617205][    C0] RIP: 0010:lock_acquire+0x1f2/0x410
[ 2004.622518][    C0] Code: 00 9c 8f 84 24 80 00 00 00 f6 84 24 81 00 00 00 02 0f 85 f5 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 66 43 c7 44 3c 09 00 00 43 c6 44 3c 0b 00
[ 2004.642253][    C0] RSP: 0018:ffffc900045375a0 EFLAGS: 00000206
[ 2004.648360][    C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: e3ece3f098903100
[ 2004.656360][    C0] RDX: 0000000000000000 RSI: ffffffff8aaac440 RDI: ffffffff8afc6780
[ 2004.664355][    C0] RBP: ffffc900045376b0 R08: dffffc0000000000 R09: 1ffffffff21b08a4
[ 2004.672350][    C0] R10: dffffc0000000000 R11: fffffbfff21b08a5 R12: 1ffff920008a6ec0
[ 2004.680348][    C0] R13: ffffffff8cd2f760 R14: 0000000000000246 R15: dffffc0000000000
[ 2004.688381][    C0]  ? read_lock_is_recursive+0x20/0x20
[ 2004.693789][    C0]  ? deref_stack_reg+0x1bd/0x240
[ 2004.698809][    C0]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2004.704955][    C0]  is_bpf_text_address+0x47/0x2a0
[ 2004.710020][    C0]  ? is_bpf_text_address+0x26/0x2a0
[ 2004.715248][    C0]  ? is_bpf_text_address+0x26/0x2a0
[ 2004.720477][    C0]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2004.726585][    C0]  kernel_text_address+0xa0/0xd0
[ 2004.731577][    C0]  __kernel_text_address+0xd/0x30
[ 2004.736801][    C0]  unwind_get_return_address+0x5d/0xc0
[ 2004.742306][    C0]  ? stack_trace_save+0xe0/0xe0
[ 2004.747186][    C0]  arch_stack_walk+0x11d/0x190
[ 2004.751992][    C0]  stack_trace_save+0x9c/0xe0
[ 2004.756698][    C0]  ? stack_trace_snprint+0xf0/0xf0
[ 2004.761898][    C0]  ? debug_objects_fill_pool+0x73/0x6b0
[ 2004.767500][    C0]  kasan_save_stack+0x3e/0x60
[ 2004.772220][    C0]  ? kasan_save_stack+0x3e/0x60
[ 2004.777101][    C0]  ? __kasan_record_aux_stack+0xaf/0xc0
[ 2004.782764][    C0]  ? call_rcu+0x14f/0x920
[ 2004.787132][    C0]  ? kernfs_put+0x1d3/0x360
[ 2004.791663][    C0]  ? kernfs_remove_by_name_ns+0xe4/0x150
[ 2004.797322][    C0]  ? bus_remove_driver+0x193/0x2f0
[ 2004.802636][    C0]  ? usb_gadget_unregister_driver+0x4e/0x70
[ 2004.808565][    C0]  ? raw_release+0xda/0x260
[ 2004.813131][    C0]  ? __fput+0x234/0x970
[ 2004.817310][    C0]  ? task_work_run+0x1ce/0x250
[ 2004.822104][    C0]  ? exit_to_user_mode_loop+0xe6/0x110
[ 2004.827597][    C0]  ? exit_to_user_mode_prepare+0xb1/0x140
[ 2004.833343][    C0]  ? syscall_exit_to_user_mode+0x1a/0x50
[ 2004.839444][    C0]  ? do_syscall_64+0x61/0xb0
[ 2004.844074][    C0]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2004.850298][    C0]  ? __phys_addr+0xba/0x170
[ 2004.854927][    C0]  __kasan_record_aux_stack+0xaf/0xc0
[ 2004.860334][    C0]  ? kernfs_put+0x360/0x360
[ 2004.864870][    C0]  call_rcu+0x14f/0x920
[ 2004.869186][    C0]  ? kernfs_put+0x1bd/0x360
[ 2004.873816][    C0]  ? rcu_force_quiescent_state+0x230/0x230
[ 2004.879669][    C0]  ? do_raw_spin_unlock+0x121/0x230
[ 2004.884908][    C0]  kernfs_put+0x1d3/0x360
[ 2004.889373][    C0]  kernfs_remove_by_name_ns+0xe4/0x150
[ 2004.894863][    C0]  bus_remove_driver+0x193/0x2f0
[ 2004.899837][    C0]  usb_gadget_unregister_driver+0x4e/0x70
[ 2004.905589][    C0]  raw_release+0xda/0x260
[ 2004.910124][    C0]  ? raw_open+0x520/0x520
[ 2004.914540][    C0]  __fput+0x234/0x970
[ 2004.918570][    C0]  task_work_run+0x1ce/0x250
[ 2004.923198][    C0]  ? task_work_cancel+0x240/0x240
[ 2004.928342][    C0]  ? exit_to_user_mode_loop+0x3b/0x110
[ 2004.933936][    C0]  exit_to_user_mode_loop+0xe6/0x110
[ 2004.939261][    C0]  exit_to_user_mode_prepare+0xb1/0x140
[ 2004.944836][    C0]  syscall_exit_to_user_mode+0x1a/0x50
[ 2004.950347][    C0]  do_syscall_64+0x61/0xb0
[ 2004.954820][    C0]  ? clear_bhb_loop+0x40/0x90
[ 2004.959687][    C0]  ? clear_bhb_loop+0x40/0x90
[ 2004.964510][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2004.970468][    C0] RIP: 0033:0x7fe9e7b8e929
[ 2004.974920][    C0] RSP: 002b:00007ffe1069d498 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 2004.983378][    C0] RAX: 0000000000000000 RBX: 00000000001cf635 RCX: 00007fe9e7b8e929
[ 2004.991388][    C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 2004.999568][    C0] RBP: 00007fe9e7db7ba0 R08: 0000000000000001 R09: 000000091069d78f
[ 2005.007689][    C0] R10: 00007fe9e7800000 R11: 0000000000000246 R12: 00007fe9e7db608c
[ 2005.015791][    C0] R13: 00007fe9e7db6080 R14: ffffffffffffffff R15: 00007ffe1069d5b0
[ 2005.023818][    C0]  </TASK>
[ 2005.026861][    C0] rcu: rcu_preempt kthread starved for 10548 jiffies! g183565 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[ 2005.038170][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 2005.048177][    C0] rcu: RCU grace-period kthread stack dump:
[ 2005.054119][    C0] task:rcu_preempt     state:R  running task     stack:27024 pid:17    ppid:2      flags:0x00004000
[ 2005.064956][    C0] Call Trace:
[ 2005.068286][    C0]  <TASK>
[ 2005.071259][    C0]  __schedule+0x14e2/0x4580
[ 2005.075830][    C0]  ? _raw_spin_unlock_irqrestore+0x71/0x110
[ 2005.081850][    C0]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[ 2005.087783][    C0]  ? asan.module_dtor+0x20/0x20
[ 2005.092669][    C0]  ? enqueue_timer+0x225/0x530
[ 2005.097468][    C0]  ? __mod_timer+0x984/0xdb0
[ 2005.102096][    C0]  schedule+0xbd/0x170
[ 2005.106220][    C0]  schedule_timeout+0x160/0x280
[ 2005.111136][    C0]  ? console_conditional_schedule+0x40/0x40
[ 2005.117081][    C0]  ? update_process_times+0x1b0/0x1b0
[ 2005.122512][    C0]  ? prepare_to_swait_event+0x339/0x360
[ 2005.128184][    C0]  rcu_gp_fqs_loop+0x302/0x1560
[ 2005.133074][    C0]  ? rcu_gp_init+0x110e/0x1510
[ 2005.137879][    C0]  ? rcu_gp_kthread+0x380/0x380
[ 2005.142766][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[ 2005.148950][    C0]  ? rcu_gp_init+0x1510/0x1510
[ 2005.153751][    C0]  ? rcu_gp_cleanup+0xb4c/0xca0
[ 2005.158628][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2005.163896][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[ 2005.169213][    C0]  rcu_gp_kthread+0x99/0x380
[ 2005.173840][    C0]  ? rcu_report_qs_rsp+0x1a0/0x1a0
[ 2005.178990][    C0]  ? __kthread_parkme+0x7a/0x1c0
[ 2005.184134][    C0]  ? __kthread_parkme+0x162/0x1c0
[ 2005.189228][    C0]  kthread+0x2fa/0x390
[ 2005.193492][    C0]  ? rcu_report_qs_rsp+0x1a0/0x1a0
[ 2005.198639][    C0]  ? kthread_blkcg+0xd0/0xd0
[ 2005.203257][    C0]  ret_from_fork+0x48/0x80
[ 2005.207712][    C0]  ? kthread_blkcg+0xd0/0xd0
[ 2005.212339][    C0]  ret_from_fork_asm+0x11/0x20
[ 2005.217240][    C0]  </TASK>
[ 2005.220373][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 2005.226723][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.6.93-syzkaller #0
[ 2005.234382][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2005.244458][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 2005.250296][    C0] Code: cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d 63 10 42 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 66 0f 1f 00 55 41 57 41 56
[ 2005.269926][    C0] RSP: 0018:ffffffff8ca07d80 EFLAGS: 000002c2
[ 2005.276022][    C0] RAX: 5c978e23d20ea700 RBX: ffffffff81618a7b RCX: 5c978e23d20ea700
[ 2005.284018][    C0] RDX: 0000000000000001 RSI: ffffffff8aaab2c0 RDI: ffffffff8afc6780
[ 2005.292012][    C0] RBP: ffffffff8ca07eb8 R08: ffff8880b8e36d4b R09: 1ffff110171c6da9
[ 2005.300096][    C0] R10: dffffc0000000000 R11: ffffed10171c6daa R12: ffffffff8e49a768
[ 2005.308096][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1952670
[ 2005.316090][    C0] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[ 2005.325041][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2005.331765][    C0] CR2: 0000200000003700 CR3: 000000002bc1a000 CR4: 00000000003506f0
[ 2005.339803][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2005.347989][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2005.356007][    C0] Call Trace:
[ 2005.359320][    C0]  <TASK>
[ 2005.362283][    C0]  default_idle+0x13/0x20
[ 2005.366656][    C0]  default_idle_call+0x6c/0xa0
[ 2005.371538][    C0]  do_idle+0x1eb/0x510
[ 2005.375639][    C0]  ? idle_inject_timer_fn+0x60/0x60
[ 2005.380880][    C0]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 2005.386568][    C0]  cpu_startup_entry+0x43/0x60
[ 2005.391393][    C0]  rest_init+0x2e2/0x300
[ 2005.395673][    C0]  ? time_init+0x40/0x40
[ 2005.399949][    C0]  arch_call_rest_init+0xe/0x10
[ 2005.404921][    C0]  start_kernel+0x459/0x4e0
[ 2005.409719][    C0]  x86_64_start_reservations+0x2a/0x30
[ 2005.415211][    C0]  x86_64_start_kernel+0x60/0x60
[ 2005.420176][    C0]  secondary_startup_64_no_verify+0x179/0x17b
[ 2005.426297][    C0]  </TASK>